Mercurial > hg > nginx-tests
annotate ssl_reject_handshake.t @ 1701:408fe0dd3fed
Tests: fixed mail_imap_ssl.t too long shutdown.
Prior to literals support in IMAP test backend (e7f0b4ca0a1a), early backend
response was treated as invalid, with subsequent proxy connection close.
Now that the connection continues successfully, this requires connection
close before nginx shutdown. Otherwise, it would wait for proxy_timeout.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Thu, 17 Jun 2021 19:52:36 +0300 |
parents | 5ac6efbe5552 |
children | 2a7fc70900a5 |
rev | line source |
---|---|
1601
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for http ssl module, ssl_reject_handshake. |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 ############################################################################### |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 select STDERR; $| = 1; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDOUT; $| = 1; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 eval { require IO::Socket::SSL; }; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 plan(skip_all => 'IO::Socket::SSL not installed') if $@; |
1602
d35db22947ab
Tests: fixed ssl_reject_handshake.t with too old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1601
diff
changeset
|
27 eval { IO::Socket::SSL->can_client_sni() or die; }; |
d35db22947ab
Tests: fixed ssl_reject_handshake.t with too old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1601
diff
changeset
|
28 plan(skip_all => 'IO::Socket::SSL with OpenSSL SNI support required') if $@; |
1601
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 |
1602
d35db22947ab
Tests: fixed ssl_reject_handshake.t with too old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1601
diff
changeset
|
30 my $t = Test::Nginx->new()->has(qw/http http_ssl sni/)->has_daemon('openssl'); |
1601
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 $t->write_file_expand('nginx.conf', <<'EOF'); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 %%TEST_GLOBALS%% |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 daemon off; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 events { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 http { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 %%TEST_GLOBALS_HTTP%% |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 add_header X-Name $ssl_server_name; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 server { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 listen 127.0.0.1:8080 ssl; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 server_name localhost; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 ssl_reject_handshake on; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 server { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 listen 127.0.0.1:8081; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 server_name ssl; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 ssl on; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 ssl_reject_handshake on; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 server { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 listen 127.0.0.1:8080 ssl; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 listen 127.0.0.1:8081 ssl; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 server_name virtual; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 ssl_certificate localhost.crt; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 ssl_certificate_key localhost.key; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 server { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 listen 127.0.0.1:8082 ssl; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 server_name localhost; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 ssl_certificate localhost.crt; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 ssl_certificate_key localhost.key; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 server { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 listen 127.0.0.1:8082 ssl; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 server_name virtual1; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 server { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 listen 127.0.0.1:8082 ssl; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 server_name virtual2; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 ssl_reject_handshake on; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 EOF |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 $t->write_file('openssl.conf', <<EOF); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 [ req ] |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 default_bits = 2048 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 encrypt_key = no |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 distinguished_name = req_distinguished_name |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 [ req_distinguished_name ] |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 EOF |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 my $d = $t->testdir(); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 foreach my $name ('localhost') { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 system('openssl req -x509 -new ' |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 . "-config $d/openssl.conf -subj /CN=$name/ " |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 . "-out $d/$name.crt -keyout $d/$name.key " |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 . ">>$d/openssl.out 2>&1") == 0 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 or die "Can't create certificate for $name: $!\n"; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 $t->write_file('index.html', ''); |
1693
5ac6efbe5552
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1602
diff
changeset
|
112 |
5ac6efbe5552
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1602
diff
changeset
|
113 # suppress deprecation warning |
5ac6efbe5552
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1602
diff
changeset
|
114 |
5ac6efbe5552
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1602
diff
changeset
|
115 open OLDERR, ">&", \*STDERR; close STDERR; |
5ac6efbe5552
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1602
diff
changeset
|
116 $t->run()->plan(9); |
5ac6efbe5552
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1602
diff
changeset
|
117 open STDERR, ">&", \*OLDERR; |
1601
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 ############################################################################### |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 # default virtual server rejected |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 like(get('default', 8080), qr/unrecognized name/, 'default rejected'); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 like(get(undef, 8080), qr/unrecognized name/, 'absent sni rejected'); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 like(get('virtual', 8080), qr/virtual/, 'virtual accepted'); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 # default virtual server rejected - ssl on |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 like(get('default', 8081), qr/unrecognized name/, 'default rejected - ssl on'); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 like(get('virtual', 8081), qr/virtual/, 'virtual accepted - ssl on'); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
131 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
132 # non-default server "virtual2" rejected |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
133 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 like(get('default', 8082), qr/default/, 'default accepted'); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 like(get(undef, 8082), qr/200 OK(?!.*X-Name)/is, 'absent sni accepted'); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
136 like(get('virtual1', 8082), qr/virtual1/, 'virtual 1 accepted'); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
137 like(get('virtual2', 8082), qr/unrecognized name/, 'virtual 2 rejected'); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
138 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 ############################################################################### |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
140 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
141 sub get { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
142 my ($host, $port) = @_; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
143 my $s = get_ssl_socket($host, $port) or return $@; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
144 $host = 'localhost' if !defined $host; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
145 my $r = http(<<EOF, socket => $s); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
146 GET / HTTP/1.0 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 Host: $host |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
148 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
149 EOF |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
150 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
151 $s->close(); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
152 return $r; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
153 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
154 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
155 sub get_ssl_socket { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
156 my ($host, $port) = @_; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
157 my $s; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
158 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
159 eval { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
160 local $SIG{ALRM} = sub { die "timeout\n" }; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
161 local $SIG{PIPE} = sub { die "sigpipe\n" }; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
162 alarm(8); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
163 $s = IO::Socket::SSL->new( |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
164 Proto => 'tcp', |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
165 PeerAddr => '127.0.0.1', |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
166 PeerPort => port($port), |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
167 SSL_hostname => $host, |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
168 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
169 SSL_error_trap => sub { die $_[1] }, |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
170 ); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
171 alarm(0); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
172 }; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
173 alarm(0); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
174 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
175 if ($@) { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
176 log_in("died: $@"); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
177 return undef; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
178 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
179 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
180 return $s; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
181 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
182 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
183 ############################################################################### |