Mercurial > hg > nginx-tests
annotate ssl_curve.t @ 1933:9bafe7cddd3c
Tests: improved QUIC key update tests with old keys.
On unsuccessful protection removal, it is now retried with old keys.
Otherwise, old keys are removed to ensure they're no longer in use.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Mon, 21 Aug 2023 17:26:47 +0400 |
parents | a797d7428fa5 |
children | 6bafe9419126 |
rev | line source |
---|---|
1749 | 1 #!/usr/bin/perl |
2 | |
3 # (C) Sergey Kandaurov | |
4 # (C) Nginx, Inc. | |
5 | |
6 # Tests for http ssl module, $ssl_curve variable. | |
7 | |
8 ############################################################################### | |
9 | |
10 use warnings; | |
11 use strict; | |
12 | |
13 use Test::More; | |
14 | |
15 BEGIN { use FindBin; chdir($FindBin::Bin); } | |
16 | |
17 use lib 'lib'; | |
18 use Test::Nginx; | |
19 | |
20 ############################################################################### | |
21 | |
22 select STDERR; $| = 1; | |
23 select STDOUT; $| = 1; | |
24 | |
1860
58951cf933e1
Tests: added has_feature() test for SSL libraries.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
25 my $t = Test::Nginx->new() |
58951cf933e1
Tests: added has_feature() test for SSL libraries.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
26 ->has(qw/http http_ssl rewrite socket_ssl openssl:3.0.0/) |
1749 | 27 ->has_daemon('openssl'); |
28 | |
29 $t->write_file_expand('nginx.conf', <<'EOF'); | |
30 | |
31 %%TEST_GLOBALS%% | |
32 | |
33 daemon off; | |
34 | |
35 events { | |
36 } | |
37 | |
38 http { | |
39 %%TEST_GLOBALS_HTTP%% | |
40 | |
41 ssl_certificate_key localhost.key; | |
42 ssl_certificate localhost.crt; | |
43 | |
44 ssl_ecdh_curve prime256v1; | |
45 | |
46 server { | |
47 listen 127.0.0.1:8443 ssl; | |
48 server_name localhost; | |
49 | |
50 return 200 "$ssl_curve $ssl_curves"; | |
51 } | |
52 } | |
53 | |
54 EOF | |
55 | |
56 $t->write_file('openssl.conf', <<EOF); | |
57 [ req ] | |
58 default_bits = 2048 | |
59 encrypt_key = no | |
60 distinguished_name = req_distinguished_name | |
61 [ req_distinguished_name ] | |
62 EOF | |
63 | |
64 my $d = $t->testdir(); | |
65 | |
66 foreach my $name ('localhost') { | |
67 system('openssl req -x509 -new ' | |
68 . "-config $d/openssl.conf -subj /CN=$name/ " | |
69 . "-out $d/$name.crt -keyout $d/$name.key " | |
70 . ">>$d/openssl.out 2>&1") == 0 | |
71 or die "Can't create certificate for $name: $!\n"; | |
72 } | |
73 | |
74 $t->try_run('no $ssl_curve')->plan(1); | |
75 | |
76 ############################################################################### | |
77 | |
1866
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
78 like(http_get('/curve', SSL => 1), qr/^prime256v1 /m, 'ssl curve'); |
1749 | 79 |
80 ############################################################################### |