Mercurial > hg > nginx-tests
annotate stream_proxy_ssl_certificate_vars.t @ 1701:408fe0dd3fed
Tests: fixed mail_imap_ssl.t too long shutdown.
Prior to literals support in IMAP test backend (e7f0b4ca0a1a), early backend
response was treated as invalid, with subsequent proxy connection close.
Now that the connection continues successfully, this requires connection
close before nginx shutdown. Otherwise, it would wait for proxy_timeout.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Thu, 17 Jun 2021 19:52:36 +0300 |
parents | 55816c5fc861 |
children | 2a0a6035a1af |
rev | line source |
---|---|
1674
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for stream proxy module with variables in ssl certificates. |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 ############################################################################### |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 select STDERR; $| = 1; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDOUT; $| = 1; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 my $t = Test::Nginx->new()->has(qw/stream stream_ssl stream_map http http_ssl/) |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 ->has_daemon('openssl'); |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 $t->write_file_expand('nginx.conf', <<'EOF'); |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 %%TEST_GLOBALS%% |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 daemon off; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 events { |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 } |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 stream { |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 %%TEST_GLOBALS_STREAM%% |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 map $server_port $cert { |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 %%PORT_8082%% 1; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 %%PORT_8083%% 2; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 %%PORT_8084%% 3; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 %%PORT_8085%% ""; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 } |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 proxy_ssl on; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 proxy_ssl_session_reuse off; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 server { |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 listen 127.0.0.1:8082; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 listen 127.0.0.1:8083; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 proxy_pass 127.0.0.1:8080; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 proxy_ssl_certificate $cert.example.com.crt; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 proxy_ssl_certificate_key $cert.example.com.key; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 } |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 server { |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 listen 127.0.0.1:8084; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 proxy_pass 127.0.0.1:8081; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 proxy_ssl_certificate $cert.example.com.crt; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 proxy_ssl_certificate_key $cert.example.com.key; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 proxy_ssl_password_file password; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 } |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 server { |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 listen 127.0.0.1:8085; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 proxy_pass 127.0.0.1:8081; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 proxy_ssl_certificate $cert; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 proxy_ssl_certificate_key $cert; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 } |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 } |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 http { |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 %%TEST_GLOBALS_HTTP%% |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 server { |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 listen 127.0.0.1:8080 ssl; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 server_name localhost; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 ssl_certificate 2.example.com.crt; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 ssl_certificate_key 2.example.com.key; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 ssl_verify_client optional_no_ca; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 ssl_trusted_certificate 1.example.com.crt; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 location / { |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 add_header X-Verify $ssl_client_verify; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 add_header X-Name $ssl_client_s_dn; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 } |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 } |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 server { |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 listen 127.0.0.1:8081 ssl; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 server_name localhost; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 ssl_certificate 1.example.com.crt; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 ssl_certificate_key 1.example.com.key; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 ssl_verify_client optional_no_ca; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 ssl_trusted_certificate 3.example.com.crt; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 location / { |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 add_header X-Verify $ssl_client_verify; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 } |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 } |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 } |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 EOF |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 $t->write_file('openssl.conf', <<EOF); |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 [ req ] |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 default_bits = 2048 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 encrypt_key = no |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 distinguished_name = req_distinguished_name |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 [ req_distinguished_name ] |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 EOF |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 my $d = $t->testdir(); |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 foreach my $name ('1.example.com', '2.example.com') { |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 system('openssl req -x509 -new ' |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 . "-config $d/openssl.conf -subj /CN=$name/ " |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 . "-out $d/$name.crt -keyout $d/$name.key " |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 . ">>$d/openssl.out 2>&1") == 0 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 or die "Can't create certificate for $name: $!\n"; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 } |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
131 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
132 foreach my $name ('3.example.com') { |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
133 system("openssl genrsa -out $d/$name.key -passout pass:$name " |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 . "-aes128 2048 >>$d/openssl.out 2>&1") == 0 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 or die "Can't create private key: $!\n"; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
136 system('openssl req -x509 -new ' |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
137 . "-config $d/openssl.conf -subj /CN=$name/ " |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
138 . "-out $d/$name.crt " |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 . "-key $d/$name.key -passin pass:$name" |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
140 . ">>$d/openssl.out 2>&1") == 0 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
141 or die "Can't create certificate for $name: $!\n"; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
142 } |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
143 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
144 sleep 1 if $^O eq 'MSWin32'; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
145 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
146 $t->write_file('password', '3.example.com'); |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 $t->write_file('index.html', ''); |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
148 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
149 $t->try_run('no upstream ssl_certificate variables')->plan(4); |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
150 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
151 ############################################################################### |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
152 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
153 like(http_get('/', socket => IO::Socket::INET->new('127.0.0.1:' . port(8082))), |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
154 qr/X-Verify: SUCCESS/ms, 'variable - verify certificate'); |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
155 like(http_get('/', socket => IO::Socket::INET->new('127.0.0.1:' . port(8083))), |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
156 qr/X-Verify: FAILED/ms, 'variable - fail certificate'); |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
157 like(http_get('/', socket => IO::Socket::INET->new('127.0.0.1:' . port(8084))), |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
158 qr/X-Verify: SUCCESS/ms, 'variable - with encrypted key'); |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
159 like(http_get('/', socket => IO::Socket::INET->new('127.0.0.1:' . port(8085))), |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
160 qr/X-Verify: NONE/ms, 'variable - no certificate'); |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
161 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
162 ############################################################################### |