Mercurial > hg > nginx-tests

comparison ssl_sni_reneg.t @ 1380:f50c7d90f5c9

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: more https sni tests with renegotiation (ticket #1646).
author Sergey Kandaurov <pluknet@nginx.com>
date Tue, 02 Oct 2018 18:40:01 +0300
parents 09c2291b2bab
children ad3cb6f451a5
comparison
equal deleted inserted replaced
1379:14bfd6643bbb 1380:f50c7d90f5c9
38 Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die; 38 Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die;
39 }; 39 };
40 plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@; 40 plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@;
41 41
42 my $t = Test::Nginx->new()->has(qw/http http_ssl/)->has_daemon('openssl') 42 my $t = Test::Nginx->new()->has(qw/http http_ssl/)->has_daemon('openssl')
43 ->plan(4); 43 ->plan(8);
44 44
45 $t->write_file_expand('nginx.conf', <<'EOF'); 45 $t->write_file_expand('nginx.conf', <<'EOF');
46 46
47 %%TEST_GLOBALS%% 47 %%TEST_GLOBALS%%
48 48
57 ssl_certificate_key localhost.key; 57 ssl_certificate_key localhost.key;
58 ssl_certificate localhost.crt; 58 ssl_certificate localhost.crt;
59 59
60 server { 60 server {
61 listen 127.0.0.1:8080 ssl; 61 listen 127.0.0.1:8080 ssl;
62 listen 127.0.0.1:8081 ssl;
62 server_name localhost; 63 server_name localhost;
64
65 location / { }
66 }
67
68 server {
69 listen 127.0.0.1:8081 ssl;
70 server_name localhost2;
63 71
64 location / { } 72 location / { }
65 } 73 }
66 } 74 }
67 75
87 95
88 $t->run(); 96 $t->run();
89 97
90 ############################################################################### 98 ###############################################################################
91 99
92 my ($s, $ssl) = get_ssl_socket(); 100 my ($s, $ssl) = get_ssl_socket(8080);
93 ok($s, 'connection'); 101 ok($s, 'connection');
94 102
95 SKIP: { 103 SKIP: {
96 skip 'connection failed', 3 unless $s; 104 skip 'connection failed', 3 unless $s;
97 105
106 114
107 ok(!Net::SSLeay::read($ssl), 'response'); 115 ok(!Net::SSLeay::read($ssl), 'response');
108 116
109 } 117 }
110 118
119 # virtual servers
120 # in [1.15.4..1.15.5) SSL_OP_NO_RENEGOTIATION is cleared in servername callback
121
122 ($s, $ssl) = get_ssl_socket(8081);
123 ok($s, 'connection 2');
124
125 SKIP: {
126 skip 'connection failed', 3 unless $s;
127
128 Net::SSLeay::write($ssl, 'GET / HTTP/1.0' . CRLF);
129
130 ok(Net::SSLeay::renegotiate($ssl), 'renegotiation');
131 ok(Net::SSLeay::set_tlsext_host_name($ssl, 'localhost'), 'SNI');
132
133 Net::SSLeay::write($ssl, 'Host: localhost' . CRLF . CRLF);
134
135 ok(!Net::SSLeay::read($ssl), 'virtual servers');
136
137 }
138
111 ############################################################################### 139 ###############################################################################
112 140
113 sub get_ssl_socket { 141 sub get_ssl_socket {
142 my ($port) = @_;
114 my $s; 143 my $s;
115 144
116 my $dest_ip = inet_aton('127.0.0.1'); 145 my $dest_ip = inet_aton('127.0.0.1');
117 my $dest_serv_params = sockaddr_in(port(8080), $dest_ip); 146 my $dest_serv_params = sockaddr_in(port($port), $dest_ip);
118 147
119 eval { 148 eval {
120 local $SIG{ALRM} = sub { die "timeout\n" }; 149 local $SIG{ALRM} = sub { die "timeout\n" };
121 local $SIG{PIPE} = sub { die "sigpipe\n" }; 150 local $SIG{PIPE} = sub { die "sigpipe\n" };
122 alarm(2); 151 alarm(2);
132 } 161 }
133 162
134 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!"); 163 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!");
135 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!"); 164 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!");
136 Net::SSLeay::set_fd($ssl, fileno($s)); 165 Net::SSLeay::set_fd($ssl, fileno($s));
166 Net::SSLeay::set_tlsext_host_name($ssl, 'localhost');
137 Net::SSLeay::connect($ssl) or die("ssl connect"); 167 Net::SSLeay::connect($ssl) or die("ssl connect");
138 168
139 return ($s, $ssl); 169 return ($s, $ssl);
140 } 170 }
141 171