Mercurial > hg > nginx-tests
annotate stream_upstream_zone_ssl.t @ 1215:26884729e06b
Tests: cope with resolver resend in mail resolver tests.
Currently, if resolver didn't find PTR type in the answer section of PTR
response, it keeps the node in the resend queue until the next timer event.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Thu, 31 Aug 2017 19:09:04 +0300 |
parents | 155573499f20 |
children | 0af58b78df35 |
rev | line source |
---|---|
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Stream tests for upstream zone with ssl backend. |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
1195
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
19 use Test::Nginx::Stream qw/ stream /; |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 ############################################################################### |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDERR; $| = 1; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 select STDOUT; $| = 1; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 |
1195
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
26 my $t = Test::Nginx->new()->has(qw/stream stream_ssl stream_return/) |
1197
155573499f20
Tests: more ssl session tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1195
diff
changeset
|
27 ->has(qw/stream_upstream_zone/)->has_daemon('openssl')->plan(9); |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 $t->write_file_expand('nginx.conf', <<'EOF'); |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 %%TEST_GLOBALS%% |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 daemon off; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 events { |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 stream { |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 proxy_ssl on; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 proxy_ssl_session_reuse on; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 upstream u { |
982
325db3d62466
Tests: increase upstream shared memory zone sizes for large pages.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
43 zone u 1m; |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
44 server 127.0.0.1:8084; |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 upstream u2 { |
982
325db3d62466
Tests: increase upstream shared memory zone sizes for large pages.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
48 zone u2 1m; |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
49 server 127.0.0.1:8084 backup; |
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
50 server 127.0.0.1:8085 down; |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
54 listen 127.0.0.1:8080; |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 proxy_pass u; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 proxy_ssl_session_reuse off; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
60 listen 127.0.0.1:8081; |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 proxy_pass u; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
65 listen 127.0.0.1:8082; |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 proxy_pass u2; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 proxy_ssl_session_reuse off; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
71 listen 127.0.0.1:8083; |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 proxy_pass u2; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 server { |
1195
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
76 listen 127.0.0.1:8084 ssl; |
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
77 return $ssl_session_reused; |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 ssl_certificate_key localhost.key; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 ssl_certificate localhost.crt; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 ssl_session_cache builtin; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 EOF |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 $t->write_file('openssl.conf', <<EOF); |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 [ req ] |
1116
8ef51dbb5d69
Tests: reduced OpenSSL default key length to 1024.
Sergey Kandaurov <pluknet@nginx.com>
parents:
982
diff
changeset
|
89 default_bits = 1024 |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 encrypt_key = no |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 distinguished_name = req_distinguished_name |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 [ req_distinguished_name ] |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 EOF |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 my $d = $t->testdir(); |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 foreach my $name ('localhost') { |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 system('openssl req -x509 -new ' |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 . "-config '$d/openssl.conf' -subj '/CN=$name/' " |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 . "-out '$d/$name.crt' -keyout '$d/$name.key' " |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 . ">>$d/openssl.out 2>&1") == 0 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 or die "Can't create certificate for $name: $!\n"; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 $t->run(); |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 ############################################################################### |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 |
1195
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
109 is(stream('127.0.0.1:' . port(8080))->read(), '.', 'ssl'); |
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
110 is(stream('127.0.0.1:' . port(8080))->read(), '.', 'ssl 2'); |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 |
1195
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
112 is(stream('127.0.0.1:' . port(8081))->read(), '.', 'ssl session new'); |
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
113 is(stream('127.0.0.1:' . port(8081))->read(), 'r', 'ssl session reused'); |
1197
155573499f20
Tests: more ssl session tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1195
diff
changeset
|
114 is(stream('127.0.0.1:' . port(8081))->read(), 'r', 'ssl session reused 2'); |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 |
1195
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
116 is(stream('127.0.0.1:' . port(8082))->read(), '.', 'backup ssl'); |
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
117 is(stream('127.0.0.1:' . port(8082))->read(), '.', 'backup ssl 2'); |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 |
1195
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
119 is(stream('127.0.0.1:' . port(8083))->read(), '.', 'backup ssl session new'); |
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
120 is(stream('127.0.0.1:' . port(8083))->read(), 'r', 'backup ssl session reused'); |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 ############################################################################### |