Mercurial > hg > nginx-tests

annotate stream_ssl_certificate.t @ 1836:74cffa9d4c43

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: enabled session reuse via TLS session tickets. This fixes tests with TLSv1.3 enabled when using BoringSSL, since for TLSv1.3 it only supports session reuse via TLS session tickets, and not server-side session cache.
author Maxim Dounin <mdounin@mdounin.ru>
date Thu, 23 Mar 2023 19:50:02 +0300
parents da52525f49d1
children 0351dee227a8
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1443
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
1 #!/usr/bin/perl
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
2
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
3 # (C) Sergey Kandaurov
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
4 # (C) Nginx, Inc.
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
5
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
6 # Tests for stream ssl module with dynamic certificates.
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
7
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
8 ###############################################################################
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
9
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
10 use warnings;
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
11 use strict;
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
12
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
13 use Test::More;
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
14
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
15 BEGIN { use FindBin; chdir($FindBin::Bin); }
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
16
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
17 use lib 'lib';
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
18 use Test::Nginx;
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
19
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
20 ###############################################################################
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
21
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
22 select STDERR; $| = 1;
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
23 select STDOUT; $| = 1;
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
24
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
25 eval {
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
26 require Net::SSLeay;
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
27 Net::SSLeay::load_error_strings();
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
28 Net::SSLeay::SSLeay_add_ssl_algorithms();
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
29 Net::SSLeay::randomize();
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
30 };
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
31 plan(skip_all => 'Net::SSLeay not installed') if $@;
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
32
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
33 eval {
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
34 my $ctx = Net::SSLeay::CTX_new() or die;
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
35 my $ssl = Net::SSLeay::new($ctx) or die;
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
36 Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die;
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
37 };
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
38 plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@;
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
39
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
40 my $t = Test::Nginx->new()->has(qw/stream stream_ssl stream_geo stream_return/)
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
41 ->has_daemon('openssl');
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
42
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
43 $t->{_configure_args} =~ /OpenSSL ([\d\.]+)/;
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
44 plan(skip_all => 'OpenSSL too old') unless defined $1 and $1 ge '1.0.2';
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
45
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
46 $t->write_file_expand('nginx.conf', <<'EOF');
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
47
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
48 %%TEST_GLOBALS%%
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
49
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
50 daemon off;
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
51
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
52 events {
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
53 }
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
54
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
55 stream {
1609
f3ba4c74de31 Tests: added TEST_GLOBALS_STREAM variable support.
Andrei Belov <defan@nginx.com>
parents: 1535
diff changeset
56 %%TEST_GLOBALS_STREAM%%
f3ba4c74de31 Tests: added TEST_GLOBALS_STREAM variable support.
Andrei Belov <defan@nginx.com>
parents: 1535
diff changeset
57
1443
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
58 geo $one {
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
59 default one;
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
60 }
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
61
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
62 geo $two {
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
63 default two;
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
64 }
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
65
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
66 geo $pass {
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
67 default pass;
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
68 }
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
69
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
70 ssl_session_cache shared:SSL:1m;
1836
74cffa9d4c43 Tests: enabled session reuse via TLS session tickets.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1637
diff changeset
71 ssl_session_tickets on;
1443
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
72
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
73 server {
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
74 listen 127.0.0.1:8080 ssl;
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
75 return $ssl_server_name:$ssl_session_reused;
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
76
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
77 ssl_certificate $one.crt;
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
78 ssl_certificate_key $one.key;
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
79 }
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
80
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
81 server {
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
82 listen 127.0.0.1:8083 ssl;
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
83 return $ssl_server_name:$ssl_session_reused;
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
84
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
85 # found in key
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
86 ssl_certificate pass.crt;
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
87 ssl_certificate_key $pass.key;
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
88 ssl_password_file password_file;
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
89 }
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
90
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
91 server {
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
92 listen 127.0.0.1:8081 ssl;
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
93 return $ssl_server_name:$ssl_session_reused;
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
94
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
95 ssl_certificate $one.crt;
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
96 ssl_certificate_key $one.key;
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
97 }
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
98
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
99 server {
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
100 listen 127.0.0.1:8082 ssl;
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
101 return $ssl_server_name:$ssl_session_reused;
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
102
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
103 ssl_certificate $two.crt;
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
104 ssl_certificate_key $two.key;
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
105 }
1445
889283abadf8 Tests: added basic ssl tests with dynamic certificate not found.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1443
diff changeset
106
889283abadf8 Tests: added basic ssl tests with dynamic certificate not found.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1443
diff changeset
107 server {
889283abadf8 Tests: added basic ssl tests with dynamic certificate not found.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1443
diff changeset
108 listen 127.0.0.1:8084 ssl;
889283abadf8 Tests: added basic ssl tests with dynamic certificate not found.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1443
diff changeset
109 return $ssl_server_name:$ssl_session_reused;
889283abadf8 Tests: added basic ssl tests with dynamic certificate not found.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1443
diff changeset
110
889283abadf8 Tests: added basic ssl tests with dynamic certificate not found.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1443
diff changeset
111 ssl_certificate $ssl_server_name.crt;
889283abadf8 Tests: added basic ssl tests with dynamic certificate not found.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1443
diff changeset
112 ssl_certificate_key $ssl_server_name.key;
889283abadf8 Tests: added basic ssl tests with dynamic certificate not found.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1443
diff changeset
113 }
1443
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
114 }
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
115
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
116 EOF
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
117
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
118 $t->write_file('openssl.conf', <<EOF);
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
119 [ req ]
1488
dbce8fb5f5f8 Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1445
diff changeset
120 default_bits = 2048
1443
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
121 encrypt_key = no
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
122 distinguished_name = req_distinguished_name
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
123 [ req_distinguished_name ]
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
124 EOF
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
125
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
126 my $d = $t->testdir();
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
127
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
128 foreach my $name ('one', 'two') {
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
129 system('openssl req -x509 -new '
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
130 . "-config $d/openssl.conf -subj /CN=$name/ "
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
131 . "-out $d/$name.crt -keyout $d/$name.key "
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
132 . ">>$d/openssl.out 2>&1") == 0
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
133 or die "Can't create certificate for $name: $!\n";
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
134 }
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
135
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
136 foreach my $name ('pass') {
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
137 system("openssl genrsa -out $d/$name.key -passout pass:pass "
1488
dbce8fb5f5f8 Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1445
diff changeset
138 . "-aes128 2048 >>$d/openssl.out 2>&1") == 0
1443
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
139 or die "Can't create $name key: $!\n";
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
140 system("openssl req -x509 -new -config $d/openssl.conf "
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
141 . "-subj /CN=$name/ -out $d/$name.crt -key $d/$name.key "
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
142 . "-passin pass:pass >>$d/openssl.out 2>&1") == 0
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
143 or die "Can't create $name certificate: $!\n";
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
144 }
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
145
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
146 $t->write_file('password_file', 'pass');
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
147 $t->write_file('index.html', '');
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
148
1535
144c6ce732e4 Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1488
diff changeset
149 $t->run()->plan(7);
1443
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
150
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
151 ###############################################################################
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
152
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
153 like(cert('default', 8080), qr/CN=one/, 'default certificate');
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
154 like(get('default', 8080), qr/default/, 'default context');
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
155
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
156 like(get('password', 8083), qr/password/, 'ssl_password_file');
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
157
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
158 # session reuse
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
159
1618
cea0591b13dd Tests: fixed TLSv1.3 session reuse in stream_ssl_certificate.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1609
diff changeset
160 my ($s, $ssl) = get('default', 8080);
1443
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
161 my $ses = Net::SSLeay::get_session($ssl);
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
162
1620
166461f0bd4b Tests: added $ssl_server_name checks to stream_ssl_certificate.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1619
diff changeset
163 like(get('default', 8080, $ses), qr/default:r/, 'session reused');
166461f0bd4b Tests: added $ssl_server_name checks to stream_ssl_certificate.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1619
diff changeset
164 like(get('default', 8081, $ses), qr/default:r/, 'session id context match');
166461f0bd4b Tests: added $ssl_server_name checks to stream_ssl_certificate.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1619
diff changeset
165 like(get('default', 8082, $ses), qr/default:\./, 'session id context distinct');
1443
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
166
1445
889283abadf8 Tests: added basic ssl tests with dynamic certificate not found.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1443
diff changeset
167 # errors
889283abadf8 Tests: added basic ssl tests with dynamic certificate not found.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1443
diff changeset
168
889283abadf8 Tests: added basic ssl tests with dynamic certificate not found.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1443
diff changeset
169 Net::SSLeay::ERR_clear_error();
889283abadf8 Tests: added basic ssl tests with dynamic certificate not found.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1443
diff changeset
170 get_ssl_socket('nx', 8084);
889283abadf8 Tests: added basic ssl tests with dynamic certificate not found.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1443
diff changeset
171 ok(Net::SSLeay::ERR_peek_error(), 'no certificate');
889283abadf8 Tests: added basic ssl tests with dynamic certificate not found.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1443
diff changeset
172
1443
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
173 ###############################################################################
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
174
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
175 sub get {
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
176 my ($host, $port, $ctx) = @_;
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
177 my ($s, $ssl) = get_ssl_socket($host, $port, $ctx) or return;
1637
da52525f49d1 Tests: avoid ssl_certificate.t hang on SIGPIPE.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1621
diff changeset
178
da52525f49d1 Tests: avoid ssl_certificate.t hang on SIGPIPE.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1621
diff changeset
179 local $SIG{PIPE} = 'IGNORE';
da52525f49d1 Tests: avoid ssl_certificate.t hang on SIGPIPE.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1621
diff changeset
180
1443
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
181 my $r = Net::SSLeay::read($ssl);
1619
436d0ffc2ea3 Tests: correctly shutdown ssl for reproducible session reuse tests.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1618
diff changeset
182 Net::SSLeay::shutdown($ssl);
1443
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
183 $s->close();
1618
cea0591b13dd Tests: fixed TLSv1.3 session reuse in stream_ssl_certificate.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1609
diff changeset
184 return $r unless wantarray();
cea0591b13dd Tests: fixed TLSv1.3 session reuse in stream_ssl_certificate.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1609
diff changeset
185 return ($s, $ssl);
1443
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
186 }
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
187
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
188 sub cert {
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
189 my ($host, $port, $ctx) = @_;
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
190 my ($s, $ssl) = get_ssl_socket($host, $port, $ctx) or return;
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
191 Net::SSLeay::dump_peer_certificate($ssl);
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
192 }
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
193
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
194 sub get_ssl_socket {
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
195 my ($host, $port, $ses) = @_;
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
196
1621
fd440d324700 Tests: simplified get_ssl_socket() functions that use Net::SSLeay.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1620
diff changeset
197 my $s = IO::Socket::INET->new('127.0.0.1:' . port($port));
1443
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
198 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!");
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
199 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!");
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
200 Net::SSLeay::set_tlsext_host_name($ssl, $host);
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
201 Net::SSLeay::set_session($ssl, $ses) if defined $ses;
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
202 Net::SSLeay::set_fd($ssl, fileno($s));
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
203 Net::SSLeay::connect($ssl) or die("ssl connect");
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
204 return ($s, $ssl);
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
205 }
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
206
7c217d343d1e Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
207 ###############################################################################