Mercurial > hg > nginx-tests

changeset 1457:80911c4fe023

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: loading "data:..." certificates with perl module.
author Sergey Kandaurov <pluknet@nginx.com>
date Wed, 27 Mar 2019 15:10:50 +0300
parents f4ae08adc23f
children e95133e85798
files ssl_certificate_perl.t
diffstat 1 files changed, 134 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
new file mode 100644
--- /dev/null
+++ b/ssl_certificate_perl.t
@@ -0,0 +1,134 @@
+#!/usr/bin/perl
+
+# (C) Sergey Kandaurov
+# (C) Nginx, Inc.
+
+# Tests for http ssl module, loading certificates from memory with perl module.
+
+###############################################################################
+
+use warnings;
+use strict;
+
+use Test::More;
+
+use Socket;
+
+BEGIN { use FindBin; chdir($FindBin::Bin); }
+
+use lib 'lib';
+use Test::Nginx;
+
+###############################################################################
+
+select STDERR; $| = 1;
+select STDOUT; $| = 1;
+
+eval {
+	require Net::SSLeay;
+	Net::SSLeay::load_error_strings();
+	Net::SSLeay::SSLeay_add_ssl_algorithms();
+	Net::SSLeay::randomize();
+};
+plan(skip_all => 'Net::SSLeay not installed') if $@;
+
+eval {
+	my $ctx = Net::SSLeay::CTX_new() or die;
+	my $ssl = Net::SSLeay::new($ctx) or die;
+	Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die;
+};
+plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@;
+
+my $t = Test::Nginx->new()->has(qw/http http_ssl perl/)->has_daemon('openssl');
+
+$t->{_configure_args} =~ /OpenSSL ([\d\.]+)/;
+plan(skip_all => 'OpenSSL too old') unless defined $1 and $1 ge '1.0.2';
+
+$t->write_file_expand('nginx.conf', <<'EOF');
+
+%%TEST_GLOBALS%%
+
+daemon off;
+
+events {
+}
+
+http {
+    %%TEST_GLOBALS_HTTP%%
+
+    perl_set $pem '
+        sub {
+            my $r = shift;
+            local $/;
+            my $sni = $r->variable("ssl_server_name");
+            open my $fh, "<", "%%TESTDIR%%/$sni.crt";
+            my $content = <$fh>;
+            close $fh;
+            return $content;
+        }
+    ';
+
+    server {
+        listen       127.0.0.1:8080 ssl;
+        server_name  localhost;
+
+        ssl_certificate data:$pem;
+        ssl_certificate_key data:$pem;
+    }
+}
+
+EOF
+
+$t->write_file('openssl.conf', <<EOF);
+[ req ]
+default_bits = 1024
+encrypt_key = no
+distinguished_name = req_distinguished_name
+[ req_distinguished_name ]
+EOF
+
+my $d = $t->testdir();
+
+foreach my $name ('one', 'two') {
+	system('openssl req -x509 -new '
+		. "-config $d/openssl.conf -subj /CN=$name/ "
+		. "-out $d/$name.crt -keyout $d/$name.crt "
+		. ">>$d/openssl.out 2>&1") == 0
+		or die "Can't create certificate for $name: $!\n";
+}
+
+$t->try_run('no ssl_certificate variables')->plan(2);
+
+###############################################################################
+
+like(cert('one', 8080), qr/CN=one/, 'certificate');
+like(cert('two', 8080), qr/CN=two/, 'certificate 2');
+
+###############################################################################
+
+sub cert {
+	my ($host, $port) = @_;
+	my ($s, $ssl) = get_ssl_socket($host, $port) or return;
+	Net::SSLeay::dump_peer_certificate($ssl);
+}
+
+sub get_ssl_socket {
+	my ($host, $port) = @_;
+	my $s;
+
+	my $dest_ip = inet_aton('127.0.0.1');
+	$port = port($port);
+	my $dest_serv_params = sockaddr_in($port, $dest_ip);
+
+	socket($s, &AF_INET, &SOCK_STREAM, 0) or die "socket: $!";
+	connect($s, $dest_serv_params) or die "connect: $!";
+
+	my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!");
+	my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!");
+	Net::SSLeay::set_tlsext_host_name($ssl, $host);
+	Net::SSLeay::set_fd($ssl, fileno($s));
+	Net::SSLeay::connect($ssl) or die("ssl connect");
+	return ($s, $ssl);
+}
+
+###############################################################################