Mercurial > hg > nginx-tests
comparison stream_ssl_alpn.t @ 1739:f2fe58b4b59f
Tests: ALPN tests in the stream module.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Thu, 21 Oct 2021 13:54:29 +0300 |
parents | |
children | 2318ed01ce53 |
comparison
equal
deleted
inserted
replaced
1738:9e0347f4df11 | 1739:f2fe58b4b59f |
---|---|
1 #!/usr/bin/perl | |
2 | |
3 # (C) Sergey Kandaurov | |
4 # (C) Nginx, Inc. | |
5 | |
6 # Tests for stream ssl_alpn directive. | |
7 | |
8 ############################################################################### | |
9 | |
10 use warnings; | |
11 use strict; | |
12 | |
13 use Test::More; | |
14 | |
15 BEGIN { use FindBin; chdir($FindBin::Bin); } | |
16 | |
17 use lib 'lib'; | |
18 use Test::Nginx; | |
19 use Test::Nginx::Stream qw/ stream /; | |
20 | |
21 ############################################################################### | |
22 | |
23 select STDERR; $| = 1; | |
24 select STDOUT; $| = 1; | |
25 | |
26 my $t = Test::Nginx->new()->has(qw/stream stream_ssl stream_return/) | |
27 ->has_daemon('openssl')->write_file_expand('nginx.conf', <<'EOF'); | |
28 | |
29 %%TEST_GLOBALS%% | |
30 | |
31 daemon off; | |
32 | |
33 events { | |
34 } | |
35 | |
36 stream { | |
37 %%TEST_GLOBALS_STREAM%% | |
38 | |
39 log_format test $status; | |
40 access_log %%TESTDIR%%/test.log test; | |
41 | |
42 ssl_certificate_key localhost.key; | |
43 ssl_certificate localhost.crt; | |
44 | |
45 server { | |
46 listen 127.0.0.1:8080 ssl; | |
47 return "X $ssl_alpn_protocol X"; | |
48 ssl_alpn first second; | |
49 } | |
50 } | |
51 | |
52 EOF | |
53 | |
54 eval { require IO::Socket::SSL; die if $IO::Socket::SSL::VERSION < 1.56; }; | |
55 plan(skip_all => 'IO::Socket::SSL version >= 1.56 required') if $@; | |
56 | |
57 eval { IO::Socket::SSL->can_alpn() or die; }; | |
58 plan(skip_all => 'IO::Socket::SSL with OpenSSL ALPN support required') if $@; | |
59 | |
60 eval { exists &Net::SSLeay::P_alpn_selected or die; }; | |
61 plan(skip_all => 'Net::SSLeay with OpenSSL ALPN support required') if $@; | |
62 | |
63 $t->write_file('openssl.conf', <<EOF); | |
64 [ req ] | |
65 default_bits = 2048 | |
66 encrypt_key = no | |
67 distinguished_name = req_distinguished_name | |
68 [ req_distinguished_name ] | |
69 EOF | |
70 | |
71 my $d = $t->testdir(); | |
72 | |
73 foreach my $name ('localhost') { | |
74 system('openssl req -x509 -new ' | |
75 . "-config $d/openssl.conf -subj /CN=$name/ " | |
76 . "-out $d/$name.crt -keyout $d/$name.key " | |
77 . ">>$d/openssl.out 2>&1") == 0 | |
78 or die "Can't create certificate for $name: $!\n"; | |
79 } | |
80 | |
81 $t->try_run('no ssl_alpn')->plan(6); | |
82 | |
83 ############################################################################### | |
84 | |
85 is(get_ssl('first'), 'X first X', 'alpn match'); | |
86 is(get_ssl('wrong', 'first'), 'X first X', 'alpn many'); | |
87 is(get_ssl('wrong', 'second'), 'X second X', 'alpn second'); | |
88 is(get_ssl(), 'X X', 'no alpn'); | |
89 ok(!get_ssl('wrong'), 'alpn mismatch'); | |
90 | |
91 $t->stop(); | |
92 | |
93 like($t->read_file('test.log'), qr/500$/, 'alpn mismatch - log'); | |
94 | |
95 ############################################################################### | |
96 | |
97 sub get_ssl { | |
98 my (@alpn) = @_; | |
99 my $s = stream('127.0.0.1:' . port(8080)); | |
100 | |
101 eval { | |
102 local $SIG{ALRM} = sub { die "timeout\n" }; | |
103 local $SIG{PIPE} = sub { die "sigpipe\n" }; | |
104 alarm(8); | |
105 IO::Socket::SSL->start_SSL($s->{_socket}, | |
106 SSL_alpn_protocols => [ @alpn ], | |
107 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), | |
108 SSL_error_trap => sub { die $_[1] } | |
109 ); | |
110 alarm(0); | |
111 }; | |
112 alarm(0); | |
113 | |
114 if ($@) { | |
115 log_in("died: $@"); | |
116 return undef; | |
117 } | |
118 | |
119 return $s->read(); | |
120 } | |
121 | |
122 ############################################################################### |