Mercurial > hg > nginx-tests
annotate stream_proxy_protocol_ssl.t @ 1851:0351dee227a8
Tests: unbreak tests with dynamic certificates on stable.
In 74cffa9d4c43, ticket based session reuse is enabled in addition to
using a shared SSL session cache. This changed how a session can be
resumed in a different server:
- for a session ID based resumption, it is resumed in the same context
- when using session tickets, a key name is also checked for matching
- with a ticket callback, this is skipped in favor of callback's logic
This makes 'session id context match' tests fail with session tickets
on stable since ticket key names are unique in distinct SSL contexts.
On the other hand, tests pass on 1.23.2+ due to automatic ticket keys
rotation that installs ticket callback, and using a common shared SSL
session cache.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 28 Mar 2023 01:36:32 +0400 |
parents | f3ba4c74de31 |
children | cdcd75657e52 |
rev | line source |
---|---|
615
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for stream proxy module with haproxy protocol to ssl backend. |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 use Socket qw/ CR LF CRLF /; |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 BEGIN { use FindBin; chdir($FindBin::Bin); } |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 use lib 'lib'; |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 use Test::Nginx qw/ :DEFAULT http_end /; |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 ############################################################################### |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 select STDERR; $| = 1; |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 select STDOUT; $| = 1; |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 eval { require IO::Socket::SSL; }; |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 plan(skip_all => 'IO::Socket::SSL not installed') if $@; |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 |
1020
196d33c2bb45
Tests: removed TODO and try_run() checks for legacy versions.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
30 my $t = Test::Nginx->new()->has(qw/stream stream_ssl/)->has_daemon('openssl') |
196d33c2bb45
Tests: removed TODO and try_run() checks for legacy versions.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
31 ->plan(2); |
615
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 $t->write_file_expand('nginx.conf', <<'EOF'); |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 %%TEST_GLOBALS%% |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 daemon off; |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 events { |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 } |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 stream { |
1609
f3ba4c74de31
Tests: added TEST_GLOBALS_STREAM variable support.
Andrei Belov <defan@nginx.com>
parents:
1488
diff
changeset
|
43 %%TEST_GLOBALS_STREAM%% |
f3ba4c74de31
Tests: added TEST_GLOBALS_STREAM variable support.
Andrei Belov <defan@nginx.com>
parents:
1488
diff
changeset
|
44 |
615
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 proxy_ssl on; |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 proxy_protocol on; |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
49 listen 127.0.0.1:8080; |
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
50 proxy_pass 127.0.0.1:8081; |
615
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 } |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
54 listen 127.0.0.1:8082; |
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
55 proxy_pass 127.0.0.1:8083; |
615
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 proxy_protocol off; |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 } |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 } |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 EOF |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 $t->write_file('openssl.conf', <<EOF); |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 [ req ] |
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1220
diff
changeset
|
64 default_bits = 2048 |
615
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 encrypt_key = no |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 distinguished_name = req_distinguished_name |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 [ req_distinguished_name ] |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 EOF |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 my $d = $t->testdir(); |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 foreach my $name ('localhost') { |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 system('openssl req -x509 -new ' |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
74 . "-config $d/openssl.conf -subj /CN=$name/ " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
75 . "-out $d/$name.crt -keyout $d/$name.key " |
615
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 . ">>$d/openssl.out 2>&1") == 0 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 or die "Can't create certificate for $name: $!\n"; |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 } |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
80 $t->run_daemon(\&stream_daemon_ssl, port(8081), path => $d, pp => 1); |
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
81 $t->run_daemon(\&stream_daemon_ssl, port(8083), path => $d, pp => 0); |
1020
196d33c2bb45
Tests: removed TODO and try_run() checks for legacy versions.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
82 $t->run(); |
615
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
84 $t->waitforsocket('127.0.0.1:' . port(8081)); |
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
85 $t->waitforsocket('127.0.0.1:' . port(8083)); |
615
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 ############################################################################### |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
89 my $dp = port(8080); |
952
e9064d691790
Tests: converted tests to run in parallel.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
808
diff
changeset
|
90 |
e9064d691790
Tests: converted tests to run in parallel.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
808
diff
changeset
|
91 my %r = pp_get('test', '127.0.0.1:' . $dp); |
e9064d691790
Tests: converted tests to run in parallel.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
808
diff
changeset
|
92 is($r{'data'}, "PROXY TCP4 127.0.0.1 127.0.0.1 $r{'sp'} $dp" . CRLF . 'test', |
615
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 'protocol on'); |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
95 %r = pp_get('test', '127.0.0.1:' . port(8082)); |
615
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 is($r{'data'}, 'test', 'protocol off'); |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 ############################################################################### |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 sub pp_get { |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 my ($data, $peer) = @_; |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 my $s = http($data, socket => getconn($peer), start => 1); |
633 | 104 my $sockport = $s->sockport(); |
615
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 $data = http_end($s); |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 return ('data' => $data, 'sp' => $sockport); |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 } |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 sub getconn { |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 my $peer = shift; |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 my $s = IO::Socket::INET->new( |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 Proto => 'tcp', |
952
e9064d691790
Tests: converted tests to run in parallel.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
808
diff
changeset
|
113 PeerAddr => $peer |
615
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 ) |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 or die "Can't connect to nginx: $!\n"; |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 return $s; |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 } |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 ############################################################################### |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 sub stream_daemon_ssl { |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 my ($port, %extra) = @_; |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 my $d = $extra{path}; |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 my $pp = $extra{pp}; |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 my $server = IO::Socket::INET->new( |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 Proto => 'tcp', |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 LocalHost => "127.0.0.1:$port", |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 Listen => 5, |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 Reuse => 1 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
131 ) |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
132 or die "Can't create listening socket: $!\n"; |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
133 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 local $SIG{PIPE} = 'IGNORE'; |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
136 while (my $client = $server->accept()) { |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
137 my ($buffer, $data) = ('', ''); |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
138 $client->autoflush(1); |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
140 log2c("(new connection $client on $port)"); |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
141 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
142 # read no more than haproxy header of variable length |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
143 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
144 while ($pp) { |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
145 my $prev = $buffer; |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
146 $client->sysread($buffer, 1) or last; |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 $data .= $buffer; |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
148 last if $prev eq CR && $buffer eq LF; |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
149 } |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
150 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
151 log2i("$client $data"); |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
152 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
153 # would fail on waitforsocket |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
154 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
155 eval { |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
156 IO::Socket::SSL->start_SSL($client, |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
157 SSL_server => 1, |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
158 SSL_cert_file => "$d/localhost.crt", |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
159 SSL_key_file => "$d/localhost.key", |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
160 SSL_error_trap => sub { die $_[1] } |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
161 ); |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
162 }; |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
163 next if $@; |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
164 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
165 $client->sysread($buffer, 65536) or next; |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
166 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
167 log2i("$client $buffer"); |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
168 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
169 $data .= $buffer; |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
170 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
171 log2o("$client $data"); |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
172 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
173 $client->syswrite($data); |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
174 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
175 close $client; |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
176 } |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
177 } |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
178 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
179 sub log2i { Test::Nginx::log_core('|| <<', @_); } |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
180 sub log2o { Test::Nginx::log_core('|| >>', @_); } |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
181 sub log2c { Test::Nginx::log_core('||', @_); } |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
182 |
f27fb891503c
Tests: stream proxy protocol tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
183 ############################################################################### |