nginx-tests: ssl_curve.t annotate

annotate ssl_curve.t @ 1933:9bafe7cddd3c

Tests: improved QUIC key update tests with old keys. On unsuccessful protection removal, it is now retried with old keys. Otherwise, old keys are removed to ensure they're no longer in use.

author	Sergey Kandaurov <pluknet@nginx.com>
date	Mon, 21 Aug 2023 17:26:47 +0400
parents	a797d7428fa5
children	6bafe9419126

rev	line source
1749 34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	1 #!/usr/bin/perl
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	2
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	3 # (C) Sergey Kandaurov
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	4 # (C) Nginx, Inc.
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	5
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	6 # Tests for http ssl module, $ssl_curve variable.
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	7
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	8 ###############################################################################
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	9
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	10 use warnings;
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	11 use strict;
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	12
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	13 use Test::More;
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	14
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	15 BEGIN { use FindBin; chdir($FindBin::Bin); }
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	16
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	17 use lib 'lib';
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	18 use Test::Nginx;
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	19
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	20 ###############################################################################
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	21
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	22 select STDERR; $\| = 1;
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	23 select STDOUT; $\| = 1;
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	24
1860 58951cf933e1 Tests: added has_feature() test for SSL libraries. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	25 my $t = Test::Nginx->new()
58951cf933e1 Tests: added has_feature() test for SSL libraries. Maxim Dounin <mdounin@mdounin.ru> parents: 1858 diff changeset	26 ->has(qw/http http_ssl rewrite socket_ssl openssl:3.0.0/)
1749 34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	27 ->has_daemon('openssl');
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	28
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	29 $t->write_file_expand('nginx.conf', <<'EOF');
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	30
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	31 %%TEST_GLOBALS%%
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	32
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	33 daemon off;
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	34
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	35 events {
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	36 }
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	37
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	38 http {
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	39 %%TEST_GLOBALS_HTTP%%
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	40
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	41 ssl_certificate_key localhost.key;
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	42 ssl_certificate localhost.crt;
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	43
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	44 ssl_ecdh_curve prime256v1;
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	45
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	46 server {
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	47 listen 127.0.0.1:8443 ssl;
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	48 server_name localhost;
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	49
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	50 return 200 "$ssl_curve $ssl_curves";
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	51 }
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	52 }
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	53
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	54 EOF
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	55
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	56 $t->write_file('openssl.conf', <<EOF);
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	57 [ req ]
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	58 default_bits = 2048
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	59 encrypt_key = no
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	60 distinguished_name = req_distinguished_name
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	61 [ req_distinguished_name ]
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	62 EOF
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	63
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	64 my $d = $t->testdir();
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	65
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	66 foreach my $name ('localhost') {
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	67 system('openssl req -x509 -new '
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	68 . "-config $d/openssl.conf -subj /CN=$name/ "
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	69 . "-out $d/$name.crt -keyout $d/$name.key "
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	70 . ">>$d/openssl.out 2>&1") == 0
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	71 or die "Can't create certificate for $name: $!\n";
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	72 }
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	73
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	74 $t->try_run('no $ssl_curve')->plan(1);
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	75
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	76 ###############################################################################
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	77
1866 a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 1860 diff changeset	78 like(http_get('/curve', SSL => 1), qr/^prime256v1 /m, 'ssl curve');
1749 34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	79
34fc85598287 Tests: $ssl_curve. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	80 ###############################################################################

Mercurial > hg > nginx-tests

annotate ssl_curve.t @ 1933:9bafe7cddd3c