Mercurial > hg > nginx-tests
changeset 370:74cfe56c7b83
Tests: simple https tests.
Includes tests for $ssl_session_reused and $ssl_session_id variables.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Wed, 12 Feb 2014 13:02:50 +0400 |
parents | 4ac3588485f5 |
children | 6fb6fea36560 |
files | ssl.t |
diffstat | 1 files changed, 133 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
new file mode 100644 --- /dev/null +++ b/ssl.t @@ -0,0 +1,133 @@ +#!/usr/bin/perl + +# (C) Sergey Kandaurov +# (C) Nginx, Inc. + +# Tests for http ssl module. + +############################################################################### + +use warnings; +use strict; + +use Test::More; + +BEGIN { use FindBin; chdir($FindBin::Bin); } + +use lib 'lib'; +use Test::Nginx; + +############################################################################### + +select STDERR; $| = 1; +select STDOUT; $| = 1; + +eval { + require IO::Socket::SSL; +}; +plan(skip_all => 'IO::Socket::SSL not installed') if $@; + +my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite/) + ->has_daemon('openssl'); + +plan(skip_all => 'new syntax: "$ssl_session_reused"') + unless $t->has_version('1.5.11'); + +$t->plan(4)->write_file_expand('nginx.conf', <<'EOF'); + +%%TEST_GLOBALS%% + +daemon off; + +events { +} + +http { + %%TEST_GLOBALS_HTTP%% + + server { + listen 127.0.0.1:8443 ssl; + listen 127.0.0.1:8080; + server_name localhost; + + ssl_certificate_key localhost.key; + ssl_certificate localhost.crt; + ssl_session_cache shared:SSL:10m; + + location /reuse { + return 200 "body $ssl_session_reused"; + } + location /id { + return 200 "body $ssl_session_id"; + } + } +} + +EOF + +$t->write_file('openssl.conf', <<EOF); +[ req ] +default_bits = 2048 +encrypt_key = no +distinguished_name = req_distinguished_name +[ req_distinguished_name ] +EOF + +my $d = $t->testdir(); + +foreach my $name ('localhost') { + system('openssl req -x509 -new ' + . "-config '$d/openssl.conf' -subj '/CN=$name/' " + . "-out '$d/$name.crt' -keyout '$d/$name.key' " + . ">>$d/openssl.out 2>&1") == 0 + or die "Can't create certificate for $name: $!\n"; +} + +my $ctx = new IO::Socket::SSL::SSL_Context( + SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), + SSL_session_cache_size => 100); + +$t->run(); + +############################################################################### + +like(http_get('/reuse', socket => get_ssl_socket($ctx)), qr/^body \.$/m, + 'initial session'); +like(http_get('/reuse', socket => get_ssl_socket($ctx)), qr/^body r$/m, + 'session reused'); + +my ($sid) = http_get('/id', socket => get_ssl_socket($ctx)) =~ /^body (\w+)$/m; +is(length $sid, 64, 'session id'); + +unlike(http_get('/id'), qr/body \w/, 'session id no ssl'); + +############################################################################### + +sub get_ssl_socket { + my ($ctx) = @_; + my $s; + + eval { + local $SIG{ALRM} = sub { die "timeout\n" }; + local $SIG{PIPE} = sub { die "sigpipe\n" }; + alarm(2); + $s = IO::Socket::SSL->new( + Proto => 'tcp', + PeerAddr => '127.0.0.1:8443', + SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), + SSL_reuse_ctx => $ctx, + SSL_error_trap => sub { die $_[1] } + ); + alarm(0); + }; + alarm(0); + + if ($@) { + log_in("died: $@"); + return undef; + } + + return $s; +} + +###############################################################################