nginx-tests: ssl_certificate

annotate ssl_certificate_chain.t @ 1933:9bafe7cddd3c

Tests: improved QUIC key update tests with old keys. On unsuccessful protection removal, it is now retried with old keys. Otherwise, old keys are removed to ensure they're no longer in use.

author	Sergey Kandaurov <pluknet@nginx.com>
date	Mon, 21 Aug 2023 17:26:47 +0400
parents	a797d7428fa5
children	0b5ec15c62ed

rev	line source
686 0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	1 #!/usr/bin/perl
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	2
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	3 # (C) Sergey Kandaurov
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	4 # (C) Nginx, Inc.
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	5
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	6 # Tests for http ssl module with certificate chain.
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	7
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	8 ###############################################################################
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	9
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	10 use warnings;
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	11 use strict;
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	12
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	13 use Test::More;
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	14
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	15 BEGIN { use FindBin; chdir($FindBin::Bin); }
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	16
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	17 use lib 'lib';
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	18 use Test::Nginx;
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	19
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	20 ###############################################################################
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	21
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	22 select STDERR; $\| = 1;
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	23 select STDOUT; $\| = 1;
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	24
1858 cdcd75657e52 Tests: added has_feature() tests for IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1815 diff changeset	25 my $t = Test::Nginx->new()->has(qw/http http_ssl socket_ssl/)
686 0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	26 ->has_daemon('openssl')->plan(3);
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	27
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	28 $t->write_file_expand('nginx.conf', <<'EOF');
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	29
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	30 %%TEST_GLOBALS%%
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	31
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	32 daemon off;
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	33
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	34 events {
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	35 }
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	36
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	37 http {
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	38 %%TEST_GLOBALS_HTTP%%
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	39
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	40 server {
974 882267679006 Tests: simplified parallel modifications in tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 952 diff changeset	41 listen 127.0.0.1:8080 ssl;
686 0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	42 server_name localhost;
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	43
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	44 ssl_certificate_key end.key;
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	45 ssl_certificate end.crt;
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	46 }
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	47
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	48 server {
974 882267679006 Tests: simplified parallel modifications in tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 952 diff changeset	49 listen 127.0.0.1:8081 ssl;
686 0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	50 server_name localhost;
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	51
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	52 ssl_certificate_key int.key;
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	53 ssl_certificate int.crt;
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	54 }
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	55
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	56 server {
974 882267679006 Tests: simplified parallel modifications in tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 952 diff changeset	57 listen 127.0.0.1:8082 ssl;
686 0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	58 server_name localhost;
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	59
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	60 ssl_certificate_key end.key;
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	61 ssl_certificate end-int.crt;
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	62 }
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	63 }
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	64
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	65 EOF
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	66
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	67 my $d = $t->testdir();
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	68
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	69 $t->write_file('openssl.conf', <<EOF);
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	70 [ req ]
1488 dbce8fb5f5f8 Tests: align with OpenSSL security level 2. Sergey Kandaurov <pluknet@nginx.com> parents: 1421 diff changeset	71 default_bits = 2048
686 0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	72 encrypt_key = no
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	73 distinguished_name = req_distinguished_name
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	74 [ req_distinguished_name ]
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	75 EOF
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	76
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	77 $t->write_file('ca.conf', <<EOF);
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	78 [ ca ]
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	79 default_ca = myca
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	80
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	81 [ myca ]
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	82 new_certs_dir = $d
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	83 database = $d/certindex
1488 dbce8fb5f5f8 Tests: align with OpenSSL security level 2. Sergey Kandaurov <pluknet@nginx.com> parents: 1421 diff changeset	84 default_md = sha256
686 0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	85 policy = myca_policy
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	86 serial = $d/certserial
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	87 default_days = 1
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	88 x509_extensions = myca_extensions
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	89
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	90 [ myca_policy ]
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	91 commonName = supplied
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	92
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	93 [ myca_extensions ]
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	94 basicConstraints = critical,CA:TRUE
1815 173c9b792c2c Tests: fixed hostname verification in ssl_certificate_chain.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	95 subjectAltName = IP:127.0.0.1
686 0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	96 EOF
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	97
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	98 foreach my $name ('root') {
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	99 system('openssl req -x509 -new '
1220 0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1116 diff changeset	100 . "-config $d/openssl.conf -subj /CN=$name/ "
0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1116 diff changeset	101 . "-out $d/$name.crt -keyout $d/$name.key "
686 0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	102 . ">>$d/openssl.out 2>&1") == 0
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	103 or die "Can't create certificate for $name: $!\n";
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	104 }
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	105
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	106 foreach my $name ('int', 'end') {
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	107 system("openssl req -new "
1220 0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1116 diff changeset	108 . "-config $d/openssl.conf -subj /CN=$name/ "
0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1116 diff changeset	109 . "-out $d/$name.csr -keyout $d/$name.key "
686 0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	110 . ">>$d/openssl.out 2>&1") == 0
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	111 or die "Can't create certificate for $name: $!\n";
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	112 }
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	113
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	114 $t->write_file('certserial', '1000');
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	115 $t->write_file('certindex', '');
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	116
1220 0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1116 diff changeset	117 system("openssl ca -batch -config $d/ca.conf "
0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1116 diff changeset	118 . "-keyfile $d/root.key -cert $d/root.crt "
0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1116 diff changeset	119 . "-subj /CN=int/ -in $d/int.csr -out $d/int.crt "
686 0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	120 . ">>$d/openssl.out 2>&1") == 0
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	121 or die "Can't sign certificate for int: $!\n";
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	122
1220 0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1116 diff changeset	123 system("openssl ca -batch -config $d/ca.conf "
0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1116 diff changeset	124 . "-keyfile $d/int.key -cert $d/int.crt "
0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1116 diff changeset	125 . "-subj /CN=end/ -in $d/end.csr -out $d/end.crt "
686 0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	126 . ">>$d/openssl.out 2>&1") == 0
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	127 or die "Can't sign certificate for end: $!\n";
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	128
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	129 $t->write_file('end-int.crt',
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	130 $t->read_file('end.crt') . $t->read_file('int.crt'));
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	131
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	132 $t->run();
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	133
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	134 ###############################################################################
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	135
1866 a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	136 ok(!get_ssl_socket(8080), 'incomplete chain');
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	137 ok(get_ssl_socket(8081), 'intermediate');
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	138 ok(get_ssl_socket(8082), 'intermediate server');
686 0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	139
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	140 ###############################################################################
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	141
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	142 sub get_ssl_socket {
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	143 my ($port) = @_;
1866 a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	144 my ($verify);
686 0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	145
1866 a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	146 http(
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	147 '', PeerAddr => '127.0.0.1:' . port($port), start => 1,
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	148 SSL => 1,
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	149 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_PEER(),
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	150 SSL_ca_file => "$d/root.crt",
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	151 SSL_verify_callback => sub {
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	152 my ($ok) = @_;
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	153 $verify = $ok;
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	154 return $ok;
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	155 }
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	156 );
686 0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	157
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	158 return $verify;
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	159 }
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	160
0af386a519d2 Tests: tests for http ssl module with certificate chain. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	161 ###############################################################################

Mercurial > hg > nginx-tests

annotate ssl_certificate_chain.t @ 1933:9bafe7cddd3c