Mercurial > hg > nginx-tests

view stream_upstream_zone_ssl.t @ 973:7d7aef8b9f3a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: revert 313e3f1905d4 and set reuse properly. It is too late to use setsockopt(SO_REUSEADDR) after a socket is created as bind() happens during socket construction, and fails if there is a conflicting TIME-WAIT socket and SO_REUSEADDR is not set.
author Maxim Dounin <mdounin@mdounin.ru>
date Sun, 10 Jul 2016 18:57:12 +0300
parents e9064d691790
children 882267679006
line wrap: on
line source

#!/usr/bin/perl

# (C) Sergey Kandaurov
# (C) Nginx, Inc.

# Stream tests for upstream zone with ssl backend.

###############################################################################

use warnings;
use strict;

use Test::More;

BEGIN { use FindBin; chdir($FindBin::Bin); }

use lib 'lib';
use Test::Nginx;

###############################################################################

select STDERR; $| = 1;
select STDOUT; $| = 1;

my $t = Test::Nginx->new()->has(qw/stream stream_ssl http http_ssl/)
	->has(qw/stream_upstream_zone/)->has_daemon('openssl')->plan(8);

$t->write_file_expand('nginx.conf', <<'EOF');

%%TEST_GLOBALS%%

daemon off;

events {
}

stream {
    proxy_ssl on;
    proxy_ssl_session_reuse on;

    upstream u {
        zone u 32k;
        server 127.0.0.1:%%PORT_4%%;
    }

    upstream u2 {
        zone u2 32k;
        server 127.0.0.1:%%PORT_4%% backup;
        server 127.0.0.1:%%PORT_5%% down;
    }

    server {
        listen      127.0.0.1:%%PORT_0%%;
        proxy_pass  u;
        proxy_ssl_session_reuse off;
    }

    server {
        listen      127.0.0.1:%%PORT_1%%;
        proxy_pass  u;
    }

    server {
        listen      127.0.0.1:%%PORT_2%%;
        proxy_pass  u2;
        proxy_ssl_session_reuse off;
    }

    server {
        listen      127.0.0.1:%%PORT_3%%;
        proxy_pass  u2;
    }
}

http {
    %%TEST_GLOBALS_HTTP%%

    server {
        listen 127.0.0.1:%%PORT_4%% ssl;

        ssl_certificate_key localhost.key;
        ssl_certificate localhost.crt;
        ssl_session_cache builtin;

        location / {
            add_header X-Session $ssl_session_reused;
        }
    }
}

EOF

$t->write_file('openssl.conf', <<EOF);
[ req ]
default_bits = 2048
encrypt_key = no
distinguished_name = req_distinguished_name
[ req_distinguished_name ]
EOF

$t->write_file('index.html', '');

my $d = $t->testdir();

foreach my $name ('localhost') {
	system('openssl req -x509 -new '
		. "-config '$d/openssl.conf' -subj '/CN=$name/' "
		. "-out '$d/$name.crt' -keyout '$d/$name.key' "
		. ">>$d/openssl.out 2>&1") == 0
		or die "Can't create certificate for $name: $!\n";
}

$t->run();

###############################################################################

like(http_get('/'), qr/200 OK.*X-Session: \./s, 'ssl');
like(http_get('/', socket => getconn('127.0.0.1:' . port(1))),
	qr/200 OK.*X-Session: \./s, 'ssl 2');

like(http_get('/'), qr/200 OK.*X-Session: \./s, 'ssl reuse session');
like(http_get('/', socket => getconn('127.0.0.1:' . port(1))),
	qr/200 OK.*X-Session: r/s, 'ssl reuse session 2');

like(http_get('/', socket => getconn('127.0.0.1:' . port(2))),
	qr/200 OK.*X-Session: \./s, 'ssl backup');
like(http_get('/', socket => getconn('127.0.0.1:' . port(3))),
	qr/200 OK.*X-Session: \./s, 'ssl backup 2');

like(http_get('/', socket => getconn('127.0.0.1:' . port(2))),
	qr/200 OK.*X-Session: \./s, 'ssl reuse session backup');
like(http_get('/', socket => getconn('127.0.0.1:' . port(3))),
	qr/200 OK.*X-Session: r/s, 'ssl reuse session backup 2');

###############################################################################

sub getconn {
	my $peer = shift;
	my $s = IO::Socket::INET->new(
		Proto => 'tcp',
		PeerAddr => $peer
	)
		or die "Can't connect to nginx: $!\n";

	return $s;
}

###############################################################################