Mercurial > hg > nginx-tests
comparison stream_proxy_ssl_verify.t @ 952:e9064d691790
Tests: converted tests to run in parallel.
author | Andrey Zelenkov <zelenkov@nginx.com> |
---|---|
date | Tue, 21 Jun 2016 16:39:13 +0300 |
parents | 0c64f87aa689 |
children | 882267679006 |
comparison
equal
deleted
inserted
replaced
951:9361c7eddfc1 | 952:e9064d691790 |
---|---|
36 stream { | 36 stream { |
37 proxy_ssl on; | 37 proxy_ssl on; |
38 proxy_ssl_verify on; | 38 proxy_ssl_verify on; |
39 | 39 |
40 server { | 40 server { |
41 listen 127.0.0.1:8080; | 41 listen 127.0.0.1:%%PORT_0%%; |
42 proxy_pass 127.0.0.1:8087; | 42 proxy_pass 127.0.0.1:%%PORT_6%%; |
43 | 43 |
44 proxy_ssl_name example.com; | 44 proxy_ssl_name example.com; |
45 proxy_ssl_trusted_certificate 1.example.com.crt; | 45 proxy_ssl_trusted_certificate 1.example.com.crt; |
46 } | 46 } |
47 | 47 |
48 server { | 48 server { |
49 listen 127.0.0.1:8081; | 49 listen 127.0.0.1:%%PORT_1%%; |
50 proxy_pass 127.0.0.1:8087; | 50 proxy_pass 127.0.0.1:%%PORT_6%%; |
51 | 51 |
52 proxy_ssl_name foo.example.com; | 52 proxy_ssl_name foo.example.com; |
53 proxy_ssl_trusted_certificate 1.example.com.crt; | 53 proxy_ssl_trusted_certificate 1.example.com.crt; |
54 } | 54 } |
55 | 55 |
56 server { | 56 server { |
57 listen 127.0.0.1:8082; | 57 listen 127.0.0.1:%%PORT_2%%; |
58 proxy_pass 127.0.0.1:8087; | 58 proxy_pass 127.0.0.1:%%PORT_6%%; |
59 | 59 |
60 proxy_ssl_name no.match.example.com; | 60 proxy_ssl_name no.match.example.com; |
61 proxy_ssl_trusted_certificate 1.example.com.crt; | 61 proxy_ssl_trusted_certificate 1.example.com.crt; |
62 } | 62 } |
63 | 63 |
64 server { | 64 server { |
65 listen 127.0.0.1:8083; | 65 listen 127.0.0.1:%%PORT_3%%; |
66 proxy_pass 127.0.0.1:8088; | 66 proxy_pass 127.0.0.1:%%PORT_7%%; |
67 | 67 |
68 proxy_ssl_name 2.example.com; | 68 proxy_ssl_name 2.example.com; |
69 proxy_ssl_trusted_certificate 2.example.com.crt; | 69 proxy_ssl_trusted_certificate 2.example.com.crt; |
70 } | 70 } |
71 | 71 |
72 server { | 72 server { |
73 listen 127.0.0.1:8084; | 73 listen 127.0.0.1:%%PORT_4%%; |
74 proxy_pass 127.0.0.1:8088; | 74 proxy_pass 127.0.0.1:%%PORT_7%%; |
75 | 75 |
76 proxy_ssl_name bad.example.com; | 76 proxy_ssl_name bad.example.com; |
77 proxy_ssl_trusted_certificate 2.example.com.crt; | 77 proxy_ssl_trusted_certificate 2.example.com.crt; |
78 } | 78 } |
79 | 79 |
80 server { | 80 server { |
81 listen 127.0.0.1:8085; | 81 listen 127.0.0.1:%%PORT_5%%; |
82 proxy_pass 127.0.0.1:8088; | 82 proxy_pass 127.0.0.1:%%PORT_7%%; |
83 | 83 |
84 proxy_ssl_trusted_certificate 1.example.com.crt; | 84 proxy_ssl_trusted_certificate 1.example.com.crt; |
85 proxy_ssl_session_reuse off; | 85 proxy_ssl_session_reuse off; |
86 } | 86 } |
87 | 87 |
88 server { | 88 server { |
89 listen 127.0.0.1:8087 ssl; | 89 listen 127.0.0.1:%%PORT_6%% ssl; |
90 proxy_pass 127.0.0.1:8089; | 90 proxy_pass 127.0.0.1:%%PORT_8%%; |
91 proxy_ssl off; | 91 proxy_ssl off; |
92 | 92 |
93 ssl_certificate 1.example.com.crt; | 93 ssl_certificate 1.example.com.crt; |
94 ssl_certificate_key 1.example.com.key; | 94 ssl_certificate_key 1.example.com.key; |
95 } | 95 } |
96 | 96 |
97 server { | 97 server { |
98 listen 127.0.0.1:8088 ssl; | 98 listen 127.0.0.1:%%PORT_7%% ssl; |
99 proxy_pass 127.0.0.1:8089; | 99 proxy_pass 127.0.0.1:%%PORT_8%%; |
100 proxy_ssl off; | 100 proxy_ssl off; |
101 | 101 |
102 ssl_certificate 2.example.com.crt; | 102 ssl_certificate 2.example.com.crt; |
103 ssl_certificate_key 2.example.com.key; | 103 ssl_certificate_key 2.example.com.key; |
104 } | 104 } |
145 $t->write_file('index.html', ''); | 145 $t->write_file('index.html', ''); |
146 | 146 |
147 $t->run_daemon(\&http_daemon); | 147 $t->run_daemon(\&http_daemon); |
148 $t->run(); | 148 $t->run(); |
149 | 149 |
150 $t->waitforsocket('127.0.0.1:8089'); | 150 $t->waitforsocket('127.0.0.1:' . port(8)); |
151 | 151 |
152 ############################################################################### | 152 ############################################################################### |
153 | 153 |
154 # subjectAltName | 154 # subjectAltName |
155 | 155 |
156 like(get('/', '127.0.0.1:8080'), qr/200 OK/, 'verify'); | 156 like(get('/', '127.0.0.1:' . port(0)), qr/200 OK/, 'verify'); |
157 like(get('/', '127.0.0.1:8081'), qr/200 OK/, 'verify wildcard'); | 157 like(get('/', '127.0.0.1:' . port(1)), qr/200 OK/, 'verify wildcard'); |
158 unlike(get('/', '127.0.0.1:8082'), qr/200 OK/, 'verify fail'); | 158 unlike(get('/', '127.0.0.1:' . port(2)), qr/200 OK/, 'verify fail'); |
159 | 159 |
160 # commonName | 160 # commonName |
161 | 161 |
162 like(get('/', '127.0.0.1:8083'), qr/200 OK/, 'verify cn'); | 162 like(get('/', '127.0.0.1:' . port(3)), qr/200 OK/, 'verify cn'); |
163 unlike(get('/', '127.0.0.1:8084'), qr/200 OK/, 'verify cn fail'); | 163 unlike(get('/', '127.0.0.1:' . port(4)), qr/200 OK/, 'verify cn fail'); |
164 | 164 |
165 # untrusted | 165 # untrusted |
166 | 166 |
167 unlike(get('/', '127.0.0.1:8085'), qr/200 OK/, 'untrusted'); | 167 unlike(get('/', '127.0.0.1:' . port(5)), qr/200 OK/, 'untrusted'); |
168 | 168 |
169 ############################################################################### | 169 ############################################################################### |
170 | 170 |
171 sub get { | 171 sub get { |
172 my ($uri, $peer) = @_; | 172 my ($uri, $peer) = @_; |
184 ############################################################################### | 184 ############################################################################### |
185 | 185 |
186 sub http_daemon { | 186 sub http_daemon { |
187 my $server = IO::Socket::INET->new( | 187 my $server = IO::Socket::INET->new( |
188 Proto => 'tcp', | 188 Proto => 'tcp', |
189 LocalHost => '127.0.0.1:8089', | 189 LocalHost => '127.0.0.1:' . port(8), |
190 Listen => 5, | 190 Listen => 5, |
191 Reuse => 1 | 191 Reuse => 1 |
192 ) | 192 ) |
193 or die "Can't create listening socket: $!\n"; | 193 or die "Can't create listening socket: $!\n"; |
194 | 194 |