Mercurial > hg > nginx-tests
annotate uwsgi_ssl_verify.t @ 1851:0351dee227a8
Tests: unbreak tests with dynamic certificates on stable.
In 74cffa9d4c43, ticket based session reuse is enabled in addition to
using a shared SSL session cache. This changed how a session can be
resumed in a different server:
- for a session ID based resumption, it is resumed in the same context
- when using session tickets, a key name is also checked for matching
- with a ticket callback, this is skipped in favor of callback's logic
This makes 'session id context match' tests fail with session tickets
on stable since ticket key names are unique in distinct SSL contexts.
On the other hand, tests pass on 1.23.2+ due to automatic ticket keys
rotation that installs ticket callback, and using a common shared SSL
session cache.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 28 Mar 2023 01:36:32 +0400 |
parents | 31ea330ac360 |
children | 1b9f21836f57 |
rev | line source |
---|---|
1688
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Maxim Dounin |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Sergey Kandaurov |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 # (C) Nginx, Inc. |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 # Tests for uwsgi backend with SSL, backend certificate verification. |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 ############################################################################### |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use warnings; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 use strict; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 use Test::More; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 BEGIN { use FindBin; chdir($FindBin::Bin); } |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use lib 'lib'; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 use Test::Nginx; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 ############################################################################### |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDERR; $| = 1; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 select STDOUT; $| = 1; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 my $t = Test::Nginx->new()->has(qw/http http_ssl uwsgi/) |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 ->has_daemon('uwsgi')->has_daemon('openssl')->plan(6) |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 ->write_file_expand('nginx.conf', <<'EOF'); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 %%TEST_GLOBALS%% |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 daemon off; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 events { |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 } |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 http { |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 %%TEST_GLOBALS_HTTP%% |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 server { |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 listen 127.0.0.1:8080; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 server_name localhost; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 location /verify { |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 uwsgi_pass suwsgi://127.0.0.1:8081; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 uwsgi_ssl_name example.com; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 uwsgi_ssl_verify on; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 uwsgi_ssl_trusted_certificate 1.example.com.crt; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 } |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 location /wildcard { |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 uwsgi_pass suwsgi://127.0.0.1:8081; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 uwsgi_ssl_name foo.example.com; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 uwsgi_ssl_verify on; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 uwsgi_ssl_trusted_certificate 1.example.com.crt; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 } |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 location /fail { |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 uwsgi_pass suwsgi://127.0.0.1:8081; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 uwsgi_ssl_name no.match.example.com; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 uwsgi_ssl_verify on; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 uwsgi_ssl_trusted_certificate 1.example.com.crt; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 } |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 location /cn { |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 uwsgi_pass suwsgi://127.0.0.1:8082; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 uwsgi_ssl_name 2.example.com; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 uwsgi_ssl_verify on; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 uwsgi_ssl_trusted_certificate 2.example.com.crt; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 } |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 location /cn/fail { |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 uwsgi_pass suwsgi://127.0.0.1:8082; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 uwsgi_ssl_name bad.example.com; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 uwsgi_ssl_verify on; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 uwsgi_ssl_trusted_certificate 2.example.com.crt; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 } |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 location /untrusted { |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 uwsgi_pass suwsgi://127.0.0.1:8082; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 uwsgi_ssl_verify on; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 uwsgi_ssl_trusted_certificate 1.example.com.crt; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 uwsgi_ssl_session_reuse off; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 } |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 } |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 } |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 EOF |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 $t->write_file('openssl.1.example.com.conf', <<EOF); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 [ req ] |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 prompt = no |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 default_bits = 2048 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 encrypt_key = no |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 distinguished_name = req_distinguished_name |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 x509_extensions = v3_req |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 [ req_distinguished_name ] |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 commonName=no.match.example.com |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 [ v3_req ] |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 subjectAltName = DNS:example.com,DNS:*.example.com |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 EOF |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 $t->write_file('openssl.2.example.com.conf', <<EOF); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 [ req ] |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 prompt = no |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 default_bits = 2048 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 encrypt_key = no |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 distinguished_name = req_distinguished_name |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 [ req_distinguished_name ] |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 commonName=2.example.com |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 EOF |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 my $d = $t->testdir(); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 my $crt1 = "$d/1.example.com.crt"; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 my $crt2 = "$d/2.example.com.crt"; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 my $key1 = "$d/1.example.com.key"; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 my $key2 = "$d/2.example.com.key"; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 foreach my $name ('1.example.com', '2.example.com') { |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 system('openssl req -x509 -new ' |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 . "-config $d/openssl.$name.conf " |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 . "-out $d/$name.crt -keyout $d/$name.key " |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 . ">>$d/openssl.out 2>&1") == 0 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 or die "Can't create certificate for $name: $!\n"; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 } |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 $t->write_file('uwsgi_test_app.py', <<END); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
131 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
132 def application(env, start_response): |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
133 start_response('200 OK', [('Content-Type','text/plain')]) |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 return b"SEE-THIS" |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
136 END |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
137 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
138 my $uwsgihelp = `uwsgi -h`; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 my @uwsgiopts = (); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
140 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
141 if ($uwsgihelp !~ /--wsgi-file/) { |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
142 # uwsgi has no python support, maybe plugin load is necessary |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
143 push @uwsgiopts, '--plugin', 'python'; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
144 push @uwsgiopts, '--plugin', 'python3'; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
145 } |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
146 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 open OLDERR, ">&", \*STDERR; close STDERR; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
148 $t->run_daemon('uwsgi', @uwsgiopts, |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
149 '--ssl-socket', '127.0.0.1:' . port(8081) . ",$crt1,$key1", |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
150 '--wsgi-file', $d . '/uwsgi_test_app.py', |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
151 '--logto', $d . '/uwsgi_log'); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
152 $t->run_daemon('uwsgi', @uwsgiopts, |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
153 '--ssl-socket', '127.0.0.1:' . port(8082) . ",$crt2,$key2", |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
154 '--wsgi-file', $d . '/uwsgi_test_app.py', |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
155 '--logto', $d . '/uwsgi_log'); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
156 open STDERR, ">&", \*OLDERR; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
157 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
158 $t->run(); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
159 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
160 $t->waitforsocket('127.0.0.1:' . port(8081)) |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
161 or die "Can't start uwsgi"; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
162 $t->waitforsocket('127.0.0.1:' . port(8082)) |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
163 or die "Can't start uwsgi"; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
164 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
165 ############################################################################### |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
166 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
167 # subjectAltName |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
168 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
169 like(http_get('/verify'), qr/200 OK/ms, 'verify'); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
170 like(http_get('/wildcard'), qr/200 OK/ms, 'verify wildcard'); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
171 like(http_get('/fail'), qr/502 Bad/ms, 'verify fail'); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
172 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
173 # commonName |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
174 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
175 like(http_get('/cn'), qr/200 OK/ms, 'verify cn'); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
176 like(http_get('/cn/fail'), qr/502 Bad/ms, 'verify cn fail'); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
177 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
178 # untrusted |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
179 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
180 like(http_get('/untrusted'), qr/502 Bad/ms, 'untrusted'); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
181 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
182 ############################################################################### |