Mercurial > hg > nginx-tests
annotate uwsgi_ssl.t @ 1851:0351dee227a8
Tests: unbreak tests with dynamic certificates on stable.
In 74cffa9d4c43, ticket based session reuse is enabled in addition to
using a shared SSL session cache. This changed how a session can be
resumed in a different server:
- for a session ID based resumption, it is resumed in the same context
- when using session tickets, a key name is also checked for matching
- with a ticket callback, this is skipped in favor of callback's logic
This makes 'session id context match' tests fail with session tickets
on stable since ticket key names are unique in distinct SSL contexts.
On the other hand, tests pass on 1.23.2+ due to automatic ticket keys
rotation that installs ticket callback, and using a common shared SSL
session cache.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 28 Mar 2023 01:36:32 +0400 |
parents | 5ac6efbe5552 |
children | 1b9f21836f57 |
rev | line source |
---|---|
1575 | 1 #!/usr/bin/perl |
2 | |
3 # (C) Maxim Dounin | |
4 # (C) Nginx, Inc. | |
5 | |
6 # Test for uwsgi backend with SSL. | |
7 | |
8 ############################################################################### | |
9 | |
10 use warnings; | |
11 use strict; | |
12 | |
13 use Test::More; | |
14 use Socket qw/ CRLF /; | |
15 | |
16 BEGIN { use FindBin; chdir($FindBin::Bin); } | |
17 | |
18 use lib 'lib'; | |
19 use Test::Nginx; | |
20 | |
21 ############################################################################### | |
22 | |
23 select STDERR; $| = 1; | |
24 select STDOUT; $| = 1; | |
25 | |
26 my $t = Test::Nginx->new()->has(qw/http uwsgi http_ssl/) | |
27 ->has_daemon('uwsgi')->has_daemon('openssl')->plan(7) | |
28 ->write_file_expand('nginx.conf', <<'EOF'); | |
29 | |
30 %%TEST_GLOBALS%% | |
31 | |
32 daemon off; | |
33 | |
34 events { | |
35 } | |
36 | |
37 http { | |
38 %%TEST_GLOBALS_HTTP%% | |
39 | |
40 upstream u { | |
41 server 127.0.0.1:8081; | |
42 } | |
43 | |
44 server { | |
45 listen 127.0.0.1:8080; | |
46 server_name localhost; | |
47 | |
48 location / { | |
49 uwsgi_pass suwsgi://127.0.0.1:8081; | |
50 uwsgi_param SERVER_PROTOCOL $server_protocol; | |
51 uwsgi_param HTTP_X_BLAH "blah"; | |
52 uwsgi_pass_request_body off; | |
53 } | |
54 | |
55 location /var { | |
56 uwsgi_pass suwsgi://$arg_b; | |
57 uwsgi_param SERVER_PROTOCOL $server_protocol; | |
58 } | |
59 } | |
60 } | |
61 | |
62 EOF | |
63 | |
64 $t->write_file('openssl.conf', <<EOF); | |
65 [ req ] | |
66 default_bits = 2048 | |
67 encrypt_key = no | |
68 distinguished_name = req_distinguished_name | |
69 [ req_distinguished_name ] | |
70 EOF | |
71 | |
72 my $d = $t->testdir(); | |
73 my $crt = "$d/uwsgi.crt"; | |
74 my $key = "$d/uwsgi.key"; | |
75 | |
76 foreach my $name ('uwsgi') { | |
77 system('openssl req -x509 -new ' | |
78 . "-config $d/openssl.conf -subj /CN=$name/ " | |
79 . "-out $d/$name.crt -keyout $d/$name.key " | |
80 . ">>$d/openssl.out 2>&1") == 0 | |
81 or die "Can't create certificate for $name: $!\n"; | |
82 } | |
83 | |
84 $t->write_file('uwsgi_test_app.py', <<END); | |
85 | |
86 def application(env, start_response): | |
87 start_response('200 OK', [('Content-Type','text/plain')]) | |
88 return b"SEE-THIS" | |
89 | |
90 END | |
91 | |
92 my $uwsgihelp = `uwsgi -h`; | |
93 my @uwsgiopts = (); | |
94 | |
95 if ($uwsgihelp !~ /--wsgi-file/) { | |
96 # uwsgi has no python support, maybe plugin load is necessary | |
97 push @uwsgiopts, '--plugin', 'python'; | |
1598
f069dd7ba5a7
Tests: compatibility with uwsgi python package on Fedora Linux.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1575
diff
changeset
|
98 push @uwsgiopts, '--plugin', 'python3'; |
1575 | 99 } |
100 | |
1598
f069dd7ba5a7
Tests: compatibility with uwsgi python package on Fedora Linux.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1575
diff
changeset
|
101 open OLDERR, ">&", \*STDERR; close STDERR; |
1575 | 102 $t->run_daemon('uwsgi', @uwsgiopts, |
103 '--ssl-socket', '127.0.0.1:' . port(8081) . ",$crt,$key", | |
104 '--wsgi-file', $d . '/uwsgi_test_app.py', | |
105 '--logto', $d . '/uwsgi_log'); | |
1598
f069dd7ba5a7
Tests: compatibility with uwsgi python package on Fedora Linux.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1575
diff
changeset
|
106 open STDERR, ">&", \*OLDERR; |
1575 | 107 |
108 $t->run(); | |
109 | |
110 $t->waitforsocket('127.0.0.1:' . port(8081)) | |
111 or die "Can't start uwsgi"; | |
112 | |
113 ############################################################################### | |
114 | |
115 like(http_get('/'), qr/SEE-THIS/, 'uwsgi request'); | |
116 like(http_head('/head'), qr/200 OK(?!.*SEE-THIS)/s, 'no data in HEAD'); | |
117 | |
118 like(http_get_headers('/headers'), qr/SEE-THIS/, | |
119 'uwsgi request with many ignored headers'); | |
120 | |
121 like(http_get('/var?b=127.0.0.1:' . port(8081)), qr/SEE-THIS/, | |
122 'uwsgi with variables'); | |
123 like(http_get('/var?b=u'), qr/SEE-THIS/, 'uwsgi with variables to upstream'); | |
124 | |
125 like(http_post('/'), qr/SEE-THIS/, 'uwsgi post'); | |
126 like(http_post_big('/'), qr/SEE-THIS/, 'uwsgi big post'); | |
127 | |
128 ############################################################################### | |
129 | |
130 sub http_get_headers { | |
131 my ($url, %extra) = @_; | |
132 return http(<<EOF, %extra); | |
133 GET $url HTTP/1.0 | |
134 Host: localhost | |
135 X-Blah: ignored header | |
136 X-Blah: ignored header | |
137 X-Blah: ignored header | |
138 X-Blah: ignored header | |
139 X-Blah: ignored header | |
140 X-Blah: ignored header | |
141 X-Blah: ignored header | |
142 X-Blah: ignored header | |
143 X-Blah: ignored header | |
144 X-Blah: ignored header | |
145 X-Blah: ignored header | |
146 X-Blah: ignored header | |
147 X-Blah: ignored header | |
148 X-Blah: ignored header | |
149 X-Blah: ignored header | |
150 X-Blah: ignored header | |
151 X-Blah: ignored header | |
152 X-Blah: ignored header | |
153 X-Blah: ignored header | |
154 | |
155 EOF | |
156 } | |
157 | |
158 sub http_post { | |
159 my ($url, %extra) = @_; | |
160 | |
161 my $p = "POST $url HTTP/1.0" . CRLF . | |
162 "Host: localhost" . CRLF . | |
163 "Content-Length: 10" . CRLF . | |
164 CRLF . | |
165 "1234567890"; | |
166 | |
167 return http($p, %extra); | |
168 } | |
169 | |
170 sub http_post_big { | |
171 my ($url, %extra) = @_; | |
172 | |
173 my $p = "POST $url HTTP/1.0" . CRLF . | |
174 "Host: localhost" . CRLF . | |
175 "Content-Length: 10240" . CRLF . | |
176 CRLF . | |
177 ("1234567890" x 1024); | |
178 | |
179 return http($p, %extra); | |
180 } | |
181 | |
182 ############################################################################### |