# HG changeset patch # User Sergey Kandaurov # Date 1501500278 -10800 # Node ID cd153f1bbaad5c8493cd23092024a5b3ec7b598e # Parent 155573499f20d9467fec87fb676032db0b837632 Tests: simplified stream_ssl_preread.t by not using http backends. diff --git a/stream_ssl_preread.t b/stream_ssl_preread.t --- a/stream_ssl_preread.t +++ b/stream_ssl_preread.t @@ -16,6 +16,7 @@ BEGIN { use FindBin; chdir($FindBin::Bin use lib 'lib'; use Test::Nginx; +use Test::Nginx::Stream qw/ stream /; ############################################################################### @@ -23,7 +24,7 @@ select STDERR; $| = 1; select STDOUT; $| = 1; my $t = Test::Nginx->new()->has(qw/stream stream_map stream_ssl_preread/) - ->has(qw/http http_ssl stream_ssl stream_return/)->has_daemon('openssl') + ->has(qw/stream_ssl stream_return/)->has_daemon('openssl') ->write_file_expand('nginx.conf', <<'EOF'); %%TEST_GLOBALS%% @@ -53,22 +54,18 @@ stream { server { listen 127.0.0.1:8080; - proxy_pass $name; + return $name; } server { listen 127.0.0.1:8081; proxy_pass $name; - ssl_preread off; } - ssl_certificate_key localhost.key; - ssl_certificate localhost.crt; - server { - listen 127.0.0.1:8082 ssl; + listen 127.0.0.1:8082; proxy_pass $name; - proxy_ssl on; + ssl_preread off; } server { @@ -81,15 +78,6 @@ stream { access_log %%TESTDIR%%/status.log status; } - server { - listen 127.0.0.1:8084; - return $ssl_preread_server_name; - } -} - -http { - %%TEST_GLOBALS_HTTP%% - ssl_certificate_key localhost.key; ssl_certificate localhost.crt; @@ -97,11 +85,8 @@ http { listen 127.0.0.1:8091 ssl; listen 127.0.0.1:8092 ssl; listen 127.0.0.1:8093 ssl; - server_name localhost; - - location / { - add_header X-Port $server_port always; - } + ssl_preread off; + return $server_port; } } @@ -150,23 +135,22 @@ foreach my $name ('localhost') { my ($p1, $p2, $p3) = (port(8091), port(8092), port(8093)); -like(https_get_host('foo'), qr/$p1/, 'sni'); -like(https_get_host('foo'), qr/$p1/, 'sni again'); +is(get_ssl('foo', 8081), $p1, 'sni'); +is(get_ssl('foo', 8081), $p1, 'sni again'); -like(https_get_host('bar'), qr/$p2/, 'sni 2'); -like(https_get_host('bar'), qr/$p2/, 'sni 2 again'); +is(get_ssl('bar', 8081), $p2, 'sni 2'); +is(get_ssl('bar', 8081), $p2, 'sni 2 again'); # fallback to an empty value for some reason -like(https_get_host('foo', ''), qr/$p3/, 'no sni'); -like(https_get_host('foo', 'foo', 8081), qr/$p3/, 'no preread'); -like(https_get_host('foo', 'foo', 8082), qr/$p3/, 'no handshake'); - -is(https_get_host('foo', 'foo', 8083), undef, 'preread buffer full'); +is(get_ssl('', 8081), $p3, 'no sni'); +is(get_ssl('foo', 8082), $p3, 'preread off'); +is(get_ssl('foo', 8083), undef, 'preread buffer full'); +is(stream()->io('x' x 1000), "127.0.0.1:$p3", 'not a handshake'); # no junk in variable due to short ClientHello length value -is(get_short(), '', 'short client hello'); +is(get_short(), "127.0.0.1:$p3", 'short client hello'); # allow record with older SSL version, such as 3.0 @@ -184,74 +168,34 @@ is($t->read_file('status.log'), "400\n", ############################################################################### sub get_short { - my $s; - - eval { - local $SIG{ALRM} = sub { die "timeout\n" }; - local $SIG{PIPE} = sub { die "sigpipe\n" }; - alarm(2); - $s = IO::Socket::INET->new( - Proto => 'tcp', - PeerAddr => '127.0.0.1:' . port(8084), - ); - alarm(0); - }; - alarm(0); - - if ($@) { - log_in("died: $@"); - return undef; - } - my $r = pack("N*", 0x16030100, 0x38010000, 0x330303eb); $r .= pack("N*", 0x6357cdba, 0xa6b8d853, 0xf1f6ac0f); $r .= pack("N*", 0xdf03178c, 0x0ae41824, 0xe7643682); $r .= pack("N*", 0x3c1b273f, 0xbfde4b00, 0x00000000); $r .= pack("CN3", 0x0c, 0x00000008, 0x00060000, 0x03666f6f); - http($r, socket => $s); + http($r); } sub get_oldver { - my $s; - - eval { - local $SIG{ALRM} = sub { die "timeout\n" }; - local $SIG{PIPE} = sub { die "sigpipe\n" }; - alarm(2); - $s = IO::Socket::INET->new( - Proto => 'tcp', - PeerAddr => '127.0.0.1:' . port(8084), - ); - alarm(0); - }; - alarm(0); - - if ($@) { - log_in("died: $@"); - return undef; - } - my $r = pack("N*", 0x16030000, 0x38010000, 0x340303eb); $r .= pack("N*", 0x6357cdba, 0xa6b8d853, 0xf1f6ac0f); $r .= pack("N*", 0xdf03178c, 0x0ae41824, 0xe7643682); $r .= pack("N*", 0x3c1b273f, 0xbfde4b00, 0x00000000); $r .= pack("CN3", 0x0c, 0x00000008, 0x00060000, 0x03666f6f); - http($r, socket => $s); + http($r); } -sub get_ssl_socket { +sub get_ssl { my ($host, $port) = @_; - my $s; + my $s = stream("127.0.0.1:$port"); eval { local $SIG{ALRM} = sub { die "timeout\n" }; local $SIG{PIPE} = sub { die "sigpipe\n" }; alarm(2); - $s = IO::Socket::SSL->new( - Proto => 'tcp', - PeerAddr => '127.0.0.1:' . port($port || 8080), + IO::Socket::SSL->start_SSL($s->{_socket}, SSL_hostname => $host, SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), SSL_error_trap => sub { die $_[1] } @@ -265,18 +209,7 @@ sub get_ssl_socket { return undef; } - return $s; -} - -sub https_get_host { - my ($host, $sni, $port) = @_; - my $s = get_ssl_socket(defined $sni ? $sni : $host, $port) or return; - - return http(< $s); -GET / HTTP/1.0 -Host: $host - -EOF + return $s->read(); } ###############################################################################