Mercurial > hg > nginx-tests
annotate stream_proxy_ssl.t @ 1516:420aaeb40c09
Tests: merge_slashes tests.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Wed, 09 Oct 2019 16:46:03 +0300 |
parents | dbce8fb5f5f8 |
children | f3ba4c74de31 |
rev | line source |
---|---|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Stream tests for proxy to ssl backend. |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
1195
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
19 use Test::Nginx::Stream qw/ stream /; |
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 ############################################################################### |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDERR; $| = 1; |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 select STDOUT; $| = 1; |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 my $t = Test::Nginx->new()->has(qw/stream stream_ssl http http_ssl/) |
1195
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
27 ->has(qw/stream_return/) |
1197
155573499f20
Tests: more ssl session tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1195
diff
changeset
|
28 ->has_daemon('openssl')->plan(6); |
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 $t->write_file_expand('nginx.conf', <<'EOF'); |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 %%TEST_GLOBALS%% |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 daemon off; |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 events { |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 } |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 stream { |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 proxy_ssl on; |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 proxy_ssl_session_reuse on; |
795
122cd3a82367
Tests: fixed 'proxy connect timeout' test timeouts on slow hosts.
Sergey Kandaurov <pluknet@nginx.com>
parents:
733
diff
changeset
|
42 proxy_connect_timeout 2s; |
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 server { |
1195
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
45 listen 127.0.0.1:8081; |
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
46 proxy_pass 127.0.0.1:8083; |
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 proxy_ssl_session_reuse off; |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 } |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 server { |
1195
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
51 listen 127.0.0.1:8082; |
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
52 proxy_pass 127.0.0.1:8083; |
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
53 } |
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
54 |
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
55 server { |
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
56 listen 127.0.0.1:8083 ssl; |
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
57 return $ssl_session_reused; |
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
58 |
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
59 ssl_certificate_key localhost.key; |
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
60 ssl_certificate localhost.crt; |
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
61 ssl_session_cache builtin; |
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
62 } |
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
63 |
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
64 server { |
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
65 listen 127.0.0.1:8080; |
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
66 proxy_pass 127.0.0.1:8084; |
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 } |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 } |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 http { |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 %%TEST_GLOBALS_HTTP%% |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 server { |
1195
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
74 listen 127.0.0.1:8084 ssl; |
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 server_name localhost; |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 ssl_certificate_key localhost.key; |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 ssl_certificate localhost.crt; |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 } |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 } |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 EOF |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 $t->write_file('openssl.conf', <<EOF); |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 [ req ] |
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1220
diff
changeset
|
86 default_bits = 2048 |
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 encrypt_key = no |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 distinguished_name = req_distinguished_name |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 [ req_distinguished_name ] |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 EOF |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 $t->write_file('index.html', ''); |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 my $d = $t->testdir(); |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 foreach my $name ('localhost') { |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 system('openssl req -x509 -new ' |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1197
diff
changeset
|
98 . "-config $d/openssl.conf -subj /CN=$name/ " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1197
diff
changeset
|
99 . "-out $d/$name.crt -keyout $d/$name.key " |
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 . ">>$d/openssl.out 2>&1") == 0 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 or die "Can't create certificate for $name: $!\n"; |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 } |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 $t->run(); |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 ############################################################################### |
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 |
1195
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
108 is(stream('127.0.0.1:' . port(8081))->read(), '.', 'ssl'); |
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
109 is(stream('127.0.0.1:' . port(8081))->read(), '.', 'ssl 2'); |
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 |
1195
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
111 is(stream('127.0.0.1:' . port(8082))->read(), '.', 'ssl session new'); |
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
112 is(stream('127.0.0.1:' . port(8082))->read(), 'r', 'ssl session reused'); |
1197
155573499f20
Tests: more ssl session tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1195
diff
changeset
|
113 is(stream('127.0.0.1:' . port(8082))->read(), 'r', 'ssl session reused 2'); |
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 |
732
984bfe661cce
Tests: stream and http proxy_connect_timeout tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
559
diff
changeset
|
115 my $s = http('', start => 1); |
984bfe661cce
Tests: stream and http proxy_connect_timeout tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
559
diff
changeset
|
116 |
795
122cd3a82367
Tests: fixed 'proxy connect timeout' test timeouts on slow hosts.
Sergey Kandaurov <pluknet@nginx.com>
parents:
733
diff
changeset
|
117 sleep 3; |
732
984bfe661cce
Tests: stream and http proxy_connect_timeout tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
559
diff
changeset
|
118 |
733
3b25ee897439
Tests: removed stream_proxy_ssl.t TODO, fix committed.
Sergey Kandaurov <pluknet@nginx.com>
parents:
732
diff
changeset
|
119 like(http_get('/', socket => $s), qr/200 OK/, 'proxy connect timeout'); |
732
984bfe661cce
Tests: stream and http proxy_connect_timeout tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
559
diff
changeset
|
120 |
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 ############################################################################### |