Mercurial > hg > nginx-tests
annotate stream_udp_limit_conn.t @ 1571:1b4ceab9cb1c
Tests: fixed ssl_certificate.t with LibreSSL client.
Net::SSLeay::connect() that manages TLS handshake could return unexpected
error when receiving server alert, as seen in server certificate tests if
it could not been selected. Typically, it returns the expected error -1,
but with certain libssl implementations it can be 0, as explained below.
The error is propagated from libssl's SSL_connect(), which is usually -1.
In modern OpenSSL versions, it is the default error code used in the state
machine returned when something went wrong with parsing TLS message header.
In versions up to OpenSSL 1.0.2, with SSLv23_method() used by default, -1
is the only error code in the ssl_connect() method implementation which is
used as well if receiving alert while parsing ServerHello. BoringSSL also
seems to return -1. But it is not so with LibreSSL that returns zero.
Previously, tests failed with client built with LibreSSL with SSLv3 removed.
Here, the error is propagated directly from ssl_read_bytes() method, which
is always implemented as ssl3_read_bytes() in all TLS methods. It could be
also seen with OpenSSL up to 1.0.2 with non-default methods explicitly set.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Fri, 29 May 2020 23:10:20 +0300 |
parents | 144c6ce732e4 |
children | f3ba4c74de31 |
rev | line source |
---|---|
868 | 1 #!/usr/bin/perl |
2 | |
3 # (C) Andrey Zelenkov | |
4 # (C) Nginx, Inc. | |
5 | |
6 # Tests for stream limit_conn module with datagrams. | |
7 | |
8 ############################################################################### | |
9 | |
10 use warnings; | |
11 use strict; | |
12 | |
13 use Test::More; | |
14 | |
15 BEGIN { use FindBin; chdir($FindBin::Bin); } | |
16 | |
17 use lib 'lib'; | |
18 use Test::Nginx; | |
19 use Test::Nginx::Stream qw/ dgram /; | |
20 | |
21 ############################################################################### | |
22 | |
23 select STDERR; $| = 1; | |
24 select STDOUT; $| = 1; | |
25 | |
1020
196d33c2bb45
Tests: removed TODO and try_run() checks for legacy versions.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
26 my $t = Test::Nginx->new()->has(qw/stream stream_limit_conn udp/)->plan(9) |
868 | 27 ->write_file_expand('nginx.conf', <<'EOF'); |
28 | |
29 %%TEST_GLOBALS%% | |
30 | |
31 daemon off; | |
32 | |
33 events { | |
34 } | |
35 | |
36 stream { | |
37 limit_conn_zone $binary_remote_addr zone=zone:1m; | |
38 limit_conn_zone $binary_remote_addr zone=zone2:1m; | |
39 | |
40 proxy_responses 1; | |
41 proxy_timeout 1s; | |
42 | |
43 server { | |
1237
e4974af3fb12
Tests: adjusted udp ports to match allocated ports range.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1020
diff
changeset
|
44 listen 127.0.0.1:%%PORT_8981_UDP%% udp; |
e4974af3fb12
Tests: adjusted udp ports to match allocated ports range.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1020
diff
changeset
|
45 proxy_pass 127.0.0.1:%%PORT_8980_UDP%%; |
868 | 46 |
47 limit_conn zone 1; | |
48 proxy_responses 2; | |
49 } | |
50 | |
51 server { | |
1237
e4974af3fb12
Tests: adjusted udp ports to match allocated ports range.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1020
diff
changeset
|
52 listen 127.0.0.1:%%PORT_8982_UDP%% udp; |
e4974af3fb12
Tests: adjusted udp ports to match allocated ports range.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1020
diff
changeset
|
53 proxy_pass 127.0.0.1:%%PORT_8980_UDP%%; |
868 | 54 limit_conn zone2 1; |
55 } | |
56 | |
57 server { | |
1237
e4974af3fb12
Tests: adjusted udp ports to match allocated ports range.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1020
diff
changeset
|
58 listen 127.0.0.1:%%PORT_8983_UDP%% udp; |
e4974af3fb12
Tests: adjusted udp ports to match allocated ports range.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1020
diff
changeset
|
59 proxy_pass 127.0.0.1:%%PORT_8980_UDP%%; |
868 | 60 limit_conn zone 5; |
61 } | |
62 | |
63 server { | |
1237
e4974af3fb12
Tests: adjusted udp ports to match allocated ports range.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1020
diff
changeset
|
64 listen 127.0.0.1:%%PORT_8984_UDP%% udp; |
e4974af3fb12
Tests: adjusted udp ports to match allocated ports range.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1020
diff
changeset
|
65 proxy_pass 127.0.0.1:%%PORT_8981_UDP%%; |
868 | 66 limit_conn zone2 1; |
67 } | |
68 | |
69 server { | |
1237
e4974af3fb12
Tests: adjusted udp ports to match allocated ports range.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1020
diff
changeset
|
70 listen 127.0.0.1:%%PORT_8985_UDP%% udp; |
e4974af3fb12
Tests: adjusted udp ports to match allocated ports range.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1020
diff
changeset
|
71 proxy_pass 127.0.0.1:%%PORT_8981_UDP%%; |
868 | 72 limit_conn zone 1; |
73 } | |
74 } | |
75 | |
76 EOF | |
77 | |
1020
196d33c2bb45
Tests: removed TODO and try_run() checks for legacy versions.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
78 $t->run(); |
868 | 79 $t->run_daemon(\&udp_daemon, $t); |
1237
e4974af3fb12
Tests: adjusted udp ports to match allocated ports range.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1020
diff
changeset
|
80 $t->waitforfile($t->testdir . '/' . port(8980)); |
868 | 81 |
82 ############################################################################### | |
83 | |
84 # same and other zones | |
85 | |
1237
e4974af3fb12
Tests: adjusted udp ports to match allocated ports range.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1020
diff
changeset
|
86 my $s = dgram('127.0.0.1:' . port(8981)); |
868 | 87 |
88 is($s->io('1'), '1', 'passed'); | |
89 | |
1334
c4f58dfe8207
Tests: stream udp tests adjusted for upcoming udp streams.
Roman Arutyunyan <arut@nginx.com>
parents:
1237
diff
changeset
|
90 # regardless of incomplete responses, new requests in the same |
c4f58dfe8207
Tests: stream udp tests adjusted for upcoming udp streams.
Roman Arutyunyan <arut@nginx.com>
parents:
1237
diff
changeset
|
91 # socket will be treated as requests in existing session |
c4f58dfe8207
Tests: stream udp tests adjusted for upcoming udp streams.
Roman Arutyunyan <arut@nginx.com>
parents:
1237
diff
changeset
|
92 |
1349
99a83f7e7755
Tests: adjusted read timeout in stream_udp_limit_conn.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1334
diff
changeset
|
93 is($s->io('1', read_timeout => 0.4), '1', 'passed new request'); |
1334
c4f58dfe8207
Tests: stream udp tests adjusted for upcoming udp streams.
Roman Arutyunyan <arut@nginx.com>
parents:
1237
diff
changeset
|
94 |
1237
e4974af3fb12
Tests: adjusted udp ports to match allocated ports range.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1020
diff
changeset
|
95 is(dgram('127.0.0.1:' . port(8981))->io('1', read_timeout => 0.1), '', |
1334
c4f58dfe8207
Tests: stream udp tests adjusted for upcoming udp streams.
Roman Arutyunyan <arut@nginx.com>
parents:
1237
diff
changeset
|
96 'rejected new session'); |
1237
e4974af3fb12
Tests: adjusted udp ports to match allocated ports range.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1020
diff
changeset
|
97 is(dgram('127.0.0.1:' . port(8982))->io('1'), '1', 'passed different zone'); |
e4974af3fb12
Tests: adjusted udp ports to match allocated ports range.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1020
diff
changeset
|
98 is(dgram('127.0.0.1:' . port(8983))->io('1'), '1', 'passed same zone unlimited'); |
868 | 99 |
935
25a4b2fdd3fb
Tests: I/O timeout options introduced in Stream.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
925
diff
changeset
|
100 sleep 1; # waiting for proxy_timeout to expire |
25a4b2fdd3fb
Tests: I/O timeout options introduced in Stream.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
925
diff
changeset
|
101 |
1334
c4f58dfe8207
Tests: stream udp tests adjusted for upcoming udp streams.
Roman Arutyunyan <arut@nginx.com>
parents:
1237
diff
changeset
|
102 is($s->io('2', read => 2), '12', 'new session after proxy_timeout'); |
868 | 103 |
1237
e4974af3fb12
Tests: adjusted udp ports to match allocated ports range.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1020
diff
changeset
|
104 is(dgram('127.0.0.1:' . port(8981))->io('2', read => 2), '12', 'passed 2'); |
868 | 105 |
106 # zones proxy chain | |
107 | |
1237
e4974af3fb12
Tests: adjusted udp ports to match allocated ports range.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1020
diff
changeset
|
108 is(dgram('127.0.0.1:' . port(8984))->io('1'), '1', 'passed proxy'); |
e4974af3fb12
Tests: adjusted udp ports to match allocated ports range.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1020
diff
changeset
|
109 is(dgram('127.0.0.1:' . port(8985))->io('1', read_timeout => 0.1), '', |
935
25a4b2fdd3fb
Tests: I/O timeout options introduced in Stream.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
925
diff
changeset
|
110 'rejected proxy'); |
868 | 111 |
112 ############################################################################### | |
113 | |
114 sub udp_daemon { | |
115 my $t = shift; | |
116 | |
117 my $server = IO::Socket::INET->new( | |
118 Proto => 'udp', | |
1237
e4974af3fb12
Tests: adjusted udp ports to match allocated ports range.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1020
diff
changeset
|
119 LocalAddr => '127.0.0.1:' . port(8980), |
868 | 120 Reuse => 1, |
121 ) | |
122 or die "Can't create listening socket: $!\n"; | |
123 | |
124 # signal we are ready | |
125 | |
1237
e4974af3fb12
Tests: adjusted udp ports to match allocated ports range.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1020
diff
changeset
|
126 open my $fh, '>', $t->testdir() . '/' . port(8980); |
868 | 127 close $fh; |
128 | |
129 while (1) { | |
130 $server->recv(my $buffer, 65536); | |
131 $server->send($_) for (1 .. $buffer); | |
132 } | |
133 } | |
134 | |
135 ############################################################################### |