Mercurial > hg > nginx-tests
comparison stream_ssl.t @ 1833:fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Instead of being mixed with generic SSL tests, session reuse variants
are now tested in a separate file.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 23 Mar 2023 19:49:55 +0300 |
parents | 1f125771f1a1 |
children | dbb7561a9441 |
comparison
equal
deleted
inserted
replaced
1832:2e541778e5d8 | 1833:fd9d077fee02 |
---|---|
35 | 35 |
36 plan(skip_all => 'win32') if $^O eq 'MSWin32'; | 36 plan(skip_all => 'win32') if $^O eq 'MSWin32'; |
37 | 37 |
38 my $t = Test::Nginx->new()->has(qw/stream stream_ssl/)->has_daemon('openssl'); | 38 my $t = Test::Nginx->new()->has(qw/stream stream_ssl/)->has_daemon('openssl'); |
39 | 39 |
40 $t->plan(7)->write_file_expand('nginx.conf', <<'EOF'); | 40 $t->plan(5)->write_file_expand('nginx.conf', <<'EOF'); |
41 | 41 |
42 %%TEST_GLOBALS%% | 42 %%TEST_GLOBALS%% |
43 | 43 |
44 daemon off; | 44 daemon off; |
45 | 45 |
49 stream { | 49 stream { |
50 %%TEST_GLOBALS_STREAM%% | 50 %%TEST_GLOBALS_STREAM%% |
51 | 51 |
52 ssl_certificate_key localhost.key; | 52 ssl_certificate_key localhost.key; |
53 ssl_certificate localhost.crt; | 53 ssl_certificate localhost.crt; |
54 ssl_session_tickets off; | |
55 | 54 |
56 # inherited by server "inherits" | 55 # inherited by server "inherits" |
57 ssl_password_file password_stream; | 56 ssl_password_file password_stream; |
58 | 57 |
59 server { | 58 server { |
60 listen 127.0.0.1:8080 ssl; | 59 listen 127.0.0.1:8443 ssl; |
61 proxy_pass 127.0.0.1:8081; | 60 proxy_pass 127.0.0.1:8081; |
62 | 61 |
63 ssl_session_cache builtin; | |
64 ssl_password_file password; | 62 ssl_password_file password; |
65 } | 63 } |
66 | 64 |
67 server { | 65 server { |
68 listen 127.0.0.1:8082 ssl; | 66 listen 127.0.0.1:8444 ssl; |
69 proxy_pass 127.0.0.1:8081; | 67 proxy_pass 127.0.0.1:8081; |
70 | 68 |
71 ssl_session_cache off; | |
72 ssl_password_file password_many; | 69 ssl_password_file password_many; |
73 } | 70 } |
74 | 71 |
75 server { | 72 server { |
76 listen 127.0.0.1:8083 ssl; | 73 listen 127.0.0.1:8445 ssl; |
77 proxy_pass 127.0.0.1:8081; | 74 proxy_pass 127.0.0.1:8081; |
78 | 75 |
79 ssl_session_cache builtin:1000; | |
80 ssl_password_file password_fifo; | 76 ssl_password_file password_fifo; |
81 } | 77 } |
82 | 78 |
83 server { | 79 server { |
84 listen 127.0.0.1:8084 ssl; | 80 listen 127.0.0.1:8446 ssl; |
85 proxy_pass 127.0.0.1:8081; | 81 proxy_pass 127.0.0.1:8081; |
86 | 82 |
87 ssl_session_cache shared:SSL:1m; | |
88 ssl_certificate_key inherits.key; | 83 ssl_certificate_key inherits.key; |
89 ssl_certificate inherits.crt; | 84 ssl_certificate inherits.crt; |
90 } | 85 } |
91 } | 86 } |
92 | 87 |
113 . "-key $d/$name.key -passin pass:$name" | 108 . "-key $d/$name.key -passin pass:$name" |
114 . ">>$d/openssl.out 2>&1") == 0 | 109 . ">>$d/openssl.out 2>&1") == 0 |
115 or die "Can't create certificate for $name: $!\n"; | 110 or die "Can't create certificate for $name: $!\n"; |
116 } | 111 } |
117 | 112 |
118 | |
119 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!"); | 113 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!"); |
120 | 114 |
121 $t->write_file('password', 'localhost'); | 115 $t->write_file('password', 'localhost'); |
122 $t->write_file('password_many', "wrong$CRLF" . "localhost$CRLF"); | 116 $t->write_file('password_many', "wrong$CRLF" . "localhost$CRLF"); |
123 $t->write_file('password_stream', 'inherits'); | 117 $t->write_file('password_stream', 'inherits'); |
136 | 130 |
137 $t->waitforsocket('127.0.0.1:' . port(8081)); | 131 $t->waitforsocket('127.0.0.1:' . port(8081)); |
138 | 132 |
139 ############################################################################### | 133 ############################################################################### |
140 | 134 |
141 my ($s, $ssl, $ses); | 135 my ($s, $ssl); |
142 | 136 |
143 ($s, $ssl) = get_ssl_socket(port(8080)); | 137 ($s, $ssl) = get_ssl_socket(8443); |
144 Net::SSLeay::write($ssl, "GET / HTTP/1.0$CRLF$CRLF"); | 138 Net::SSLeay::write($ssl, "GET / HTTP/1.0$CRLF$CRLF"); |
145 like(Net::SSLeay::read($ssl), qr/200 OK/, 'ssl'); | 139 like(Net::SSLeay::read($ssl), qr/200 OK/, 'ssl'); |
146 | 140 |
147 # ssl_session_cache | 141 ($s, $ssl) = get_ssl_socket(8444); |
142 Net::SSLeay::write($ssl, "GET / HTTP/1.0$CRLF$CRLF"); | |
143 like(Net::SSLeay::read($ssl), qr/200 OK/, 'ssl password many'); | |
148 | 144 |
149 ($s, $ssl) = get_ssl_socket(port(8080)); | 145 ($s, $ssl) = get_ssl_socket(8445); |
150 Net::SSLeay::write($ssl, "GET / HTTP/1.0$CRLF$CRLF"); | 146 Net::SSLeay::write($ssl, "GET / HTTP/1.0$CRLF$CRLF"); |
151 Net::SSLeay::read($ssl); | 147 like(Net::SSLeay::read($ssl), qr/200 OK/, 'ssl password fifo'); |
152 $ses = Net::SSLeay::get_session($ssl); | |
153 | |
154 ($s, $ssl) = get_ssl_socket(port(8080), $ses); | |
155 is(Net::SSLeay::session_reused($ssl), 1, 'builtin session reused'); | |
156 | |
157 ($s, $ssl) = get_ssl_socket(port(8082)); | |
158 Net::SSLeay::write($ssl, "GET / HTTP/1.0$CRLF$CRLF"); | |
159 Net::SSLeay::read($ssl); | |
160 $ses = Net::SSLeay::get_session($ssl); | |
161 | |
162 ($s, $ssl) = get_ssl_socket(port(8082), $ses); | |
163 isnt(Net::SSLeay::session_reused($ssl), 1, 'session not reused'); | |
164 | |
165 ($s, $ssl) = get_ssl_socket(port(8083)); | |
166 Net::SSLeay::write($ssl, "GET / HTTP/1.0$CRLF$CRLF"); | |
167 Net::SSLeay::read($ssl); | |
168 $ses = Net::SSLeay::get_session($ssl); | |
169 | |
170 ($s, $ssl) = get_ssl_socket(port(8083), $ses); | |
171 is(Net::SSLeay::session_reused($ssl), 1, 'builtin size session reused'); | |
172 | |
173 ($s, $ssl) = get_ssl_socket(port(8084)); | |
174 Net::SSLeay::write($ssl, "GET / HTTP/1.0$CRLF$CRLF"); | |
175 Net::SSLeay::read($ssl); | |
176 $ses = Net::SSLeay::get_session($ssl); | |
177 | |
178 ($s, $ssl) = get_ssl_socket(port(8084), $ses); | |
179 is(Net::SSLeay::session_reused($ssl), 1, 'shared session reused'); | |
180 | 148 |
181 # ssl_certificate inheritance | 149 # ssl_certificate inheritance |
182 | 150 |
183 ($s, $ssl) = get_ssl_socket(port(8080)); | 151 ($s, $ssl) = get_ssl_socket(8443); |
184 like(Net::SSLeay::dump_peer_certificate($ssl), qr/CN=localhost/, 'CN'); | 152 like(Net::SSLeay::dump_peer_certificate($ssl), qr/CN=localhost/, 'CN'); |
185 | 153 |
186 ($s, $ssl) = get_ssl_socket(port(8084)); | 154 ($s, $ssl) = get_ssl_socket(8446); |
187 like(Net::SSLeay::dump_peer_certificate($ssl), qr/CN=inherits/, 'CN inner'); | 155 like(Net::SSLeay::dump_peer_certificate($ssl), qr/CN=inherits/, 'CN inner'); |
188 | 156 |
189 ############################################################################### | 157 ############################################################################### |
190 | 158 |
191 sub get_ssl_socket { | 159 sub get_ssl_socket { |
192 my ($port, $ses) = @_; | 160 my ($port) = @_; |
193 | 161 |
194 my $s = IO::Socket::INET->new('127.0.0.1:' . $port); | 162 my $s = IO::Socket::INET->new('127.0.0.1:' . port($port)); |
195 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!"); | 163 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!"); |
196 Net::SSLeay::set_session($ssl, $ses) if defined $ses; | |
197 Net::SSLeay::set_fd($ssl, fileno($s)); | 164 Net::SSLeay::set_fd($ssl, fileno($s)); |
198 Net::SSLeay::connect($ssl) or die("ssl connect"); | 165 Net::SSLeay::connect($ssl) or die("ssl connect"); |
199 return ($s, $ssl); | 166 return ($s, $ssl); |
200 } | 167 } |
201 | 168 |