Mercurial > hg > nginx-tests
annotate ssl_certificates.t @ 1951:1867428f1673
Tests: fixed h3_limit_req.t spurious failures.
In the "reset stream - cancellation" test, HTTP/3 stream is closed without
sending the request body when the request is waiting in the limit_req
module, and this results in error 444. However, when the request is received
with some minor delay due to system load, it is not delayed by limit_req,
and the stream is closed during reading the request body, which results
in error 400 instead, breaking the test.
Fix is to introduce yet another request before the "reset stream" test,
so the stream in question is always delayed by limit_req.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Thu, 14 Mar 2024 02:25:49 +0300 |
| parents | 1ba5108b6c24 |
| children | 0a93f101925a |
| rev | line source |
|---|---|
|
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for http ssl module with multiple certificates. |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 ############################################################################### |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 select STDERR; $| = 1; |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDOUT; $| = 1; |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
|
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
25 my $t = Test::Nginx->new()->has(qw/http http_ssl socket_ssl/) |
|
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
26 ->has_daemon('openssl'); |
|
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 |
|
1400
94bcad5611af
Tests: skip OCSP stapling and multiple cert tests with BoringSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1397
diff
changeset
|
28 plan(skip_all => 'no multiple certificates') if $t->has_module('BoringSSL'); |
|
94bcad5611af
Tests: skip OCSP stapling and multiple cert tests with BoringSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1397
diff
changeset
|
29 |
|
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 $t->write_file_expand('nginx.conf', <<'EOF'); |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 %%TEST_GLOBALS%% |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 daemon off; |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 events { |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 } |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 http { |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 %%TEST_GLOBALS_HTTP%% |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 ssl_certificate_key rsa.key; |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 ssl_certificate rsa.crt; |
|
1224
2ec9ce1bc820
Tests: fixed ssl_certificates.t for nginx built with OpenSSL 0.9.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1220
diff
changeset
|
44 ssl_ciphers DEFAULT:ECCdraft; |
|
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 |
|
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
46 add_header X-SSL-Protocol $ssl_protocol; |
|
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
47 |
|
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 server { |
|
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
49 listen 127.0.0.1:8443 ssl; |
|
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 server_name localhost; |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 |
|
1216
de7d3e249b35
Tests: switch from DSS to ECDSA in ssl_certificates.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
52 ssl_certificate_key ec.key; |
|
de7d3e249b35
Tests: switch from DSS to ECDSA in ssl_certificates.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
53 ssl_certificate ec.crt; |
|
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 ssl_certificate_key rsa.key; |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 ssl_certificate rsa.crt; |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 ssl_certificate_key rsa.key; |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 ssl_certificate rsa.crt; |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 } |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 } |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 EOF |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 $t->write_file('openssl.conf', <<EOF); |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 [ req ] |
|
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1421
diff
changeset
|
67 default_bits = 2048 |
|
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 encrypt_key = no |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 distinguished_name = req_distinguished_name |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 [ req_distinguished_name ] |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 EOF |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 my $d = $t->testdir(); |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 |
|
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1216
diff
changeset
|
75 system("openssl ecparam -genkey -out $d/ec.key -name prime256v1 " |
|
1216
de7d3e249b35
Tests: switch from DSS to ECDSA in ssl_certificates.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
76 . ">>$d/openssl.out 2>&1") == 0 or die "Can't create EC pem: $!\n"; |
|
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1421
diff
changeset
|
77 system("openssl genrsa -out $d/rsa.key 2048 >>$d/openssl.out 2>&1") == 0 |
|
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 or die "Can't create RSA pem: $!\n"; |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 |
|
1216
de7d3e249b35
Tests: switch from DSS to ECDSA in ssl_certificates.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
80 foreach my $name ('ec', 'rsa') { |
|
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1216
diff
changeset
|
81 system("openssl req -x509 -new -key $d/$name.key " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1216
diff
changeset
|
82 . "-config $d/openssl.conf -subj /CN=$name/ " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1216
diff
changeset
|
83 . "-out $d/$name.crt -keyout $d/$name.key " |
|
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 . ">>$d/openssl.out 2>&1") == 0 |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 or die "Can't create certificate for $name: $!\n"; |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 } |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 |
|
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
88 $t->write_file('index.html', ''); |
|
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
89 |
|
1216
de7d3e249b35
Tests: switch from DSS to ECDSA in ssl_certificates.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
90 $t->run()->plan(2); |
|
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 ############################################################################### |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 |
|
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
94 TODO: { |
|
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
95 local $TODO = 'broken TLSv1.3 sigalgs in LibreSSL' |
|
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
96 if $t->has_module('LibreSSL') && test_tls13(); |
|
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
97 |
|
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
98 like(cert('RSA'), qr/CN=rsa/, 'ssl cert RSA'); |
|
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
99 |
|
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
100 } |
|
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
101 |
|
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
102 like(cert('ECDSA'), qr/CN=ec/, 'ssl cert ECDSA'); |
|
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 ############################################################################### |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 |
|
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
106 sub test_tls13 { |
|
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
107 return http_get('/', SSL => 1) =~ /TLSv1.3/; |
|
1388
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
108 } |
|
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
109 |
|
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
110 sub cert { |
|
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
111 my $s = get_socket(@_) || return; |
|
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
112 return $s->dump_peer_certificate(); |
|
1388
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
113 } |
|
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
114 |
|
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
115 sub get_socket { |
|
1388
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
116 my ($type) = @_; |
|
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 |
|
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
118 my $ctx_cb = sub { |
|
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
119 my $ctx = shift; |
|
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
120 return unless defined $type; |
|
1397
d3d2aabe16dd
Tests: LibreSSL client detection in multiple certificate tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1388
diff
changeset
|
121 my $ssleay = Net::SSLeay::SSLeay(); |
|
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
122 return if ($ssleay < 0x1000200f || $ssleay == 0x20000000); |
|
1871
1ba5108b6c24
Tests: handled unsupported PSS in sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1865
diff
changeset
|
123 my @sigalgs = ('RSA+SHA256:PSS+SHA256', 'RSA+SHA256'); |
|
1ba5108b6c24
Tests: handled unsupported PSS in sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1865
diff
changeset
|
124 @sigalgs = ($type . '+SHA256') unless $type eq 'RSA'; |
|
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
125 # SSL_CTRL_SET_SIGALGS_LIST |
|
1871
1ba5108b6c24
Tests: handled unsupported PSS in sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1865
diff
changeset
|
126 Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs[0]) |
|
1ba5108b6c24
Tests: handled unsupported PSS in sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1865
diff
changeset
|
127 or Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs[1]) |
|
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
128 or die("Failed to set sigalgs"); |
|
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
129 }; |
|
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 |
|
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
131 return http_get( |
|
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
132 '/', start => 1, |
|
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
133 SSL => 1, |
|
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
134 SSL_cipher_list => $type, |
|
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
135 SSL_create_ctx_callback => $ctx_cb |
|
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
136 ); |
|
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
137 } |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
138 |
|
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 ############################################################################### |