Mercurial > hg > nginx-tests
comparison ssl_sni.t @ 1449:eeababfd8726
Tests: moved $ssl_server_name tests in http to ssl_sni.t.
The tests need appropriate checks for ancient IO::Socket::SSL versions.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 05 Mar 2019 13:21:30 +0300 |
parents | 4e48bf51714f |
children | 5f53a1d6b83c |
comparison
equal
deleted
inserted
replaced
1448:c1b969fc7a23 | 1449:eeababfd8726 |
---|---|
55 ssl_certificate_key example.com.key; | 55 ssl_certificate_key example.com.key; |
56 ssl_certificate example.com.crt; | 56 ssl_certificate example.com.crt; |
57 | 57 |
58 location / { | 58 location / { |
59 return 200 $server_name; | 59 return 200 $server_name; |
60 } | |
61 } | |
62 | |
63 server { | |
64 listen 127.0.0.1:8081 ssl; | |
65 server_name localhost; | |
66 | |
67 ssl_certificate_key localhost.key; | |
68 ssl_certificate localhost.crt; | |
69 | |
70 location / { | |
71 return 200 $ssl_session_reused:$ssl_server_name; | |
60 } | 72 } |
61 } | 73 } |
62 } | 74 } |
63 | 75 |
64 EOF | 76 EOF |
78 my $ssl = Net::SSLeay::new($ctx) or die; | 90 my $ssl = Net::SSLeay::new($ctx) or die; |
79 Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die; | 91 Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die; |
80 }; | 92 }; |
81 plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@; | 93 plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@; |
82 | 94 |
83 $t->plan(6); | 95 $t->plan(8); |
84 | 96 |
85 $t->write_file('openssl.conf', <<EOF); | 97 $t->write_file('openssl.conf', <<EOF); |
86 [ req ] | 98 [ req ] |
87 default_bits = 1024 | 99 default_bits = 1024 |
88 encrypt_key = no | 100 encrypt_key = no |
122 like(https_get_host('example.org', 'example.com'), qr!400 Bad Request!, | 134 like(https_get_host('example.org', 'example.com'), qr!400 Bad Request!, |
123 'host not found, sni exists'); | 135 'host not found, sni exists'); |
124 | 136 |
125 } | 137 } |
126 | 138 |
139 # $ssl_server_name in sessions | |
140 | |
141 my $ctx = new IO::Socket::SSL::SSL_Context( | |
142 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), | |
143 SSL_session_cache_size => 100); | |
144 | |
145 like(http_get('/', socket => get_ssl_socket('localhost', 8081, $ctx)), | |
146 qr/^\.:localhost$/m, 'ssl server name'); | |
147 | |
148 TODO: { | |
149 local $TODO = 'not yet' if $t->has_module('OpenSSL (1.1.1|3)') | |
150 && !$t->has_version('1.15.10'); | |
151 | |
152 like(http_get('/', socket => get_ssl_socket('localhost', 8081, $ctx)), | |
153 qr/^r:localhost$/m, 'ssl server name - reused'); | |
154 | |
155 } | |
156 | |
127 ############################################################################### | 157 ############################################################################### |
128 | 158 |
129 sub get_ssl_socket { | 159 sub get_ssl_socket { |
130 my ($host) = @_; | 160 my ($host, $port, $ctx) = @_; |
131 my $s; | 161 my $s; |
132 | 162 |
133 eval { | 163 eval { |
134 local $SIG{ALRM} = sub { die "timeout\n" }; | 164 local $SIG{ALRM} = sub { die "timeout\n" }; |
135 local $SIG{PIPE} = sub { die "sigpipe\n" }; | 165 local $SIG{PIPE} = sub { die "sigpipe\n" }; |
136 alarm(8); | 166 alarm(8); |
137 $s = IO::Socket::SSL->new( | 167 $s = IO::Socket::SSL->new( |
138 Proto => 'tcp', | 168 Proto => 'tcp', |
139 PeerAddr => '127.0.0.1:' . port(8080), | 169 PeerAddr => '127.0.0.1:' . port($port || 8080), |
140 SSL_hostname => $host, | 170 SSL_hostname => $host, |
171 SSL_reuse_ctx => $ctx, | |
141 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), | 172 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
142 SSL_error_trap => sub { die $_[1] } | 173 SSL_error_trap => sub { die $_[1] } |
143 ); | 174 ); |
144 alarm(0); | 175 alarm(0); |
145 }; | 176 }; |