# HG changeset patch # User Sergey Kandaurov # Date 1485181775 -10800 # Node ID 3e2af4dedd9c960009fe21d19dc50008621f70e2 # Parent 8ef51dbb5d691ac27803f2f487228cfe11088a5d Tests: ssl_verify_depth.t cleanup. Run only basic tests that don't depend on OpenSSL error codes or version. diff --git a/ssl_verify_depth.t b/ssl_verify_depth.t --- a/ssl_verify_depth.t +++ b/ssl_verify_depth.t @@ -28,7 +28,7 @@ eval { IO::Socket::SSL::SSL_VERIFY_NONE( plan(skip_all => 'IO::Socket::SSL too old') if $@; my $t = Test::Nginx->new()->has(qw/http http_ssl/) - ->has_daemon('openssl')->plan(7); + ->has_daemon('openssl')->plan(2); $t->write_file_expand('nginx.conf', <<'EOF'); @@ -45,7 +45,7 @@ http { ssl_certificate_key localhost.key; ssl_certificate localhost.crt; - ssl_verify_client optional_no_ca; + ssl_verify_client on; ssl_client_certificate int-root.crt; add_header X-Verify $ssl_client_verify; @@ -55,18 +55,6 @@ http { server_name localhost; ssl_verify_depth 0; } - - server { - listen 127.0.0.1:8081 ssl; - server_name localhost; - ssl_verify_depth 1; - } - - server { - listen 127.0.0.1:8082 ssl; - server_name localhost; - ssl_verify_depth 2; - } } EOF @@ -140,22 +128,8 @@ system("openssl ca -batch -config '$d/ca ############################################################################### -like(get(8080, 'end'), qr/FAILED/, 'verify depth 2 max 0'); - -TODO: { -local $TODO = 'not yet'; - -like(get(8081, 'end'), qr/FAILED/, 'verify depth 2 max 1'); - -} - -like(get(8082, 'end'), qr/SUCCESS/, 'verify depth 2 max 2'); - -like(get(8080, 'int'), qr/FAILED/, 'verify depth 1 max 0'); -like(get(8081, 'int'), qr/SUCCESS/, 'verify depth 1 max 1'); -like(get(8082, 'int'), qr/SUCCESS/, 'verify depth 1 max 2'); - -like(get(8080, 'root'), qr/SUCCESS/, 'verify depth 0 max 0'); +like(get(8080, 'root'), qr/SUCCESS/, 'verify depth'); +like(get(8080, 'end'), qr/400 Bad Request/, 'verify depth limited'); ###############################################################################