1749
|
1 #!/usr/bin/perl
|
|
2
|
|
3 # (C) Sergey Kandaurov
|
|
4 # (C) Nginx, Inc.
|
|
5
|
|
6 # Tests for http ssl module, $ssl_curve variable.
|
|
7
|
|
8 ###############################################################################
|
|
9
|
|
10 use warnings;
|
|
11 use strict;
|
|
12
|
|
13 use Test::More;
|
|
14
|
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); }
|
|
16
|
|
17 use lib 'lib';
|
|
18 use Test::Nginx;
|
|
19
|
|
20 ###############################################################################
|
|
21
|
|
22 select STDERR; $| = 1;
|
|
23 select STDOUT; $| = 1;
|
|
24
|
|
25 eval { require IO::Socket::SSL; };
|
|
26 plan(skip_all => 'IO::Socket::SSL not installed') if $@;
|
|
27 eval { IO::Socket::SSL::SSL_VERIFY_NONE(); };
|
|
28 plan(skip_all => 'IO::Socket::SSL too old') if $@;
|
|
29
|
|
30 my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite/)
|
|
31 ->has_daemon('openssl');
|
|
32
|
|
33 $t->{_configure_args} =~ /OpenSSL (\d+)/;
|
|
34 plan(skip_all => 'OpenSSL too old') unless defined $1 and $1 >= 3;
|
|
35
|
|
36 $t->write_file_expand('nginx.conf', <<'EOF');
|
|
37
|
|
38 %%TEST_GLOBALS%%
|
|
39
|
|
40 daemon off;
|
|
41
|
|
42 events {
|
|
43 }
|
|
44
|
|
45 http {
|
|
46 %%TEST_GLOBALS_HTTP%%
|
|
47
|
|
48 ssl_certificate_key localhost.key;
|
|
49 ssl_certificate localhost.crt;
|
|
50
|
|
51 ssl_ecdh_curve prime256v1;
|
|
52
|
|
53 server {
|
|
54 listen 127.0.0.1:8443 ssl;
|
|
55 server_name localhost;
|
|
56
|
|
57 return 200 "$ssl_curve $ssl_curves";
|
|
58 }
|
|
59 }
|
|
60
|
|
61 EOF
|
|
62
|
|
63 $t->write_file('openssl.conf', <<EOF);
|
|
64 [ req ]
|
|
65 default_bits = 2048
|
|
66 encrypt_key = no
|
|
67 distinguished_name = req_distinguished_name
|
|
68 [ req_distinguished_name ]
|
|
69 EOF
|
|
70
|
|
71 my $d = $t->testdir();
|
|
72
|
|
73 foreach my $name ('localhost') {
|
|
74 system('openssl req -x509 -new '
|
|
75 . "-config $d/openssl.conf -subj /CN=$name/ "
|
|
76 . "-out $d/$name.crt -keyout $d/$name.key "
|
|
77 . ">>$d/openssl.out 2>&1") == 0
|
|
78 or die "Can't create certificate for $name: $!\n";
|
|
79 }
|
|
80
|
|
81 $t->try_run('no $ssl_curve')->plan(1);
|
|
82
|
|
83 ###############################################################################
|
|
84
|
|
85 like(get('/curve'), qr/^prime256v1 /m, 'ssl curve');
|
|
86
|
|
87 ###############################################################################
|
|
88
|
|
89 sub get {
|
|
90 my ($uri, $port, $ctx) = @_;
|
|
91 my $s = get_ssl_socket($port) or return;
|
|
92 my $r = http_get($uri, socket => $s);
|
|
93 $s->close();
|
|
94 return $r;
|
|
95 }
|
|
96
|
|
97 sub get_ssl_socket {
|
|
98 my ($port, $ctx) = @_;
|
|
99 my $s;
|
|
100
|
|
101 eval {
|
|
102 local $SIG{ALRM} = sub { die "timeout\n" };
|
|
103 local $SIG{PIPE} = sub { die "sigpipe\n" };
|
|
104 alarm(8);
|
|
105 $s = IO::Socket::SSL->new(
|
|
106 Proto => 'tcp',
|
|
107 PeerAddr => '127.0.0.1',
|
|
108 PeerPort => port(8443),
|
|
109 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
|
|
110 SSL_error_trap => sub { die $_[1] },
|
|
111 );
|
|
112 alarm(0);
|
|
113 };
|
|
114 alarm(0);
|
|
115
|
|
116 if ($@) {
|
|
117 log_in("died: $@");
|
|
118 return undef;
|
|
119 }
|
|
120
|
|
121 return $s;
|
|
122 }
|
|
123
|
|
124 ###############################################################################
|