Mercurial > hg > nginx-tests
annotate ssl_certificates.t @ 1993:6b1222de8286
Tests: fixed prerequisites for regular expressions in maps.
Regular expressions in maps are only recognized when nginx is compiled
with the PCRE library. The simplest way to make sure it is the case
is to require the rewrite module, which cannot be compiled in without
the PCRE library.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 01 Aug 2024 10:37:20 +0300 |
parents | 94e0390dc64f |
children |
rev | line source |
---|---|
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for http ssl module with multiple certificates. |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 ############################################################################### |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 select STDERR; $| = 1; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDOUT; $| = 1; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
25 my $t = Test::Nginx->new()->has(qw/http http_ssl socket_ssl/) |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
26 ->has_daemon('openssl'); |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 |
1973
94e0390dc64f
Tests: guarded ssl_certificates.t for old OpenSSL versions.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1967
diff
changeset
|
28 plan(skip_all => 'no multiple certificates') |
94e0390dc64f
Tests: guarded ssl_certificates.t for old OpenSSL versions.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1967
diff
changeset
|
29 if $t->has_module('BoringSSL'); |
94e0390dc64f
Tests: guarded ssl_certificates.t for old OpenSSL versions.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1967
diff
changeset
|
30 plan(skip_all => 'no ECDSA support') |
94e0390dc64f
Tests: guarded ssl_certificates.t for old OpenSSL versions.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1967
diff
changeset
|
31 if $t->has_module('OpenSSL') and not $t->has_feature('openssl:0.9.8b'); |
1400
94bcad5611af
Tests: skip OCSP stapling and multiple cert tests with BoringSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1397
diff
changeset
|
32 |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 $t->write_file_expand('nginx.conf', <<'EOF'); |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 %%TEST_GLOBALS%% |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 daemon off; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 events { |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 } |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 http { |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 %%TEST_GLOBALS_HTTP%% |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 ssl_certificate_key rsa.key; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 ssl_certificate rsa.crt; |
1224
2ec9ce1bc820
Tests: fixed ssl_certificates.t for nginx built with OpenSSL 0.9.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1220
diff
changeset
|
47 ssl_ciphers DEFAULT:ECCdraft; |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
49 add_header X-SSL-Protocol $ssl_protocol; |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
50 |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 server { |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
52 listen 127.0.0.1:8443 ssl; |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 server_name localhost; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 |
1216
de7d3e249b35
Tests: switch from DSS to ECDSA in ssl_certificates.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
55 ssl_certificate_key ec.key; |
de7d3e249b35
Tests: switch from DSS to ECDSA in ssl_certificates.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
56 ssl_certificate ec.crt; |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 ssl_certificate_key rsa.key; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 ssl_certificate rsa.crt; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 ssl_certificate_key rsa.key; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 ssl_certificate rsa.crt; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 } |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 } |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 EOF |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 $t->write_file('openssl.conf', <<EOF); |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 [ req ] |
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1421
diff
changeset
|
70 default_bits = 2048 |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 encrypt_key = no |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 distinguished_name = req_distinguished_name |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 [ req_distinguished_name ] |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 EOF |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 my $d = $t->testdir(); |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1216
diff
changeset
|
78 system("openssl ecparam -genkey -out $d/ec.key -name prime256v1 " |
1216
de7d3e249b35
Tests: switch from DSS to ECDSA in ssl_certificates.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
79 . ">>$d/openssl.out 2>&1") == 0 or die "Can't create EC pem: $!\n"; |
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1421
diff
changeset
|
80 system("openssl genrsa -out $d/rsa.key 2048 >>$d/openssl.out 2>&1") == 0 |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 or die "Can't create RSA pem: $!\n"; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 |
1216
de7d3e249b35
Tests: switch from DSS to ECDSA in ssl_certificates.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
83 foreach my $name ('ec', 'rsa') { |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1216
diff
changeset
|
84 system("openssl req -x509 -new -key $d/$name.key " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1216
diff
changeset
|
85 . "-config $d/openssl.conf -subj /CN=$name/ " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1216
diff
changeset
|
86 . "-out $d/$name.crt -keyout $d/$name.key " |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 . ">>$d/openssl.out 2>&1") == 0 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 or die "Can't create certificate for $name: $!\n"; |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 } |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
91 $t->write_file('index.html', ''); |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
92 |
1216
de7d3e249b35
Tests: switch from DSS to ECDSA in ssl_certificates.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
93 $t->run()->plan(2); |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 ############################################################################### |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
97 TODO: { |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
98 local $TODO = 'broken TLSv1.3 sigalgs in LibreSSL' |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
99 if $t->has_module('LibreSSL') && test_tls13(); |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
100 |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
101 like(cert('RSA'), qr/CN=rsa/, 'ssl cert RSA'); |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
102 |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
103 } |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
104 |
1967
0a93f101925a
Tests: sigalgs handling with Net::SSLeay with LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1871
diff
changeset
|
105 TODO: { |
0a93f101925a
Tests: sigalgs handling with Net::SSLeay with LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1871
diff
changeset
|
106 local $TODO = 'no TLSv1.3 sigalgs in Net::SSLeay (LibreSSL)' |
0a93f101925a
Tests: sigalgs handling with Net::SSLeay with LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1871
diff
changeset
|
107 if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") |
0a93f101925a
Tests: sigalgs handling with Net::SSLeay with LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1871
diff
changeset
|
108 && !$t->has_module('LibreSSL') |
0a93f101925a
Tests: sigalgs handling with Net::SSLeay with LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1871
diff
changeset
|
109 && test_tls13(); |
0a93f101925a
Tests: sigalgs handling with Net::SSLeay with LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1871
diff
changeset
|
110 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
111 like(cert('ECDSA'), qr/CN=ec/, 'ssl cert ECDSA'); |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 |
1967
0a93f101925a
Tests: sigalgs handling with Net::SSLeay with LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1871
diff
changeset
|
113 } |
0a93f101925a
Tests: sigalgs handling with Net::SSLeay with LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1871
diff
changeset
|
114 |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 ############################################################################### |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
117 sub test_tls13 { |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
118 return http_get('/', SSL => 1) =~ /TLSv1.3/; |
1388
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
119 } |
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
120 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
121 sub cert { |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
122 my $s = get_socket(@_) || return; |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
123 return $s->dump_peer_certificate(); |
1388
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
124 } |
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
125 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
126 sub get_socket { |
1388
0090e2476ef0
Tests: support TLS 1.3 in ssl_certificates.t by preferring sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1224
diff
changeset
|
127 my ($type) = @_; |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
129 my $ctx_cb = sub { |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
130 my $ctx = shift; |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
131 return unless defined $type; |
1397
d3d2aabe16dd
Tests: LibreSSL client detection in multiple certificate tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1388
diff
changeset
|
132 my $ssleay = Net::SSLeay::SSLeay(); |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
133 return if ($ssleay < 0x1000200f || $ssleay == 0x20000000); |
1871
1ba5108b6c24
Tests: handled unsupported PSS in sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1865
diff
changeset
|
134 my @sigalgs = ('RSA+SHA256:PSS+SHA256', 'RSA+SHA256'); |
1ba5108b6c24
Tests: handled unsupported PSS in sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1865
diff
changeset
|
135 @sigalgs = ($type . '+SHA256') unless $type eq 'RSA'; |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
136 # SSL_CTRL_SET_SIGALGS_LIST |
1871
1ba5108b6c24
Tests: handled unsupported PSS in sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1865
diff
changeset
|
137 Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs[0]) |
1ba5108b6c24
Tests: handled unsupported PSS in sigalgs.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1865
diff
changeset
|
138 or Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs[1]) |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
139 or die("Failed to set sigalgs"); |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
140 }; |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
141 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
142 return http_get( |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
143 '/', start => 1, |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
144 SSL => 1, |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
145 SSL_cipher_list => $type, |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
146 SSL_create_ctx_callback => $ctx_cb |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
147 ); |
930
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
148 } |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
149 |
183a6b1f3fa5
Tests: http ssl tests with multiple certificates (ticket #814).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
150 ############################################################################### |