Mercurial > hg > nginx-tests
annotate stream_proxy_ssl_certificate.t @ 1236:93f749c1d5c5
Tests: fixed parallel tests execution with UDP.
Previously, when checking ports availability, a UDP socket was always created
first, then a TCP socket was created. On success, one of UDP and TCP sockets
was closed (depending on the "udp" option) and the second one was used to busy
this port in other scripts. This lead to the following problem: in an attempt
to reopen a UDP socket used in a given testing script it could be stolen by
another script as part of checking ports availability.
To solve this problem, UDP and TCP ports were split into two non-overlapping
ranges: TCP ports are only used in the range 8000-8499, and UDP ports - in
the range 8500-8999. In addition, the order of creating sockets in UDP tests
has been reversed: now a TCP socket used as a lock precedes a UDP socket.
author | Andrey Zelenkov <zelenkov@nginx.com> |
---|---|
date | Thu, 26 Oct 2017 18:00:21 +0300 |
parents | 0af58b78df35 |
children | eadd24ccfda1 |
rev | line source |
---|---|
644
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for stream proxy module with proxy certificate to ssl backend. |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 # The proxy_ssl_certificate and proxy_ssl_password_file directives. |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 ############################################################################### |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use warnings; |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 use strict; |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 use Test::More; |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 BEGIN { use FindBin; chdir($FindBin::Bin); } |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use lib 'lib'; |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 use Test::Nginx; |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 ############################################################################### |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDERR; $| = 1; |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 select STDOUT; $| = 1; |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 my $t = Test::Nginx->new()->has(qw/stream stream_ssl http http_ssl/) |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 ->has_daemon('openssl')->plan(5); |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 $t->write_file_expand('nginx.conf', <<'EOF'); |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 %%TEST_GLOBALS%% |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 daemon off; |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 events { |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 } |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 stream { |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 proxy_ssl on; |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 proxy_ssl_session_reuse off; |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
43 listen 127.0.0.1:8082; |
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
44 proxy_pass 127.0.0.1:8080; |
644
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 proxy_ssl_certificate 1.example.com.crt; |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 proxy_ssl_certificate_key 1.example.com.key; |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 } |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
51 listen 127.0.0.1:8083; |
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
52 proxy_pass 127.0.0.1:8080; |
644
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 proxy_ssl_certificate 2.example.com.crt; |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 proxy_ssl_certificate_key 2.example.com.key; |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 } |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
59 listen 127.0.0.1:8084; |
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
60 proxy_pass 127.0.0.1:8081; |
644
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 proxy_ssl_certificate 3.example.com.crt; |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 proxy_ssl_certificate_key 3.example.com.key; |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 proxy_ssl_password_file password; |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 } |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 } |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 http { |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 %%TEST_GLOBALS_HTTP%% |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
72 listen 127.0.0.1:8080 ssl; |
644
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 server_name localhost; |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 ssl_certificate 2.example.com.crt; |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 ssl_certificate_key 2.example.com.key; |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 ssl_verify_client optional_no_ca; |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 ssl_trusted_certificate 1.example.com.crt; |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 location / { |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 add_header X-Verify $ssl_client_verify; |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 add_header X-Name $ssl_client_s_dn; |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 } |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 } |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
88 listen 127.0.0.1:8081 ssl; |
644
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 server_name localhost; |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 ssl_certificate 1.example.com.crt; |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 ssl_certificate_key 1.example.com.key; |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 ssl_verify_client optional_no_ca; |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 ssl_trusted_certificate 3.example.com.crt; |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 location / { |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 add_header X-Verify $ssl_client_verify; |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 } |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 } |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 } |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 EOF |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 $t->write_file('openssl.conf', <<EOF); |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 [ req ] |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 default_bits = 1024 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 encrypt_key = no |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 distinguished_name = req_distinguished_name |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 [ req_distinguished_name ] |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 EOF |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 my $d = $t->testdir(); |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 foreach my $name ('1.example.com', '2.example.com') { |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 system('openssl req -x509 -new ' |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
117 . "-config $d/openssl.conf -subj /CN=$name/ " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
118 . "-out $d/$name.crt -keyout $d/$name.key " |
644
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 . ">>$d/openssl.out 2>&1") == 0 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 or die "Can't create certificate for $name: $!\n"; |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 } |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 foreach my $name ('3.example.com') { |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
124 system("openssl genrsa -out $d/$name.key -passout pass:$name " |
1140
778eae8230e4
Tests: reduced OpenSSL default key length to 1024.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1069
diff
changeset
|
125 . "-aes128 1024 >>$d/openssl.out 2>&1") == 0 |
644
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 or die "Can't create private key: $!\n"; |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 system('openssl req -x509 -new ' |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
128 . "-config $d/openssl.conf -subj /CN=$name/ " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
129 . "-out $d/$name.crt " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
130 . "-key $d/$name.key -passin pass:$name" |
644
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
131 . ">>$d/openssl.out 2>&1") == 0 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
132 or die "Can't create certificate for $name: $!\n"; |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
133 } |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 $t->write_file('password', '3.example.com'); |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
136 $t->write_file('index.html', ''); |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
137 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
138 $t->run(); |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
140 ############################################################################### |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
141 |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
142 like(http_get('/', socket => getconn('127.0.0.1:' . port(8082))), |
644
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
143 qr/X-Verify: SUCCESS/ms, 'verify certificate'); |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
144 like(http_get('/', socket => getconn('127.0.0.1:' . port(8083))), |
644
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
145 qr/X-Verify: FAILED/ms, 'fail certificate'); |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
146 like(http_get('/', socket => getconn('127.0.0.1:' . port(8084))), |
644
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 qr/X-Verify: SUCCESS/ms, 'with encrypted key'); |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
148 |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
149 like(http_get('/', socket => getconn('127.0.0.1:' . port(8082))), |
1069
1b11a12be179
Tests: pass both issuer/subject variable formats where appropriate.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1039
diff
changeset
|
150 qr!X-Name: /?CN=1.example!, 'valid certificate'); |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
151 unlike(http_get('/', socket => getconn('127.0.0.1:' . port(8083))), |
1069
1b11a12be179
Tests: pass both issuer/subject variable formats where appropriate.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1039
diff
changeset
|
152 qr!X-Name: /?CN=1.example!, 'invalid certificate'); |
644
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
153 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
154 ############################################################################### |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
155 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
156 sub getconn { |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
157 my $peer = shift; |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
158 my $s = IO::Socket::INET->new( |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
159 Proto => 'tcp', |
952
e9064d691790
Tests: converted tests to run in parallel.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
644
diff
changeset
|
160 PeerAddr => $peer |
644
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
161 ) |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
162 or die "Can't connect to nginx: $!\n"; |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
163 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
164 return $s; |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
165 } |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
166 |
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
167 ############################################################################### |