Mercurial > hg > nginx-tests
view ssl_certificate_perl.t @ 1606:e4e0695552ed
Tests: fixed stream_proxy_ssl_conf_command.t.
The stream_proxy_ssl_conf_command.t test used stream return module
to return the response. Since this ignores actual request, but the
perl test code used http_get(). This might result in the request being
sent after the response is returned and the connection closed by the server,
resulting in RST being generated and no response seen by the client at all.
Fix is to use "stream(...)->read()" instead of http_get(), so
no request is sent at all, eliminating possibility of RST being
generated.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Tue, 10 Nov 2020 05:03:29 +0300 |
| parents | 144c6ce732e4 |
| children | fd440d324700 |
line wrap: on
line source
#!/usr/bin/perl # (C) Sergey Kandaurov # (C) Nginx, Inc. # Tests for http ssl module, loading certificates from memory with perl module. ############################################################################### use warnings; use strict; use Test::More; use Socket; BEGIN { use FindBin; chdir($FindBin::Bin); } use lib 'lib'; use Test::Nginx; ############################################################################### select STDERR; $| = 1; select STDOUT; $| = 1; eval { require Net::SSLeay; Net::SSLeay::load_error_strings(); Net::SSLeay::SSLeay_add_ssl_algorithms(); Net::SSLeay::randomize(); }; plan(skip_all => 'Net::SSLeay not installed') if $@; eval { my $ctx = Net::SSLeay::CTX_new() or die; my $ssl = Net::SSLeay::new($ctx) or die; Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die; }; plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@; my $t = Test::Nginx->new()->has(qw/http http_ssl perl/)->has_daemon('openssl'); $t->{_configure_args} =~ /OpenSSL ([\d\.]+)/; plan(skip_all => 'OpenSSL too old') unless defined $1 and $1 ge '1.0.2'; $t->write_file_expand('nginx.conf', <<'EOF'); %%TEST_GLOBALS%% daemon off; events { } http { %%TEST_GLOBALS_HTTP%% perl_set $pem ' sub { my $r = shift; local $/; my $sni = $r->variable("ssl_server_name"); open my $fh, "<", "%%TESTDIR%%/$sni.crt"; my $content = <$fh>; close $fh; return $content; } '; server { listen 127.0.0.1:8080 ssl; server_name localhost; ssl_certificate data:$pem; ssl_certificate_key data:$pem; } } EOF $t->write_file('openssl.conf', <<EOF); [ req ] default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ] EOF my $d = $t->testdir(); foreach my $name ('one', 'two') { system('openssl req -x509 -new ' . "-config $d/openssl.conf -subj /CN=$name/ " . "-out $d/$name.crt -keyout $d/$name.crt " . ">>$d/openssl.out 2>&1") == 0 or die "Can't create certificate for $name: $!\n"; } $t->run()->plan(2); ############################################################################### like(cert('one', 8080), qr/CN=one/, 'certificate'); like(cert('two', 8080), qr/CN=two/, 'certificate 2'); ############################################################################### sub cert { my ($host, $port) = @_; my ($s, $ssl) = get_ssl_socket($host, $port) or return; Net::SSLeay::dump_peer_certificate($ssl); } sub get_ssl_socket { my ($host, $port) = @_; my $s; my $dest_ip = inet_aton('127.0.0.1'); $port = port($port); my $dest_serv_params = sockaddr_in($port, $dest_ip); socket($s, &AF_INET, &SOCK_STREAM, 0) or die "socket: $!"; connect($s, $dest_serv_params) or die "connect: $!"; my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!"); my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!"); Net::SSLeay::set_tlsext_host_name($ssl, $host); Net::SSLeay::set_fd($ssl, fileno($s)); Net::SSLeay::connect($ssl) or die("ssl connect"); return ($s, $ssl); } ###############################################################################