Mercurial > hg > nginx-tests
view limit_req.t @ 1865:0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Relevant infrastructure is provided in Test::Nginx http() functions.
This also ensures that SSL handshake and various read and write operations
are guarded with timeouts.
The ssl_sni_reneg.t test uses IO::Socket::SSL::_get_ssl_object() to access
the Net::SSLeay object directly and trigger renegotation. While
not exactly correct, this seems to be good enough for tests.
Similarly, IO::Socket::SSL::_get_ssl_object() is used in ssl_stapling.t,
since SSL_ocsp_staple_callback is called with the socket instead of the
Net::SSLeay object.
Similarly, IO::Socket::SSL::_get_ssl_object() is used in ssl_verify_client.t,
since there seems to be no way to obtain CA list with IO::Socket::SSL.
Notable change to http() request interface is that http_end() now closes
the socket. This is to make sure that SSL connections are properly
closed and SSL sessions are not removed from the IO::Socket::SSL session
cache. This affected access_log.t, which was modified accordingly.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 18 May 2023 18:07:17 +0300 |
parents | 62e2baa3bc60 |
children |
line wrap: on
line source
#!/usr/bin/perl # (C) Maxim Dounin # Tests for nginx limit_req module. ############################################################################### use warnings; use strict; use Test::More; BEGIN { use FindBin; chdir($FindBin::Bin); } use lib 'lib'; use Test::Nginx; ############################################################################### select STDERR; $| = 1; select STDOUT; $| = 1; my $t = Test::Nginx->new()->has(qw/http limit_req/)->plan(6); $t->write_file_expand('nginx.conf', <<'EOF'); %%TEST_GLOBALS%% daemon off; events { } http { %%TEST_GLOBALS_HTTP%% limit_req_zone $binary_remote_addr zone=one:1m rate=2r/s; limit_req_zone $binary_remote_addr zone=long:1m rate=2r/s; limit_req_zone $binary_remote_addr zone=fast:1m rate=1000r/s; server { listen 127.0.0.1:8080; server_name localhost; location / { limit_req zone=one burst=1 nodelay; } location /status { limit_req zone=one burst=1 nodelay; limit_req_status 501; } location /long { limit_req zone=long burst=5; } location /fast { limit_req zone=fast burst=1; } } } EOF $t->write_file('test1.html', 'XtestX'); $t->write_file('long.html', "1234567890\n" x (1 << 16)); $t->write_file('fast.html', 'XtestX'); $t->run(); ############################################################################### like(http_get('/test1.html'), qr/^HTTP\/1.. 200 /m, 'request'); http_get('/test1.html'); like(http_get('/test1.html'), qr/^HTTP\/1.. 503 /m, 'request rejected'); like(http_get('/status.html'), qr/^HTTP\/1.. 501 /m, 'request rejected status'); http_get('/test1.html'); http_get('/test1.html'); # Second request will be delayed by limit_req, make sure it isn't truncated. # The bug only manifests itself if buffer will be filled, so sleep for a while # before reading response. my $l1 = length(http_get('/long.html')); my $l2 = length(http_get('/long.html', sleep => 0.6)); is($l2, $l1, 'delayed big request not truncated'); # make sure rejected requests are not counted, and access is again allowed # after 1/rate seconds like(http_get('/test1.html'), qr/^HTTP\/1.. 200 /m, 'rejects not counted'); # make sure negative excess values are handled properly http_get('/fast.html'); select undef, undef, undef, 0.1; like(http_get('/fast.html'), qr/^HTTP\/1.. 200 /m, 'negative excess'); ###############################################################################