# HG changeset patch
# User Sergey Kandaurov <pluknet@nginx.com>
# Date 1539099181 -10800
# Node ID cb1346b553aa90775a12723e34da476b7bbd27e4
# Parent  97c8280de68137d6e00b4ce1ecf0a274287fef75
Tests: simple https tests merged back.

diff --git a/ssl.t b/ssl.t
--- a/ssl.t
+++ b/ssl.t
@@ -31,7 +31,7 @@ eval { IO::Socket::SSL::SSL_VERIFY_NONE(
 plan(skip_all => 'IO::Socket::SSL too old') if $@;
 
 my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite proxy/)
-	->has_daemon('openssl')->plan(21);
+	->has_daemon('openssl')->plan(23);
 
 $t->write_file_expand('nginx.conf', <<'EOF');
 
@@ -68,6 +68,9 @@ http {
         location /cipher {
             return 200 "body $ssl_cipher";
         }
+        location /ciphers {
+            return 200 "body $ssl_ciphers";
+        }
         location /client_verify {
             return 200 "body $ssl_client_verify";
         }
@@ -75,10 +78,13 @@ http {
             return 200 "body $ssl_protocol";
         }
         location /issuer {
-            return 200 "body $ssl_client_i_dn";
+            return 200 "body $ssl_client_i_dn:$ssl_client_i_dn_legacy";
         }
         location /subject {
-            return 200 "body $ssl_client_s_dn";
+            return 200 "body $ssl_client_s_dn:$ssl_client_s_dn_legacy";
+        }
+        location /time {
+            return 200 "body $ssl_client_v_start!$ssl_client_v_end!$ssl_client_v_remain";
         }
 
         location /body {
@@ -241,10 +247,12 @@ like(get('/', 8081), qr/^body \.$/m, 'se
 like(get('/id', 8085), qr/^body \w{64}$/m, 'session id');
 unlike(http_get('/id'), qr/body \w/, 'session id no ssl');
 like(get('/cipher', 8085), qr/^body [\w-]+$/m, 'cipher');
+like(get('/ciphers', 8085), qr/^body [:\w-]+$/m, 'ciphers');
 like(get('/client_verify', 8085), qr/^body NONE$/m, 'client verify');
 like(get('/protocol', 8085), qr/^body (TLS|SSL)v(\d|\.)+$/m, 'protocol');
-like(cert('/issuer', 8085), qr!^body CN=issuer$!m, 'issuer');
-like(cert('/subject', 8085), qr!^body CN=subject$!m, 'subject');
+like(cert('/issuer', 8085), qr!^body CN=issuer:/CN=issuer$!m, 'issuer');
+like(cert('/subject', 8085), qr!^body CN=subject:/CN=subject$!m, 'subject');
+like(cert('/time', 8085), qr/^body [:\s\w]+![:\s\w]+![23]$/m, 'time');
 
 # c->read->ready handling bug in ngx_ssl_recv(), triggered with chunked body
 
diff --git a/ssl2.t b/ssl2.t
deleted file mode 100644
--- a/ssl2.t
+++ /dev/null
@@ -1,173 +0,0 @@
-#!/usr/bin/perl
-
-# (C) Sergey Kandaurov
-# (C) Andrey Zelenkov
-# (C) Nginx, Inc.
-
-# Tests for http ssl module.
-
-###############################################################################
-
-use warnings;
-use strict;
-
-use Test::More;
-
-BEGIN { use FindBin; chdir($FindBin::Bin); }
-
-use lib 'lib';
-use Test::Nginx;
-
-###############################################################################
-
-select STDERR; $| = 1;
-select STDOUT; $| = 1;
-
-eval { require IO::Socket::SSL; };
-plan(skip_all => 'IO::Socket::SSL not installed') if $@;
-eval { IO::Socket::SSL::SSL_VERIFY_NONE(); };
-plan(skip_all => 'IO::Socket::SSL too old') if $@;
-
-my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite/)
-	->has_daemon('openssl');
-
-$t->write_file_expand('nginx.conf', <<'EOF');
-
-%%TEST_GLOBALS%%
-
-daemon off;
-
-events {
-}
-
-http {
-    %%TEST_GLOBALS_HTTP%%
-
-    ssl_certificate_key localhost.key;
-    ssl_certificate localhost.crt;
-    ssl_verify_client optional_no_ca;
-
-    server {
-        listen       127.0.0.1:8080 ssl;
-        server_name  localhost;
-
-        location /ciphers {
-            return 200 "body $ssl_ciphers";
-        }
-        location /issuer {
-            return 200 "body $ssl_client_i_dn_legacy";
-        }
-        location /subject {
-            return 200 "body $ssl_client_s_dn_legacy";
-        }
-        location /time {
-            return 200 "body $ssl_client_v_start!$ssl_client_v_end!$ssl_client_v_remain";
-        }
-    }
-}
-
-EOF
-
-$t->write_file('openssl.conf', <<EOF);
-[ req ]
-default_bits = 1024
-encrypt_key = no
-distinguished_name = req_distinguished_name
-[ req_distinguished_name ]
-EOF
-
-my $d = $t->testdir();
-
-$t->write_file('ca.conf', <<EOF);
-[ ca ]
-default_ca = myca
-
-[ myca ]
-new_certs_dir = $d
-database = $d/certindex
-default_md = sha1
-policy = myca_policy
-serial = $d/certserial
-default_days = 3
-
-[ myca_policy ]
-commonName = supplied
-EOF
-
-$t->write_file('certserial', '1000');
-$t->write_file('certindex', '');
-
-system('openssl req -x509 -new '
-	. "-config $d/openssl.conf -subj /CN=issuer/ "
-	. "-out $d/issuer.crt -keyout $d/issuer.key "
-	. ">>$d/openssl.out 2>&1") == 0
-	or die "Can't create certificate for issuer: $!\n";
-
-system("openssl req -new "
-	. "-config $d/openssl.conf -subj /CN=subject/ "
-	. "-out $d/subject.csr -keyout $d/subject.key "
-	. ">>$d/openssl.out 2>&1") == 0
-	or die "Can't create certificate for subject: $!\n";
-
-system("openssl ca -batch -config $d/ca.conf "
-	. "-keyfile $d/issuer.key -cert $d/issuer.crt "
-	. "-subj /CN=subject/ -in $d/subject.csr -out $d/subject.crt "
-	. ">>$d/openssl.out 2>&1") == 0
-	or die "Can't sign certificate for subject: $!\n";
-
-foreach my $name ('localhost') {
-	system('openssl req -x509 -new '
-		. "-config $d/openssl.conf -subj /CN=$name/ "
-		. "-out $d/$name.crt -keyout $d/$name.key "
-		. ">>$d/openssl.out 2>&1") == 0
-		or die "Can't create certificate for $name: $!\n";
-}
-
-$t->run()->plan(4);
-
-###############################################################################
-
-like(get('/ciphers'), qr/^body [:\w-]+$/m, 'ciphers');
-like(get('/issuer'), qr!^body /CN=issuer$!m, 'issuer');
-like(get('/subject'), qr!^body /CN=subject$!m, 'subject');
-like(get('/time'), qr/^body [:\s\w]+![:\s\w]+![23]$/m, 'time');
-
-###############################################################################
-
-sub get {
-	my ($uri) = @_;
-	my $s = get_ssl_socket() or return;
-	http_get($uri, socket => $s);
-}
-
-sub get_ssl_socket {
-	my (%extra) = @_;
-	my $s;
-
-	eval {
-		local $SIG{ALRM} = sub { die "timeout\n" };
-		local $SIG{PIPE} = sub { die "sigpipe\n" };
-		alarm(2);
-		$s = IO::Socket::SSL->new(
-			Proto => 'tcp',
-			PeerAddr => '127.0.0.1',
-			PeerPort => port(8080),
-			SSL_cert_file => "$d/subject.crt",
-			SSL_key_file => "$d/subject.key",
-			SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
-			SSL_error_trap => sub { die $_[1] },
-			%extra
-		);
-		alarm(0);
-	};
-	alarm(0);
-
-	if ($@) {
-		log_in("died: $@");
-		return undef;
-	}
-
-	return $s;
-}
-
-###############################################################################