Mercurial > hg > nginx-tests
annotate proxy_ssl_conf_command.t @ 1993:6b1222de8286
Tests: fixed prerequisites for regular expressions in maps.
Regular expressions in maps are only recognized when nginx is compiled
with the PCRE library. The simplest way to make sure it is the case
is to require the rewrite module, which cannot be compiled in without
the PCRE library.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Thu, 01 Aug 2024 10:37:20 +0300 |
| parents | 11463d379570 |
| children |
| rev | line source |
|---|---|
|
1604
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
|
1697
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
6 # Tests for proxy_ssl_conf_command and friends. |
|
1604
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 ############################################################################### |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 select STDERR; $| = 1; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDOUT; $| = 1; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
|
1860
58951cf933e1
Tests: added has_feature() test for SSL libraries.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1697
diff
changeset
|
25 my $t = Test::Nginx->new() |
|
58951cf933e1
Tests: added has_feature() test for SSL libraries.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1697
diff
changeset
|
26 ->has(qw/http http_ssl proxy uwsgi http_v2 grpc openssl:1.0.2/) |
|
1604
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 ->has_daemon('openssl'); |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 |
|
1696
4baeba0e0da2
Tests: skip ssl_conf_command tests with BoringSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1693
diff
changeset
|
29 plan(skip_all => 'no ssl_conf_command') if $t->has_module('BoringSSL'); |
|
1692
f6795e2e6a4b
Tests: skip ssl_conf_command tests on too old OpenSSL explicitly.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1604
diff
changeset
|
30 |
|
1900
236d038dc04a
Tests: suppress "listen .. http2;" deprecation warnings.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1860
diff
changeset
|
31 $t->write_file_expand('nginx.conf', <<'EOF')->plan(3); |
|
1604
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 %%TEST_GLOBALS%% |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 daemon off; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 events { |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 } |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 http { |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 %%TEST_GLOBALS_HTTP%% |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 server { |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 listen 127.0.0.1:8080; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 server_name localhost; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 |
|
1697
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
47 location / { |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
48 proxy_ssl_certificate localhost.crt; |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
49 proxy_ssl_certificate_key localhost.key; |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
50 proxy_ssl_conf_command Certificate override.crt; |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
51 proxy_ssl_conf_command PrivateKey override.key; |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
52 proxy_pass https://127.0.0.1:8081; |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
53 } |
|
1604
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 |
|
1697
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
55 location /uwsgi { |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
56 uwsgi_ssl_certificate localhost.crt; |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
57 uwsgi_ssl_certificate_key localhost.key; |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
58 uwsgi_ssl_conf_command Certificate override.crt; |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
59 uwsgi_ssl_conf_command PrivateKey override.key; |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
60 uwsgi_ssl_session_reuse off; |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
61 uwsgi_pass suwsgi://127.0.0.1:8081; |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
62 } |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
63 |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
64 location /grpc { |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
65 grpc_ssl_certificate localhost.crt; |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
66 grpc_ssl_certificate_key localhost.key; |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
67 grpc_ssl_conf_command Certificate override.crt; |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
68 grpc_ssl_conf_command PrivateKey override.key; |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
69 grpc_pass grpcs://127.0.0.1:8082; |
|
1604
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 } |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 } |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 server { |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 listen 127.0.0.1:8081 ssl; |
|
1986
11463d379570
Tests: reworked HTTP/2 tests to use "http2 on".
Maxim Dounin <mdounin@mdounin.ru>
parents:
1900
diff
changeset
|
75 listen 127.0.0.1:8082 ssl; |
|
1604
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 server_name localhost; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 |
|
1986
11463d379570
Tests: reworked HTTP/2 tests to use "http2 on".
Maxim Dounin <mdounin@mdounin.ru>
parents:
1900
diff
changeset
|
78 http2 on; |
|
11463d379570
Tests: reworked HTTP/2 tests to use "http2 on".
Maxim Dounin <mdounin@mdounin.ru>
parents:
1900
diff
changeset
|
79 |
|
1604
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 ssl_certificate localhost.crt; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 ssl_certificate_key localhost.key; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 ssl_verify_client optional_no_ca; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 |
|
1697
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
84 # stub to implement SSL logic for tests |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
85 |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
86 add_header X-Cert $ssl_client_s_dn always; |
|
1604
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 } |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 } |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 EOF |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 $t->write_file('openssl.conf', <<EOF); |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 [ req ] |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 default_bits = 2048 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 encrypt_key = no |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 distinguished_name = req_distinguished_name |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 [ req_distinguished_name ] |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 EOF |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 my $d = $t->testdir(); |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 foreach my $name ('localhost', 'override') { |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 system('openssl req -x509 -new ' |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 . "-config $d/openssl.conf -subj /CN=$name/ " |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 . "-out $d/$name.crt -keyout $d/$name.key " |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 . ">>$d/openssl.out 2>&1") == 0 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 or die "Can't create certificate for $name: $!\n"; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 } |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 $t->write_file('index.html', ''); |
|
1900
236d038dc04a
Tests: suppress "listen .. http2;" deprecation warnings.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1860
diff
changeset
|
111 $t->run(); |
|
1604
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 ############################################################################### |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 |
|
1697
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
115 like(http_get('/'), qr/CN=override/, 'proxy_ssl_conf_command'); |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
116 like(http_get('/uwsgi'), qr/CN=override/, 'uwsgi_ssl_conf_command'); |
|
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
117 like(http_get('/grpc'), qr/CN=override/, 'grpc_ssl_conf_command'); |
|
1604
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 ############################################################################### |