Mercurial > hg > nginx-tests
comparison ssl.t @ 1449:eeababfd8726
Tests: moved $ssl_server_name tests in http to ssl_sni.t.
The tests need appropriate checks for ancient IO::Socket::SSL versions.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Tue, 05 Mar 2019 13:21:30 +0300 |
| parents | e1c64ee44212 |
| children | f9718a0773b9 |
comparison
equal
deleted
inserted
replaced
| 1448:c1b969fc7a23 | 1449:eeababfd8726 |
|---|---|
| 29 plan(skip_all => 'IO::Socket::SSL not installed') if $@; | 29 plan(skip_all => 'IO::Socket::SSL not installed') if $@; |
| 30 eval { IO::Socket::SSL::SSL_VERIFY_NONE(); }; | 30 eval { IO::Socket::SSL::SSL_VERIFY_NONE(); }; |
| 31 plan(skip_all => 'IO::Socket::SSL too old') if $@; | 31 plan(skip_all => 'IO::Socket::SSL too old') if $@; |
| 32 | 32 |
| 33 my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite proxy/) | 33 my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite proxy/) |
| 34 ->has_daemon('openssl')->plan(25); | 34 ->has_daemon('openssl')->plan(23); |
| 35 | 35 |
| 36 $t->write_file_expand('nginx.conf', <<'EOF'); | 36 $t->write_file_expand('nginx.conf', <<'EOF'); |
| 37 | 37 |
| 38 %%TEST_GLOBALS%% | 38 %%TEST_GLOBALS%% |
| 39 | 39 |
| 59 ssl_session_cache shared:SSL:1m; | 59 ssl_session_cache shared:SSL:1m; |
| 60 ssl_verify_client optional_no_ca; | 60 ssl_verify_client optional_no_ca; |
| 61 | 61 |
| 62 location /reuse { | 62 location /reuse { |
| 63 return 200 "body $ssl_session_reused"; | 63 return 200 "body $ssl_session_reused"; |
| 64 } | |
| 65 location /sni { | |
| 66 return 200 "body $ssl_session_reused:$ssl_server_name"; | |
| 67 } | 64 } |
| 68 location /id { | 65 location /id { |
| 69 return 200 "body $ssl_session_id"; | 66 return 200 "body $ssl_session_id"; |
| 70 } | 67 } |
| 71 location /cipher { | 68 location /cipher { |
| 224 like(get('/', 8083), qr/^body \.$/m, 'reused none initial session'); | 221 like(get('/', 8083), qr/^body \.$/m, 'reused none initial session'); |
| 225 like(get('/', 8083), qr/^body \.$/m, 'session not reused 1'); | 222 like(get('/', 8083), qr/^body \.$/m, 'session not reused 1'); |
| 226 | 223 |
| 227 like(get('/', 8084), qr/^body \.$/m, 'reused off initial session'); | 224 like(get('/', 8084), qr/^body \.$/m, 'reused off initial session'); |
| 228 like(get('/', 8084), qr/^body \.$/m, 'session not reused 2'); | 225 like(get('/', 8084), qr/^body \.$/m, 'session not reused 2'); |
| 229 | |
| 230 # ssl_server_name | |
| 231 | |
| 232 SKIP: { | |
| 233 skip 'no sni', 2 unless $t->has_module('sni'); | |
| 234 | |
| 235 $ctx = new IO::Socket::SSL::SSL_Context( | |
| 236 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), | |
| 237 SSL_session_cache_size => 100); | |
| 238 | |
| 239 like(get('/sni', 8085), qr/^body \.:localhost$/m, 'ssl server name'); | |
| 240 | |
| 241 TODO: { | |
| 242 local $TODO = 'not yet' if $t->has_module('OpenSSL (1.1.1|3)') | |
| 243 && !$t->has_version('1.15.10'); | |
| 244 | |
| 245 like(get('/sni', 8085), qr/^body r:localhost$/m, 'ssl server name - reused'); | |
| 246 | |
| 247 } | |
| 248 | |
| 249 } | |
| 250 | 226 |
| 251 # ssl certificate inheritance | 227 # ssl certificate inheritance |
| 252 | 228 |
| 253 my $s = get_ssl_socket($ctx, port(8081)); | 229 my $s = get_ssl_socket($ctx, port(8081)); |
| 254 like($s->dump_peer_certificate(), qr/CN=localhost/, 'CN'); | 230 like($s->dump_peer_certificate(), qr/CN=localhost/, 'CN'); |
| 329 Proto => 'tcp', | 305 Proto => 'tcp', |
| 330 PeerAddr => '127.0.0.1', | 306 PeerAddr => '127.0.0.1', |
| 331 PeerPort => $port, | 307 PeerPort => $port, |
| 332 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), | 308 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
| 333 SSL_reuse_ctx => $ctx, | 309 SSL_reuse_ctx => $ctx, |
| 334 SSL_hostname => 'localhost', | |
| 335 SSL_error_trap => sub { die $_[1] }, | 310 SSL_error_trap => sub { die $_[1] }, |
| 336 %extra | 311 %extra |
| 337 ); | 312 ); |
| 338 alarm(0); | 313 alarm(0); |
| 339 }; | 314 }; |