Mercurial > hg > nginx-tests

comparison stream_ssl_alpn.t @ 1739:f2fe58b4b59f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: ALPN tests in the stream module.
author Sergey Kandaurov <pluknet@nginx.com>
date Thu, 21 Oct 2021 13:54:29 +0300
parents
children 2318ed01ce53
comparison
equal deleted inserted replaced
1738:9e0347f4df11 1739:f2fe58b4b59f
1 #!/usr/bin/perl
2
3 # (C) Sergey Kandaurov
4 # (C) Nginx, Inc.
5
6 # Tests for stream ssl_alpn directive.
7
8 ###############################################################################
9
10 use warnings;
11 use strict;
12
13 use Test::More;
14
15 BEGIN { use FindBin; chdir($FindBin::Bin); }
16
17 use lib 'lib';
18 use Test::Nginx;
19 use Test::Nginx::Stream qw/ stream /;
20
21 ###############################################################################
22
23 select STDERR; $| = 1;
24 select STDOUT; $| = 1;
25
26 my $t = Test::Nginx->new()->has(qw/stream stream_ssl stream_return/)
27 ->has_daemon('openssl')->write_file_expand('nginx.conf', <<'EOF');
28
29 %%TEST_GLOBALS%%
30
31 daemon off;
32
33 events {
34 }
35
36 stream {
37 %%TEST_GLOBALS_STREAM%%
38
39 log_format test $status;
40 access_log %%TESTDIR%%/test.log test;
41
42 ssl_certificate_key localhost.key;
43 ssl_certificate localhost.crt;
44
45 server {
46 listen 127.0.0.1:8080 ssl;
47 return "X $ssl_alpn_protocol X";
48 ssl_alpn first second;
49 }
50 }
51
52 EOF
53
54 eval { require IO::Socket::SSL; die if $IO::Socket::SSL::VERSION < 1.56; };
55 plan(skip_all => 'IO::Socket::SSL version >= 1.56 required') if $@;
56
57 eval { IO::Socket::SSL->can_alpn() or die; };
58 plan(skip_all => 'IO::Socket::SSL with OpenSSL ALPN support required') if $@;
59
60 eval { exists &Net::SSLeay::P_alpn_selected or die; };
61 plan(skip_all => 'Net::SSLeay with OpenSSL ALPN support required') if $@;
62
63 $t->write_file('openssl.conf', <<EOF);
64 [ req ]
65 default_bits = 2048
66 encrypt_key = no
67 distinguished_name = req_distinguished_name
68 [ req_distinguished_name ]
69 EOF
70
71 my $d = $t->testdir();
72
73 foreach my $name ('localhost') {
74 system('openssl req -x509 -new '
75 . "-config $d/openssl.conf -subj /CN=$name/ "
76 . "-out $d/$name.crt -keyout $d/$name.key "
77 . ">>$d/openssl.out 2>&1") == 0
78 or die "Can't create certificate for $name: $!\n";
79 }
80
81 $t->try_run('no ssl_alpn')->plan(6);
82
83 ###############################################################################
84
85 is(get_ssl('first'), 'X first X', 'alpn match');
86 is(get_ssl('wrong', 'first'), 'X first X', 'alpn many');
87 is(get_ssl('wrong', 'second'), 'X second X', 'alpn second');
88 is(get_ssl(), 'X X', 'no alpn');
89 ok(!get_ssl('wrong'), 'alpn mismatch');
90
91 $t->stop();
92
93 like($t->read_file('test.log'), qr/500$/, 'alpn mismatch - log');
94
95 ###############################################################################
96
97 sub get_ssl {
98 my (@alpn) = @_;
99 my $s = stream('127.0.0.1:' . port(8080));
100
101 eval {
102 local $SIG{ALRM} = sub { die "timeout\n" };
103 local $SIG{PIPE} = sub { die "sigpipe\n" };
104 alarm(8);
105 IO::Socket::SSL->start_SSL($s->{_socket},
106 SSL_alpn_protocols => [ @alpn ],
107 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
108 SSL_error_trap => sub { die $_[1] }
109 );
110 alarm(0);
111 };
112 alarm(0);
113
114 if ($@) {
115 log_in("died: $@");
116 return undef;
117 }
118
119 return $s->read();
120 }
121
122 ###############################################################################