Mercurial > hg > nginx-tests

annotate stream_ssl_verify_client.t @ 1625:a140cab489e8

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: added js buffer tests.
author Dmitry Volyntsev <xeioex@nginx.com>
date Wed, 25 Nov 2020 12:25:24 +0000
parents fd440d324700
children 818e6d8c43b5
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1104
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
1 #!/usr/bin/perl
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
2
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
3 # (C) Sergey Kandaurov
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
4 # (C) Andrey Zelenkov
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
5 # (C) Nginx, Inc.
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
6
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
7 # Tests for stream ssl module, ssl_verify_client.
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
8
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
9 ###############################################################################
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
10
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
11 use warnings;
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
12 use strict;
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
13
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
14 use Test::More;
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
15
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
16 BEGIN { use FindBin; chdir($FindBin::Bin); }
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
17
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
18 use lib 'lib';
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
19 use Test::Nginx;
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
20 use Test::Nginx::Stream qw/ stream /;
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
21
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
22 ###############################################################################
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
23
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
24 select STDERR; $| = 1;
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
25 select STDOUT; $| = 1;
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
26
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
27 eval {
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
28 require Net::SSLeay;
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
29 Net::SSLeay::load_error_strings();
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
30 Net::SSLeay::SSLeay_add_ssl_algorithms();
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
31 Net::SSLeay::randomize();
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
32 };
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
33 plan(skip_all => 'Net::SSLeay not installed') if $@;
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
34
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
35 my $t = Test::Nginx->new()->has(qw/stream stream_ssl stream_return/)
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
36 ->has_daemon('openssl');
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
37
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
38 $t->write_file_expand('nginx.conf', <<'EOF');
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
39
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
40 %%TEST_GLOBALS%%
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
41
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
42 daemon off;
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
43
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
44 events {
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
45 }
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
46
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
47 stream {
1609
f3ba4c74de31 Tests: added TEST_GLOBALS_STREAM variable support.
Andrei Belov <defan@nginx.com>
parents: 1488
diff changeset
48 %%TEST_GLOBALS_STREAM%%
f3ba4c74de31 Tests: added TEST_GLOBALS_STREAM variable support.
Andrei Belov <defan@nginx.com>
parents: 1488
diff changeset
49
1114
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
50 log_format status $status;
1104
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
51
1114
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
52 ssl_certificate_key 1.example.com.key;
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
53 ssl_certificate 1.example.com.crt;
1104
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
54
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
55 server {
1114
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
56 listen 127.0.0.1:8080;
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
57 return $ssl_client_verify:$ssl_client_cert;
1104
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
58
1114
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
59 ssl_verify_client on;
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
60 ssl_client_certificate 2.example.com.crt;
1104
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
61 }
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
62
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
63 server {
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
64 listen 127.0.0.1:8081 ssl;
1114
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
65 return $ssl_client_verify:$ssl_client_cert;
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
66
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
67 ssl_verify_client on;
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
68 ssl_client_certificate 2.example.com.crt;
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
69
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
70 access_log %%TESTDIR%%/status.log status;
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
71 }
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
72
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
73 server {
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
74 listen 127.0.0.1:8082 ssl;
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
75 return $ssl_client_verify:$ssl_client_cert;
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
76
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
77 ssl_verify_client optional;
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
78 ssl_client_certificate 2.example.com.crt;
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
79 ssl_trusted_certificate 3.example.com.crt;
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
80 }
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
81
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
82 server {
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
83 listen 127.0.0.1:8083 ssl;
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
84 return $ssl_client_verify:$ssl_client_cert;
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
85
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
86 ssl_verify_client optional_no_ca;
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
87 ssl_client_certificate 2.example.com.crt;
1104
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
88 }
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
89 }
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
90
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
91 EOF
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
92
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
93 $t->write_file('openssl.conf', <<EOF);
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
94 [ req ]
1488
dbce8fb5f5f8 Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1251
diff changeset
95 default_bits = 2048
1104
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
96 encrypt_key = no
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
97 distinguished_name = req_distinguished_name
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
98 [ req_distinguished_name ]
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
99 EOF
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
100
1114
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
101 my $d = $t->testdir();
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
102
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
103 foreach my $name ('1.example.com', '2.example.com', '3.example.com') {
1104
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
104 system('openssl req -x509 -new '
1220
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
105 . "-config $d/openssl.conf -subj /CN=$name/ "
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
106 . "-out $d/$name.crt -keyout $d/$name.key "
1104
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
107 . ">>$d/openssl.out 2>&1") == 0
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
108 or die "Can't create certificate for $name: $!\n";
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
109 }
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
110
1251
766bcbb632ee Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1235
diff changeset
111 $t->run()->plan(10);
1104
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
112
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
113 ###############################################################################
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
114
1235
3fc6817cd84a Tests: explicit peer port in stream tests now required.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 1220
diff changeset
115 is(stream('127.0.0.1:' . port(8080))->read(), ':', 'plain connection');
1114
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
116
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
117 is(get(8081), '', 'no cert');
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
118 is(get(8082, '1.example.com'), '', 'bad optional cert');
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
119 is(get(8082), 'NONE:', 'no optional cert');
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
120 like(get(8083, '1.example.com'), qr/FAILED.*BEGIN/, 'bad optional_no_ca cert');
1104
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
121
1114
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
122 like(get(8081, '2.example.com'), qr/SUCCESS.*BEGIN/, 'good cert');
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
123 like(get(8082, '2.example.com'), qr/SUCCESS.*BEGIN/, 'good cert optional');
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
124 like(get(8082, '3.example.com'), qr/SUCCESS.*BEGIN/, 'good cert trusted');
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
125
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
126 SKIP: {
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
127 skip 'Net::SSLeay version >= 1.36 required', 1 if $Net::SSLeay::VERSION < 1.36;
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
128
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
129 my $ca = join ' ', get(8082, '3.example.com');
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
130 is($ca, '/CN=2.example.com', 'no trusted sent');
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
131
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
132 }
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
133
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
134 $t->stop();
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
135
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
136 is($t->read_file('status.log'), "500\n200\n", 'log');
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
137
1104
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
138 ###############################################################################
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
139
1114
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
140 sub get {
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
141 my ($port, $cert) = @_;
1104
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
142
1621
fd440d324700 Tests: simplified get_ssl_socket() functions that use Net::SSLeay.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1609
diff changeset
143 my $s = IO::Socket::INET->new('127.0.0.1:' . port($port));
1114
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
144 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!");
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
145 Net::SSLeay::set_cert_and_key($ctx, "$d/$cert.crt", "$d/$cert.key")
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
146 or die if $cert;
1104
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
147 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!");
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
148 Net::SSLeay::set_fd($ssl, fileno($s));
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
149 Net::SSLeay::connect($ssl) or die("ssl connect");
1114
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
150
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
151 my $buf = Net::SSLeay::read($ssl);
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
152 log_in($buf);
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
153 return $buf unless wantarray();
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
154
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
155 my $list = Net::SSLeay::get_client_CA_list($ssl);
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
156 my @names;
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
157 for my $i (0 .. Net::SSLeay::sk_X509_NAME_num($list) - 1) {
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
158 my $name = Net::SSLeay::sk_X509_NAME_value($list, $i);
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
159 push @names, Net::SSLeay::X509_NAME_oneline($name);
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
160 }
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
161 return @names;
1104
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
162 }
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
163
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
164 ###############################################################################