Mercurial > hg > nginx-tests
comparison ssl_sni_reneg.t @ 1380:f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 02 Oct 2018 18:40:01 +0300 |
parents | 09c2291b2bab |
children | ad3cb6f451a5 |
comparison
equal
deleted
inserted
replaced
1379:14bfd6643bbb | 1380:f50c7d90f5c9 |
---|---|
38 Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die; | 38 Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die; |
39 }; | 39 }; |
40 plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@; | 40 plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@; |
41 | 41 |
42 my $t = Test::Nginx->new()->has(qw/http http_ssl/)->has_daemon('openssl') | 42 my $t = Test::Nginx->new()->has(qw/http http_ssl/)->has_daemon('openssl') |
43 ->plan(4); | 43 ->plan(8); |
44 | 44 |
45 $t->write_file_expand('nginx.conf', <<'EOF'); | 45 $t->write_file_expand('nginx.conf', <<'EOF'); |
46 | 46 |
47 %%TEST_GLOBALS%% | 47 %%TEST_GLOBALS%% |
48 | 48 |
57 ssl_certificate_key localhost.key; | 57 ssl_certificate_key localhost.key; |
58 ssl_certificate localhost.crt; | 58 ssl_certificate localhost.crt; |
59 | 59 |
60 server { | 60 server { |
61 listen 127.0.0.1:8080 ssl; | 61 listen 127.0.0.1:8080 ssl; |
62 listen 127.0.0.1:8081 ssl; | |
62 server_name localhost; | 63 server_name localhost; |
64 | |
65 location / { } | |
66 } | |
67 | |
68 server { | |
69 listen 127.0.0.1:8081 ssl; | |
70 server_name localhost2; | |
63 | 71 |
64 location / { } | 72 location / { } |
65 } | 73 } |
66 } | 74 } |
67 | 75 |
87 | 95 |
88 $t->run(); | 96 $t->run(); |
89 | 97 |
90 ############################################################################### | 98 ############################################################################### |
91 | 99 |
92 my ($s, $ssl) = get_ssl_socket(); | 100 my ($s, $ssl) = get_ssl_socket(8080); |
93 ok($s, 'connection'); | 101 ok($s, 'connection'); |
94 | 102 |
95 SKIP: { | 103 SKIP: { |
96 skip 'connection failed', 3 unless $s; | 104 skip 'connection failed', 3 unless $s; |
97 | 105 |
106 | 114 |
107 ok(!Net::SSLeay::read($ssl), 'response'); | 115 ok(!Net::SSLeay::read($ssl), 'response'); |
108 | 116 |
109 } | 117 } |
110 | 118 |
119 # virtual servers | |
120 # in [1.15.4..1.15.5) SSL_OP_NO_RENEGOTIATION is cleared in servername callback | |
121 | |
122 ($s, $ssl) = get_ssl_socket(8081); | |
123 ok($s, 'connection 2'); | |
124 | |
125 SKIP: { | |
126 skip 'connection failed', 3 unless $s; | |
127 | |
128 Net::SSLeay::write($ssl, 'GET / HTTP/1.0' . CRLF); | |
129 | |
130 ok(Net::SSLeay::renegotiate($ssl), 'renegotiation'); | |
131 ok(Net::SSLeay::set_tlsext_host_name($ssl, 'localhost'), 'SNI'); | |
132 | |
133 Net::SSLeay::write($ssl, 'Host: localhost' . CRLF . CRLF); | |
134 | |
135 ok(!Net::SSLeay::read($ssl), 'virtual servers'); | |
136 | |
137 } | |
138 | |
111 ############################################################################### | 139 ############################################################################### |
112 | 140 |
113 sub get_ssl_socket { | 141 sub get_ssl_socket { |
142 my ($port) = @_; | |
114 my $s; | 143 my $s; |
115 | 144 |
116 my $dest_ip = inet_aton('127.0.0.1'); | 145 my $dest_ip = inet_aton('127.0.0.1'); |
117 my $dest_serv_params = sockaddr_in(port(8080), $dest_ip); | 146 my $dest_serv_params = sockaddr_in(port($port), $dest_ip); |
118 | 147 |
119 eval { | 148 eval { |
120 local $SIG{ALRM} = sub { die "timeout\n" }; | 149 local $SIG{ALRM} = sub { die "timeout\n" }; |
121 local $SIG{PIPE} = sub { die "sigpipe\n" }; | 150 local $SIG{PIPE} = sub { die "sigpipe\n" }; |
122 alarm(2); | 151 alarm(2); |
132 } | 161 } |
133 | 162 |
134 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!"); | 163 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!"); |
135 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!"); | 164 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!"); |
136 Net::SSLeay::set_fd($ssl, fileno($s)); | 165 Net::SSLeay::set_fd($ssl, fileno($s)); |
166 Net::SSLeay::set_tlsext_host_name($ssl, 'localhost'); | |
137 Net::SSLeay::connect($ssl) or die("ssl connect"); | 167 Net::SSLeay::connect($ssl) or die("ssl connect"); |
138 | 168 |
139 return ($s, $ssl); | 169 return ($s, $ssl); |
140 } | 170 } |
141 | 171 |