Mercurial > hg > nginx-tests
view stream_ssl_alpn.t @ 1961:fe6f22da53ec default tip
Tests: tests for usage of discarded body.
The client_max_body_size limit should be ignored when the request body
is already discarded. In HTTP/1.x, this is done by checking the
r->discard_body flag when the body is being discarded, and because
r->headers_in.content_length_n is 0 when it's already discarded. This,
however, does not happen with HTTP/2 and HTTP/3, and therefore
"error_page 413" does not work without relaxing the limit.
Further, with proxy_pass, r->headers_in.content_length_n is used to determine
length of the request body, and therefore is not correct if discarding of
the request body isn't yet complete. While discarding the request body,
r->headers_in.content_length_n contains the rest of the body to discard
(or, in case of chunked request body, the rest of the current chunk to
discard).
Similarly, the $content_length variable uses r->headers_in.content_length
if available, and also incorrect. The $content_length variable is used
when proxying with fastcgi_pass, grpc_pass, and uwsgi_pass (scgi_pass uses
the value calculated based on the actual request body buffers, and therefore
works correctly).
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Sat, 27 Apr 2024 18:55:50 +0300 |
parents | 2a0a6035a1af |
children |
line wrap: on
line source
#!/usr/bin/perl # (C) Sergey Kandaurov # (C) Nginx, Inc. # Tests for stream ssl_alpn directive. ############################################################################### use warnings; use strict; use Test::More; BEGIN { use FindBin; chdir($FindBin::Bin); } use lib 'lib'; use Test::Nginx; use Test::Nginx::Stream qw/ stream /; ############################################################################### select STDERR; $| = 1; select STDOUT; $| = 1; my $t = Test::Nginx->new() ->has(qw/stream stream_ssl stream_return socket_ssl_alpn/) ->has_daemon('openssl') ->write_file_expand('nginx.conf', <<'EOF'); %%TEST_GLOBALS%% daemon off; events { } stream { %%TEST_GLOBALS_STREAM%% log_format test $status; access_log %%TESTDIR%%/test.log test; ssl_certificate_key localhost.key; ssl_certificate localhost.crt; server { listen 127.0.0.1:8080 ssl; return "X $ssl_alpn_protocol X"; ssl_alpn first second; } } EOF $t->write_file('openssl.conf', <<EOF); [ req ] default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ] EOF my $d = $t->testdir(); foreach my $name ('localhost') { system('openssl req -x509 -new ' . "-config $d/openssl.conf -subj /CN=$name/ " . "-out $d/$name.crt -keyout $d/$name.key " . ">>$d/openssl.out 2>&1") == 0 or die "Can't create certificate for $name: $!\n"; } $t->run()->plan(6); ############################################################################### is(get_ssl('first'), 'X first X', 'alpn match'); is(get_ssl('wrong', 'first'), 'X first X', 'alpn many'); is(get_ssl('wrong', 'second'), 'X second X', 'alpn second'); is(get_ssl(), 'X X', 'no alpn'); SKIP: { skip 'LibreSSL too old', 2 if $t->has_module('LibreSSL') and not $t->has_feature('libressl:3.4.0'); skip 'OpenSSL too old', 2 if $t->has_module('OpenSSL') and not $t->has_feature('openssl:1.1.0'); ok(!get_ssl('wrong'), 'alpn mismatch'); $t->stop(); like($t->read_file('test.log'), qr/500$/, 'alpn mismatch - log'); } ############################################################################### sub get_ssl { my (@alpn) = @_; my $s = stream( PeerAddr => '127.0.0.1:' . port(8080), SSL => 1, SSL_alpn_protocols => [ @alpn ] ); return $s->read(); } ###############################################################################