Mercurial > hg > nginx-tests
comparison ssl_sni.t @ 1449:eeababfd8726
Tests: moved $ssl_server_name tests in http to ssl_sni.t.
The tests need appropriate checks for ancient IO::Socket::SSL versions.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Tue, 05 Mar 2019 13:21:30 +0300 |
| parents | 4e48bf51714f |
| children | 5f53a1d6b83c |
comparison
equal
deleted
inserted
replaced
| 1448:c1b969fc7a23 | 1449:eeababfd8726 |
|---|---|
| 55 ssl_certificate_key example.com.key; | 55 ssl_certificate_key example.com.key; |
| 56 ssl_certificate example.com.crt; | 56 ssl_certificate example.com.crt; |
| 57 | 57 |
| 58 location / { | 58 location / { |
| 59 return 200 $server_name; | 59 return 200 $server_name; |
| 60 } | |
| 61 } | |
| 62 | |
| 63 server { | |
| 64 listen 127.0.0.1:8081 ssl; | |
| 65 server_name localhost; | |
| 66 | |
| 67 ssl_certificate_key localhost.key; | |
| 68 ssl_certificate localhost.crt; | |
| 69 | |
| 70 location / { | |
| 71 return 200 $ssl_session_reused:$ssl_server_name; | |
| 60 } | 72 } |
| 61 } | 73 } |
| 62 } | 74 } |
| 63 | 75 |
| 64 EOF | 76 EOF |
| 78 my $ssl = Net::SSLeay::new($ctx) or die; | 90 my $ssl = Net::SSLeay::new($ctx) or die; |
| 79 Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die; | 91 Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die; |
| 80 }; | 92 }; |
| 81 plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@; | 93 plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@; |
| 82 | 94 |
| 83 $t->plan(6); | 95 $t->plan(8); |
| 84 | 96 |
| 85 $t->write_file('openssl.conf', <<EOF); | 97 $t->write_file('openssl.conf', <<EOF); |
| 86 [ req ] | 98 [ req ] |
| 87 default_bits = 1024 | 99 default_bits = 1024 |
| 88 encrypt_key = no | 100 encrypt_key = no |
| 122 like(https_get_host('example.org', 'example.com'), qr!400 Bad Request!, | 134 like(https_get_host('example.org', 'example.com'), qr!400 Bad Request!, |
| 123 'host not found, sni exists'); | 135 'host not found, sni exists'); |
| 124 | 136 |
| 125 } | 137 } |
| 126 | 138 |
| 139 # $ssl_server_name in sessions | |
| 140 | |
| 141 my $ctx = new IO::Socket::SSL::SSL_Context( | |
| 142 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), | |
| 143 SSL_session_cache_size => 100); | |
| 144 | |
| 145 like(http_get('/', socket => get_ssl_socket('localhost', 8081, $ctx)), | |
| 146 qr/^\.:localhost$/m, 'ssl server name'); | |
| 147 | |
| 148 TODO: { | |
| 149 local $TODO = 'not yet' if $t->has_module('OpenSSL (1.1.1|3)') | |
| 150 && !$t->has_version('1.15.10'); | |
| 151 | |
| 152 like(http_get('/', socket => get_ssl_socket('localhost', 8081, $ctx)), | |
| 153 qr/^r:localhost$/m, 'ssl server name - reused'); | |
| 154 | |
| 155 } | |
| 156 | |
| 127 ############################################################################### | 157 ############################################################################### |
| 128 | 158 |
| 129 sub get_ssl_socket { | 159 sub get_ssl_socket { |
| 130 my ($host) = @_; | 160 my ($host, $port, $ctx) = @_; |
| 131 my $s; | 161 my $s; |
| 132 | 162 |
| 133 eval { | 163 eval { |
| 134 local $SIG{ALRM} = sub { die "timeout\n" }; | 164 local $SIG{ALRM} = sub { die "timeout\n" }; |
| 135 local $SIG{PIPE} = sub { die "sigpipe\n" }; | 165 local $SIG{PIPE} = sub { die "sigpipe\n" }; |
| 136 alarm(8); | 166 alarm(8); |
| 137 $s = IO::Socket::SSL->new( | 167 $s = IO::Socket::SSL->new( |
| 138 Proto => 'tcp', | 168 Proto => 'tcp', |
| 139 PeerAddr => '127.0.0.1:' . port(8080), | 169 PeerAddr => '127.0.0.1:' . port($port || 8080), |
| 140 SSL_hostname => $host, | 170 SSL_hostname => $host, |
| 171 SSL_reuse_ctx => $ctx, | |
| 141 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), | 172 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
| 142 SSL_error_trap => sub { die $_[1] } | 173 SSL_error_trap => sub { die $_[1] } |
| 143 ); | 174 ); |
| 144 alarm(0); | 175 alarm(0); |
| 145 }; | 176 }; |