Mercurial > hg > nginx-tests
annotate ssl_verify_client.t @ 1215:26884729e06b
Tests: cope with resolver resend in mail resolver tests.
Currently, if resolver didn't find PTR type in the answer section of PTR
response, it keeps the node in the resend queue until the next timer event.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Thu, 31 Aug 2017 19:09:04 +0300 |
parents | b1dc56ad15e9 |
children | 0af58b78df35 |
rev | line source |
---|---|
932
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for http ssl module, ssl_verify_client. |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
1114
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
15 use Socket qw/ :DEFAULT CRLF /; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
16 |
932
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 BEGIN { use FindBin; chdir($FindBin::Bin); } |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 use lib 'lib'; |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 use Test::Nginx; |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 ############################################################################### |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 select STDERR; $| = 1; |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 select STDOUT; $| = 1; |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 |
1114
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
27 eval { |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
28 require Net::SSLeay; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
29 Net::SSLeay::load_error_strings(); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
30 Net::SSLeay::SSLeay_add_ssl_algorithms(); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
31 Net::SSLeay::randomize(); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
32 }; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
33 plan(skip_all => 'Net::SSLeay not installed') if $@; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
34 |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
35 eval { |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
36 my $ctx = Net::SSLeay::CTX_new() or die; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
37 my $ssl = Net::SSLeay::new($ctx) or die; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
38 Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
39 }; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
40 plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@; |
932
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 |
1032
43eedbfea090
Tests: add missing sni prerequisites.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
42 my $t = Test::Nginx->new()->has(qw/http http_ssl sni/) |
1114
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
43 ->has_daemon('openssl')->plan(10); |
932
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 $t->write_file_expand('nginx.conf', <<'EOF'); |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 %%TEST_GLOBALS%% |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 daemon off; |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 events { |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 } |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 http { |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 %%TEST_GLOBALS_HTTP%% |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 |
1114
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
57 add_header X-Verify x$ssl_client_verify:${ssl_client_cert}x; |
932
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 |
1114
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
59 ssl_certificate_key 1.example.com.key; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
60 ssl_certificate 1.example.com.crt; |
932
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 server { |
1114
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
63 listen 127.0.0.1:8080; |
932
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 server_name localhost; |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 |
1114
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
66 ssl_verify_client on; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
67 ssl_client_certificate 2.example.com.crt; |
932
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 } |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 server { |
1114
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
71 listen 127.0.0.1:8081 ssl; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
72 server_name on; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
73 |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
74 ssl_verify_client on; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
75 ssl_client_certificate 2.example.com.crt; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
76 } |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
77 |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
78 server { |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
79 listen 127.0.0.1:8081 ssl; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
80 server_name optional; |
932
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 |
1114
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
82 ssl_verify_client optional; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
83 ssl_client_certificate 2.example.com.crt; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
84 ssl_trusted_certificate 3.example.com.crt; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
85 } |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
86 |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
87 server { |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
88 listen 127.0.0.1:8081 ssl; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
89 server_name optional_no_ca; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
90 |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
91 ssl_verify_client optional_no_ca; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
92 ssl_client_certificate 2.example.com.crt; |
932
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 } |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 } |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 EOF |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 $t->write_file('openssl.conf', <<EOF); |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 [ req ] |
1116
8ef51dbb5d69
Tests: reduced OpenSSL default key length to 1024.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1114
diff
changeset
|
100 default_bits = 1024 |
932
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 encrypt_key = no |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 distinguished_name = req_distinguished_name |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 [ req_distinguished_name ] |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 EOF |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 my $d = $t->testdir(); |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 |
1114
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
108 foreach my $name ('1.example.com', '2.example.com', '3.example.com') { |
932
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 system('openssl req -x509 -new ' |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 . "-config '$d/openssl.conf' -subj '/CN=$name/' " |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 . "-out '$d/$name.crt' -keyout '$d/$name.key' " |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 . ">>$d/openssl.out 2>&1") == 0 |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 or die "Can't create certificate for $name: $!\n"; |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 } |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 $t->write_file('t', 'SEE-THIS'); |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 $t->run(); |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 ############################################################################### |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 |
1114
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
122 like(http_get('/t'), qr/x:x/, 'plain connection'); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
123 like(get('on'), qr/400 Bad Request/, 'no cert'); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
124 like(get('optional'), qr/NONE:x/, 'no optional cert'); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
125 like(get('optional', '1.example.com'), qr/400 Bad/, 'bad optional cert'); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
126 like(get('optional_no_ca', '1.example.com'), qr/FAILED.*BEGIN/, |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
127 'bad optional_no_ca cert'); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
128 |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
129 like(get('localhost', '2.example.com'), qr/SUCCESS.*BEGIN/, 'good cert'); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
130 like(get('optional', '2.example.com'), qr/SUCCESS.*BEGI/, 'good cert optional'); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
131 like(get('optional', '3.example.com'), qr/SUCCESS.*BEGIN/, 'good cert trusted'); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
132 |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
133 SKIP: { |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
134 skip 'Net::SSLeay version >= 1.36 required', 1 if $Net::SSLeay::VERSION < 1.36; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
135 |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
136 my $ca = join ' ', get('optional', '3.example.com'); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
137 is($ca, '/CN=2.example.com', 'no trusted sent'); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
138 |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
139 } |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
140 |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
141 like(get('optional', undef, 'localhost'), qr/421 Misdirected/, 'misdirected'); |
932
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
142 |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
143 ############################################################################### |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
144 |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
145 sub get { |
1114
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
146 my ($sni, $cert, $host) = @_; |
932
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 |
1207
b1dc56ad15e9
Tests: ignore SIGPIPE in ssl_verify_client.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
148 local $SIG{PIPE} = 'IGNORE'; |
b1dc56ad15e9
Tests: ignore SIGPIPE in ssl_verify_client.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
149 |
932
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
150 $host = $sni if !defined $host; |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
151 |
1114
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
152 my $dest_ip = inet_aton('127.0.0.1'); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
153 my $dest_serv_params = sockaddr_in(port(8081), $dest_ip); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
154 |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
155 socket(my $s, &AF_INET, &SOCK_STREAM, 0) or die "socket: $!"; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
156 connect($s, $dest_serv_params) or die "connect: $!"; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
157 |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
158 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!"); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
159 Net::SSLeay::set_cert_and_key($ctx, "$d/$cert.crt", "$d/$cert.key") |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
160 or die if $cert; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
161 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!"); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
162 Net::SSLeay::set_tlsext_host_name($ssl, $sni) == 1 or die; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
163 Net::SSLeay::set_fd($ssl, fileno($s)); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
164 Net::SSLeay::connect($ssl) or die("ssl connect"); |
932
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
165 |
1114
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
166 Net::SSLeay::write($ssl, 'GET /t HTTP/1.0' . CRLF); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
167 Net::SSLeay::write($ssl, "Host: $host" . CRLF . CRLF); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
168 my $buf = Net::SSLeay::read($ssl); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
169 log_in($buf); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
170 return $buf unless wantarray(); |
932
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
171 |
1114
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
172 my $list = Net::SSLeay::get_client_CA_list($ssl); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
173 my @names; |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
174 for my $i (0 .. Net::SSLeay::sk_X509_NAME_num($list) - 1) { |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
175 my $name = Net::SSLeay::sk_X509_NAME_value($list, $i); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
176 push @names, Net::SSLeay::X509_NAME_oneline($name); |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
177 } |
c5df4742ad40
Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1070
diff
changeset
|
178 return @names; |
932
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
179 } |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
180 |
f9ab0aa6e14e
Tests: simple ssl_verify_client tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
181 ############################################################################### |