Mercurial > hg > nginx-tests
annotate ssl_certificate_chain.t @ 1836:74cffa9d4c43
Tests: enabled session reuse via TLS session tickets.
This fixes tests with TLSv1.3 enabled when using BoringSSL, since
for TLSv1.3 it only supports session reuse via TLS session tickets,
and not server-side session cache.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 23 Mar 2023 19:50:02 +0300 |
parents | 173c9b792c2c |
children | cdcd75657e52 |
rev | line source |
---|---|
686
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for http ssl module with certificate chain. |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 ############################################################################### |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 select STDERR; $| = 1; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDOUT; $| = 1; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 eval { require IO::Socket::SSL; }; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 plan(skip_all => 'IO::Socket::SSL not installed') if $@; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 eval { IO::Socket::SSL::SSL_VERIFY_NONE(); }; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 plan(skip_all => 'IO::Socket::SSL too old') if $@; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 my $t = Test::Nginx->new()->has(qw/http http_ssl/) |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 ->has_daemon('openssl')->plan(3); |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 $t->write_file_expand('nginx.conf', <<'EOF'); |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 %%TEST_GLOBALS%% |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 daemon off; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 events { |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 } |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 http { |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 %%TEST_GLOBALS_HTTP%% |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
46 listen 127.0.0.1:8080 ssl; |
686
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 server_name localhost; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 ssl_certificate_key end.key; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 ssl_certificate end.crt; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 } |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
54 listen 127.0.0.1:8081 ssl; |
686
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 server_name localhost; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 ssl_certificate_key int.key; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 ssl_certificate int.crt; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 } |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
62 listen 127.0.0.1:8082 ssl; |
686
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 server_name localhost; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 ssl_certificate_key end.key; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 ssl_certificate end-int.crt; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 } |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 } |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 EOF |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 my $d = $t->testdir(); |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 $t->write_file('openssl.conf', <<EOF); |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 [ req ] |
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1421
diff
changeset
|
76 default_bits = 2048 |
686
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 encrypt_key = no |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 distinguished_name = req_distinguished_name |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 [ req_distinguished_name ] |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 EOF |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 $t->write_file('ca.conf', <<EOF); |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 [ ca ] |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 default_ca = myca |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 [ myca ] |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 new_certs_dir = $d |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 database = $d/certindex |
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1421
diff
changeset
|
89 default_md = sha256 |
686
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 policy = myca_policy |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 serial = $d/certserial |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 default_days = 1 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 x509_extensions = myca_extensions |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 [ myca_policy ] |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 commonName = supplied |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 [ myca_extensions ] |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 basicConstraints = critical,CA:TRUE |
1815
173c9b792c2c
Tests: fixed hostname verification in ssl_certificate_chain.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
100 subjectAltName = IP:127.0.0.1 |
686
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 EOF |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 foreach my $name ('root') { |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 system('openssl req -x509 -new ' |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
105 . "-config $d/openssl.conf -subj /CN=$name/ " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
106 . "-out $d/$name.crt -keyout $d/$name.key " |
686
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 . ">>$d/openssl.out 2>&1") == 0 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 or die "Can't create certificate for $name: $!\n"; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 } |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 foreach my $name ('int', 'end') { |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 system("openssl req -new " |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
113 . "-config $d/openssl.conf -subj /CN=$name/ " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
114 . "-out $d/$name.csr -keyout $d/$name.key " |
686
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 . ">>$d/openssl.out 2>&1") == 0 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 or die "Can't create certificate for $name: $!\n"; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 } |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 $t->write_file('certserial', '1000'); |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 $t->write_file('certindex', ''); |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
122 system("openssl ca -batch -config $d/ca.conf " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
123 . "-keyfile $d/root.key -cert $d/root.crt " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
124 . "-subj /CN=int/ -in $d/int.csr -out $d/int.crt " |
686
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 . ">>$d/openssl.out 2>&1") == 0 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 or die "Can't sign certificate for int: $!\n"; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
128 system("openssl ca -batch -config $d/ca.conf " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
129 . "-keyfile $d/int.key -cert $d/int.crt " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
130 . "-subj /CN=end/ -in $d/end.csr -out $d/end.crt " |
686
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
131 . ">>$d/openssl.out 2>&1") == 0 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
132 or die "Can't sign certificate for end: $!\n"; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
133 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 $t->write_file('end-int.crt', |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 $t->read_file('end.crt') . $t->read_file('int.crt')); |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
136 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
137 $t->run(); |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
138 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 ############################################################################### |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
140 |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
141 is(get_ssl_socket(port(8080)), undef, 'incomplete chain'); |
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
142 ok(get_ssl_socket(port(8081)), 'intermediate'); |
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
143 ok(get_ssl_socket(port(8082)), 'intermediate server'); |
686
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
144 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
145 ############################################################################### |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
146 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 sub get_ssl_socket { |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
148 my ($port) = @_; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
149 my ($s, $verify); |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
150 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
151 eval { |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
152 local $SIG{ALRM} = sub { die "timeout\n" }; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
153 local $SIG{PIPE} = sub { die "sigpipe\n" }; |
1421
4e48bf51714f
Tests: aligned various generic read timeouts to http_end().
Sergey Kandaurov <pluknet@nginx.com>
parents:
1407
diff
changeset
|
154 alarm(8); |
686
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
155 $s = IO::Socket::SSL->new( |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
156 Proto => 'tcp', |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
157 PeerAddr => '127.0.0.1', |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
158 PeerPort => $port, |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
159 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_PEER(), |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
160 SSL_ca_file => "$d/root.crt", |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
161 SSL_verify_callback => sub { |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
162 my ($ok) = @_; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
163 $verify = $ok; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
164 return $ok; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
165 }, |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
166 SSL_error_trap => sub { die $_[1] } |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
167 ); |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
168 alarm(0); |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
169 }; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
170 alarm(0); |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
171 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
172 if ($@) { |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
173 log_in("died: $@"); |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
174 return undef; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
175 } |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
176 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
177 return $verify; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
178 } |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
179 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
180 ############################################################################### |