Mercurial > hg > nginx-tests
annotate ssl_engine_keys.t @ 1965:84f4d4930835
Tests: relaxed mail_imap_ssl.t cipher matching.
Previously, exact match between cipher name in the log and the one from
IO::Socket:SSL was needed, which might not be the case if nginx and
Net::SSLeay are compiled with different SSL libraries, notably LibreSSL
(which uses names like AEAD-AES256-GCM-SHA384 till 3.5.0), and
OpenSSL or BoringSSL (which use TLS_AES_256_GCM_SHA384). In particular,
this affects macOS, where Net::SSLeay compiled with LibreSSL 3.3.6 is
shipped with the OS, while nginx is likely to be compiled with OpenSSL.
Fix is to not require exact match but instead accept properly looking names
as checked by a regular expression, similarly to how it is already tested
in ssl.t and stream_ssl_variables.t.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 06 May 2024 00:01:40 +0300 |
parents | 7f09d144d15c |
children |
rev | line source |
---|---|
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for http ssl module, loading "engine:..." keys. |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 ############################################################################### |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 select STDERR; $| = 1; |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDOUT; $| = 1; |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 plan(skip_all => 'win32') if $^O eq 'MSWin32'; |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 plan(skip_all => 'may not work, leaves coredump') |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 unless $ENV{TEST_NGINX_UNSAFE}; |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 |
914
3ac4036b139d
Tests: fixed proxy prerequisites.
Sergey Kandaurov <pluknet@nginx.com>
parents:
568
diff
changeset
|
30 my $t = Test::Nginx->new()->has(qw/http proxy http_ssl/)->has_daemon('openssl') |
1747
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
31 ->has_daemon('softhsm2-util')->has_daemon('pkcs11-tool')->plan(2); |
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 $t->write_file_expand('nginx.conf', <<'EOF'); |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 %%TEST_GLOBALS%% |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 daemon off; |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 events { |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 } |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 http { |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 %%TEST_GLOBALS_HTTP%% |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
46 listen 127.0.0.1:8081 ssl; |
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
47 listen 127.0.0.1:8080; |
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 server_name localhost; |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 |
1328
a682c219af45
Tests: updated ssl_engine_keys.t test.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1220
diff
changeset
|
50 ssl_certificate localhost.crt; |
1747
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
51 ssl_certificate_key engine:pkcs11:id_00; |
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 location / { |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 # index index.html by default |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 } |
1446
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
56 |
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 location /proxy { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
58 proxy_pass https://127.0.0.1:8081/; |
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 } |
1446
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
60 |
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
61 location /var { |
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
62 proxy_pass https://127.0.0.1:8082/; |
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
63 proxy_ssl_name localhost; |
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
64 proxy_ssl_server_name on; |
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
65 } |
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
66 } |
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
67 |
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
68 server { |
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
69 listen 127.0.0.1:8082 ssl; |
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
70 server_name localhost; |
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
71 |
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
72 ssl_certificate $ssl_server_name.crt; |
1747
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
73 ssl_certificate_key engine:pkcs11:id_00; |
1446
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
74 |
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
75 location / { |
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
76 # index index.html by default |
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
77 } |
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 } |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 } |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 EOF |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 # Create a SoftHSM token with a secret key, and configure OpenSSL |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 # to access it using the pkcs11 engine, see detailed example |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 # posted by Dmitrii Pichulin here: |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 # |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 # http://mailman.nginx.org/pipermail/nginx-devel/2014-October/006151.html |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 # |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 # Note that library paths may differ on different systems, |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 # and may need to be adjusted. |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 $t->write_file('openssl.conf', <<EOF); |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 openssl_conf = openssl_def |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 [openssl_def] |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 engines = engine_section |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 [engine_section] |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 pkcs11 = pkcs11_section |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 [pkcs11_section] |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 engine_id = pkcs11 |
1328
a682c219af45
Tests: updated ssl_engine_keys.t test.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1220
diff
changeset
|
103 dynamic_path = /usr/local/lib/engines/pkcs11.so |
1747
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
104 MODULE_PATH = /usr/local/lib/softhsm/libsofthsm2.so |
1328
a682c219af45
Tests: updated ssl_engine_keys.t test.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1220
diff
changeset
|
105 init = 1 |
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 PIN = 1234 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 [ req ] |
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1446
diff
changeset
|
109 default_bits = 2048 |
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 encrypt_key = no |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 distinguished_name = req_distinguished_name |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 [ req_distinguished_name ] |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 EOF |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 my $d = $t->testdir(); |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 |
1747
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
117 $t->write_file('softhsm2.conf', <<EOF); |
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
118 directories.tokendir = $d/tokens/ |
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
119 objectstore.backend = file |
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 EOF |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 |
1747
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
122 mkdir($d . '/tokens'); |
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
123 |
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
124 $ENV{SOFTHSM2_CONF} = "$d/softhsm2.conf"; |
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 $ENV{OPENSSL_CONF} = "$d/openssl.conf"; |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 foreach my $name ('localhost') { |
1747
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
128 system('softhsm2-util --init-token --slot 0 --label NginxZero ' |
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 . '--pin 1234 --so-pin 1234 ' |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 . ">>$d/openssl.out 2>&1"); |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
131 |
1747
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
132 system('pkcs11-tool --module=/usr/local/lib/softhsm/libsofthsm2.so ' |
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1446
diff
changeset
|
133 . '-p 1234 -l -k -d 0 -a nx_key_0 --key-type rsa:2048 ' |
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 . ">>$d/openssl.out 2>&1"); |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 |
1747
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
136 system('openssl req -x509 -new ' |
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
137 . "-subj /CN=$name/ -out $d/$name.crt -text " |
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
138 . "-engine pkcs11 -keyform engine -key id_00 " |
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 . ">>$d/openssl.out 2>&1") == 0 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
140 or die "Can't create certificate for $name: $!\n"; |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
141 } |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
142 |
1535
144c6ce732e4
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
143 $t->run(); |
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
144 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
145 $t->write_file('index.html', ''); |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
146 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 ############################################################################### |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
148 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
149 like(http_get('/proxy'), qr/200 OK/, 'ssl engine keys'); |
1446
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
150 like(http_get('/var'), qr/200 OK/, 'ssl_certificate with variable'); |
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
151 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
152 ############################################################################### |