Mercurial > hg > nginx-tests
view access.t @ 1974:b5036a0f9ae0 default tip
Tests: improved compatibility when using recent "openssl" app.
Starting with OpenSSL 3.0, "openssl genrsa" generates encrypted keys
in PKCS#8 format instead of previously used PKCS#1 format. Further,
since OpenSSL 1.1.0 such keys are using PBKDF2 hmacWithSHA256.
Such keys are not supported by old SSL libraries, notably by OpenSSL
before 1.0.0 (OpenSSL 0.9.8 only supports hmacWithSHA1) and by BoringSSL
before May 21, 2019 (support for hmacWithSHA256 was added in 302a4dee6c),
and trying to load such keys into nginx compiled with an old SSL library
results in "unsupported prf" errors.
To facilitate testing with old SSL libraries, keys are now generated
with "openssl genrsa -traditional" if the flag is available.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 06 May 2024 00:04:26 +0300 |
parents | fcd65708672d |
children |
line wrap: on
line source
#!/usr/bin/perl # (C) Sergey Kandaurov # Tests for nginx access module. # At the moment only the new "unix:" syntax is tested (cf "all"). ############################################################################### use warnings; use strict; use Test::More; BEGIN { use FindBin; chdir($FindBin::Bin); } use lib 'lib'; use Test::Nginx; ############################################################################### select STDERR; $| = 1; select STDOUT; $| = 1; my $t = Test::Nginx->new()->has(qw/http proxy access unix/); $t->write_file_expand('nginx.conf', <<'EOF'); %%TEST_GLOBALS%% daemon off; events { } http { %%TEST_GLOBALS_HTTP%% server { listen 127.0.0.1:8080; server_name localhost; location /inet/ { proxy_pass http://127.0.0.1:8081/; } location /inet6/ { proxy_pass http://[::1]:%%PORT_8081%%/; } location /unix/ { proxy_pass http://unix:%%TESTDIR%%/unix.sock:/; } } server { listen 127.0.0.1:8081; listen [::1]:%%PORT_8081%%; listen unix:%%TESTDIR%%/unix.sock; location /allow_all { allow all; } location /allow_unix { allow unix:; } location /deny_all { deny all; } location /deny_unix { deny unix:; } } } EOF $t->try_run('no inet6 support')->plan(12); ############################################################################### # tests with inet socket like(http_get('/inet/allow_all'), qr/404 Not Found/, 'inet allow all'); like(http_get('/inet/allow_unix'), qr/404 Not Found/, 'inet allow unix'); like(http_get('/inet/deny_all'), qr/403 Forbidden/, 'inet deny all'); like(http_get('/inet/deny_unix'), qr/404 Not Found/, 'inet deny unix'); # tests with inet6 socket like(http_get('/inet6/allow_all'), qr/404 Not Found/, 'inet6 allow all'); like(http_get('/inet6/allow_unix'), qr/404 Not Found/, 'inet6 allow unix'); like(http_get('/inet6/deny_all'), qr/403 Forbidden/, 'inet6 deny all'); like(http_get('/inet6/deny_unix'), qr/404 Not Found/, 'inet6 deny unix'); # tests with unix socket like(http_get('/unix/allow_all'), qr/404 Not Found/, 'unix allow all'); like(http_get('/unix/allow_unix'), qr/404 Not Found/, 'unix allow unix'); like(http_get('/unix/deny_all'), qr/403 Forbidden/, 'unix deny all'); like(http_get('/unix/deny_unix'), qr/403 Forbidden/, 'unix deny unix'); ###############################################################################