Mercurial > hg > nginx-tests
view h2_ssl_proxy_cache.t @ 1260:eadd24ccfda1
Tests: postponed startup in certain ssl certificate tests on win32.
At least, some win32 hosts exhibit a round-off error or some such in the
notBefore field of the certificate generated before starting nginx, such
that it can be set to the value one second ahead of the current time.
This manifests in spurious test failures due to certificate verify error
with a failure reason "certificate is not yet valid".
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 12 Dec 2017 12:53:53 +0300 |
parents | 0af58b78df35 |
children | dbce8fb5f5f8 |
line wrap: on
line source
#!/usr/bin/perl # (C) Sergey Kandaurov # (C) Nginx, Inc. # Tests for HTTP/2 protocol with ssl and http proxy cache. ############################################################################### use warnings; use strict; use Test::More; BEGIN { use FindBin; chdir($FindBin::Bin); } use lib 'lib'; use Test::Nginx; use Test::Nginx::HTTP2; ############################################################################### select STDERR; $| = 1; select STDOUT; $| = 1; eval { require IO::Socket::SSL; }; plan(skip_all => 'IO::Socket::SSL not installed') if $@; my $t = Test::Nginx->new()->has(qw/http http_ssl http_v2 proxy cache/) ->has_daemon('openssl'); $t->write_file_expand('nginx.conf', <<'EOF'); %%TEST_GLOBALS%% daemon off; events { } http { %%TEST_GLOBALS_HTTP%% proxy_cache_path %%TESTDIR%%/cache keys_zone=NAME:1m; server { listen 127.0.0.1:8080 http2 ssl sndbuf=32k; server_name localhost; ssl_certificate_key localhost.key; ssl_certificate localhost.crt; send_timeout 1s; location / { proxy_pass http://127.0.0.1:8081; proxy_cache NAME; } } server { listen 127.0.0.1:8081 sndbuf=64k; server_name localhost; location / { } } } EOF $t->write_file('openssl.conf', <<EOF); [ req ] default_bits = 1024 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ] EOF my $d = $t->testdir(); foreach my $name ('localhost') { system('openssl req -x509 -new ' . "-config $d/openssl.conf -subj /CN=$name/ " . "-out $d/$name.crt -keyout $d/$name.key " . ">>$d/openssl.out 2>&1") == 0 or die "Can't create certificate for $name: $!\n"; } $t->write_file('tbig.html', join('', map { sprintf "XX%06dXX", $_ } (1 .. 500000))); open OLDERR, ">&", \*STDERR; close STDERR; $t->run(); open STDERR, ">&", \*OLDERR; plan(skip_all => 'no ALPN/NPN negotiation') unless defined getconn(port(8080)); $t->plan(1); ############################################################################### # client cancels stream with a cacheable request sent to upstream causing alert my $s = getconn(port(8080)); ok($s, 'ssl connection'); my $sid = $s->new_stream(); $s->h2_rst($sid, 8); # large response may stuck in SSL buffer and won't be sent producing alert my $s2 = getconn(port(8080)); $sid = $s2->new_stream({ path => '/tbig.html' }); $s2->h2_window(2**30, $sid); $s2->h2_window(2**30); select undef, undef, undef, 0.2; $t->stop(); # "aio_write" is used to produce "open socket ... left in connection" alerts. $t->todo_alerts() if $t->read_file('nginx.conf') =~ /aio_write on/ and $t->read_file('nginx.conf') =~ /aio threads/ and $^O eq 'linux'; ############################################################################### sub getconn { my ($port) = @_; my $s; eval { my $sock = Test::Nginx::HTTP2::new_socket($port, SSL => 1, alpn => 'h2'); $s = Test::Nginx::HTTP2->new($port, socket => $sock) if $sock->alpn_selected(); }; return $s if defined $s; eval { my $sock = Test::Nginx::HTTP2::new_socket($port, SSL => 1, npn => 'h2'); $s = Test::Nginx::HTTP2->new($port, socket => $sock) if $sock->next_proto_negotiated(); }; return $s; } ###############################################################################