Mercurial > hg > nginx-tests
view proxy_if.t @ 1851:0351dee227a8
Tests: unbreak tests with dynamic certificates on stable.
In 74cffa9d4c43, ticket based session reuse is enabled in addition to
using a shared SSL session cache. This changed how a session can be
resumed in a different server:
- for a session ID based resumption, it is resumed in the same context
- when using session tickets, a key name is also checked for matching
- with a ticket callback, this is skipped in favor of callback's logic
This makes 'session id context match' tests fail with session tickets
on stable since ticket key names are unique in distinct SSL contexts.
On the other hand, tests pass on 1.23.2+ due to automatic ticket keys
rotation that installs ticket callback, and using a common shared SSL
session cache.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Tue, 28 Mar 2023 01:36:32 +0400 |
| parents | dbce8fb5f5f8 |
| children |
line wrap: on
line source
#!/usr/bin/perl # (C) Maxim Dounin # Tests for http proxy module related to use with the "if" directive. # See http://wiki.nginx.org/IfIsEvil for more details. ############################################################################### use warnings; use strict; use Test::More; BEGIN { use FindBin; chdir($FindBin::Bin); } use lib 'lib'; use Test::Nginx; ############################################################################### select STDERR; $| = 1; select STDOUT; $| = 1; my $t = Test::Nginx->new()->has(qw/http proxy rewrite http_ssl/) ->has_daemon('openssl')->plan(15); $t->write_file_expand('nginx.conf', <<'EOF')->todo_alerts(); %%TEST_GLOBALS%% daemon off; events { } http { %%TEST_GLOBALS_HTTP%% server { listen 127.0.0.1:8080; server_name localhost; location / { proxy_pass http://127.0.0.1:8081/; } # request was sent to backend without uri changed # to '/' due to if location /proxy-pass-uri { proxy_pass http://127.0.0.1:8081/replacement; if ($arg_if) { # nothing } location /proxy-pass-uri/inner { # no proxy_pass here, static if ($arg_if) { # nothing } } } # same as the above, but there is a special handling # in configuration merge; it used to do wrong things with # nested locations though location /proxy-pass-uri-lmt { proxy_pass http://127.0.0.1:8081/replacement; limit_except POST { # nothing } location /proxy-pass-uri-lmt/inner { # no proxy_pass here, static limit_except POST { # nothing } } } location /proxy-pass-uri-lmt-different { proxy_pass http://127.0.0.1:8081/replacement; limit_except POST { proxy_pass http://127.0.0.1:8081; } } # segmentation fault in old versions, # fixed to return 500 Internal Error in nginx 1.3.10 location /proxy-inside-if-crash { set $true 1; if ($true) { # proxy_pass inside if proxy_pass http://127.0.0.1:8081; } if ($true) { # no handler here } } # normal proxy_pass and proxy_pass with variables # use distinct field, and inheritance should be mutually # exclusive location /variables { proxy_pass http://127.0.0.1:8081/outer/$host; if ($arg_if) { proxy_pass http://127.0.0.1:8081; } location /variables/inner { proxy_pass http://127.0.0.1:8081; } } # ssl context shouldn't be inherited into nested # locations with different proxy_pass, but should # be correctly inherited into if's location /ssl { proxy_pass https://127.0.0.1:8082/outer; if ($arg_if) { # inherited from outer } location /ssl/inner { proxy_pass http://127.0.0.1:8081; } } } server { listen 127.0.0.1:8081; listen 127.0.0.1:8082 ssl; server_name localhost; ssl_certificate localhost.crt; ssl_certificate_key localhost.key; return 200 "uri:$uri\n"; } } EOF $t->write_file('openssl.conf', <<EOF); [ req ] default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ] EOF my $d = $t->testdir(); foreach my $name ('localhost') { system('openssl req -x509 -new ' . "-config $d/openssl.conf -subj /CN=$name/ " . "-out $d/$name.crt -keyout $d/$name.key " . ">>$d/openssl.out 2>&1") == 0 or die "Can't create certificate for $name: $!\n"; } $t->run(); ############################################################################### like(http_get('/'), qr!uri:/$!, 'proxy request'); like(http_get('/proxy-pass-uri'), qr!uri:/replacement$!, 'proxy_pass uri changed'); # due to missing information about an original location where # proxy_pass was specified, this used to pass request with # original unmodified uri like(http_get('/proxy-pass-uri?if=1'), qr!uri:/replacement$!, 'proxy_pass uri changed in if'); like(http_get('/proxy-pass-uri/inner'), qr!404 Not Found!, 'proxy_pass uri changed inner'); like(http_get('/proxy-pass-uri/inner?if=1'), qr!404 Not Found!, 'proxy_pass uri changed inner in if'); # limit_except like(http_get('/proxy-pass-uri-lmt'), qr!uri:/replacement$!, 'proxy_pass uri and limit_except'); # special handling of limit_except resulted in wrong handling # of requests in nested locations like(http_get('/proxy-pass-uri-lmt/inner'), qr!404 Not Found!, 'proxy_pass uri and limit_except, inner'); like(http_get('/proxy-pass-uri-lmt-different'), qr!uri:/proxy-pass-uri-lmt-different!, 'proxy_pass and limit_except with different proxy_pass'); # segmentation fault in old versions, # fixed to return 500 Internal Error in nginx 1.3.10 like(http_get('/proxy-inside-if-crash'), qr!500 Internal Server Error!, 'proxy_pass inside if'); # normal proxy_pass and proxy_pass with variables # use distinct field, and inheritance should be mutually # exclusive, see ticket #645 like(http_get('/variables'), qr!uri:/outer!, 'proxy_pass variables'); like(http_get('/variables?if=1'), qr!uri:/variables!, 'proxy_pass variables if'); like(http_get('/variables/inner'), qr!uri:/variables/inner!, 'proxy_pass variables nested'); # ssl context shouldn't be inherited into nested # locations with different proxy_pass, but should # be correctly inherited into if's like(http_get('/ssl'), qr!uri:/outer!, 'proxy_pass ssl'); like(http_get('/ssl?if=1'), qr!uri:/outer!, 'proxy_pass ssl inside if'); like(http_get('/ssl/inner'), qr!uri:/ssl/inner!, 'proxy_pass nossl inside ssl'); ###############################################################################