Mercurial > hg > nginx-tests
annotate stream_proxy_ssl_conf_command.t @ 1836:74cffa9d4c43
Tests: enabled session reuse via TLS session tickets.
This fixes tests with TLSv1.3 enabled when using BoringSSL, since
for TLSv1.3 it only supports session reuse via TLS session tickets,
and not server-side session cache.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Thu, 23 Mar 2023 19:50:02 +0300 |
| parents | 8f13779e2cde |
| children | 58951cf933e1 |
| rev | line source |
|---|---|
|
1604
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for stream proxy to ssl backend, proxy_ssl_conf_command. |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 ############################################################################### |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 select STDERR; $| = 1; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDOUT; $| = 1; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
|
1759
8f13779e2cde
Tests: fixed stream_proxy_ssl_conf_command.t on win32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
25 my $t = Test::Nginx->new()->has(qw/stream stream_ssl http http_ssl/) |
|
1604
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 ->has_daemon('openssl'); |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 |
|
1692
f6795e2e6a4b
Tests: skip ssl_conf_command tests on too old OpenSSL explicitly.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1609
diff
changeset
|
28 $t->{_configure_args} =~ /OpenSSL ([\d\.]+)/; |
|
f6795e2e6a4b
Tests: skip ssl_conf_command tests on too old OpenSSL explicitly.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1609
diff
changeset
|
29 plan(skip_all => 'OpenSSL too old') unless defined $1 and $1 ge '1.0.2'; |
|
1696
4baeba0e0da2
Tests: skip ssl_conf_command tests with BoringSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1693
diff
changeset
|
30 plan(skip_all => 'no ssl_conf_command') if $t->has_module('BoringSSL'); |
|
1692
f6795e2e6a4b
Tests: skip ssl_conf_command tests on too old OpenSSL explicitly.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1609
diff
changeset
|
31 |
|
1604
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 $t->write_file_expand('nginx.conf', <<'EOF'); |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 %%TEST_GLOBALS%% |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 daemon off; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 events { |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 } |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 stream { |
|
1609
f3ba4c74de31
Tests: added TEST_GLOBALS_STREAM variable support.
Andrei Belov <defan@nginx.com>
parents:
1606
diff
changeset
|
42 %%TEST_GLOBALS_STREAM%% |
|
f3ba4c74de31
Tests: added TEST_GLOBALS_STREAM variable support.
Andrei Belov <defan@nginx.com>
parents:
1606
diff
changeset
|
43 |
|
1604
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 server { |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 listen 127.0.0.1:8080; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 proxy_pass 127.0.0.1:8081; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 proxy_ssl on; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 proxy_ssl_certificate localhost.crt; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 proxy_ssl_certificate_key localhost.key; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 proxy_ssl_conf_command Certificate override.crt; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 proxy_ssl_conf_command PrivateKey override.key; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 } |
|
1759
8f13779e2cde
Tests: fixed stream_proxy_ssl_conf_command.t on win32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
54 } |
|
8f13779e2cde
Tests: fixed stream_proxy_ssl_conf_command.t on win32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
55 |
|
8f13779e2cde
Tests: fixed stream_proxy_ssl_conf_command.t on win32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
56 http { |
|
8f13779e2cde
Tests: fixed stream_proxy_ssl_conf_command.t on win32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
57 %%TEST_GLOBALS_HTTP%% |
|
1604
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 server { |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 listen 127.0.0.1:8081 ssl; |
|
1759
8f13779e2cde
Tests: fixed stream_proxy_ssl_conf_command.t on win32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
61 server_name localhost; |
|
1604
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 ssl_certificate localhost.crt; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 ssl_certificate_key localhost.key; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 ssl_verify_client optional_no_ca; |
|
1759
8f13779e2cde
Tests: fixed stream_proxy_ssl_conf_command.t on win32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
66 |
|
8f13779e2cde
Tests: fixed stream_proxy_ssl_conf_command.t on win32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
67 add_header X-Cert $ssl_client_s_dn always; |
|
1604
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 } |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 } |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 EOF |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 $t->write_file('openssl.conf', <<EOF); |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 [ req ] |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 default_bits = 2048 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 encrypt_key = no |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 distinguished_name = req_distinguished_name |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 [ req_distinguished_name ] |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 EOF |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 my $d = $t->testdir(); |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 foreach my $name ('localhost', 'override') { |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 system('openssl req -x509 -new ' |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 . "-config $d/openssl.conf -subj /CN=$name/ " |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 . "-out $d/$name.crt -keyout $d/$name.key " |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 . ">>$d/openssl.out 2>&1") == 0 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 or die "Can't create certificate for $name: $!\n"; |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 } |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 $t->write_file('index.html', ''); |
|
1693
5ac6efbe5552
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1692
diff
changeset
|
92 $t->run()->plan(1); |
|
1604
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 ############################################################################### |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 |
|
1759
8f13779e2cde
Tests: fixed stream_proxy_ssl_conf_command.t on win32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
96 like(http_get('/'), qr/CN=override/, 'proxy_ssl_conf_command'); |
|
1604
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 |
|
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 ############################################################################### |