Mercurial > hg > nginx-tests
annotate ssl.t @ 1829:a78c32419f02
Tests: separate SSL session reuse tests.
Instead of being mixed with generic SSL tests, session reuse variants
are now tested in a separate file.
In the generic SSL tests only basic session reuse is now tested,
notably with session tickets enabled and a shared SSL session cache.
This should make it possible to reuse sessions in all cases (except
when it's not supported, such as with LibreSSL with TLSv1.3).
Note that session reuse with tickets implies that $ssl_session_id
is selected by the client and therefore is not available on the
initial connection. Relevant test is modified to handle this.
Further, BoringSSL does not use legacy session ID with TLSv1.3 even
if it is sent by the client. In contrast, OpenSSL always generates
an unique legacy session id, so it is available with TLSv1.3 even if
session resumption does not work (such as with old Net::SSLeay and
IO::Socket::SSL modules).
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 23 Mar 2023 19:49:47 +0300 |
parents | 84b6bb8d74e5 |
children | 8dec885fa3da |
rev | line source |
---|---|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
4 # (C) Andrey Zelenkov |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 # (C) Nginx, Inc. |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 # Tests for http ssl module. |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 ############################################################################### |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use warnings; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 use strict; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 use Test::More; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 |
1325
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
16 use Socket qw/ CRLF /; |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
17 |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 BEGIN { use FindBin; chdir($FindBin::Bin); } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 use lib 'lib'; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 use Test::Nginx; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 ############################################################################### |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 select STDERR; $| = 1; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 select STDOUT; $| = 1; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 |
430
a82b02635614
Tests: skip ssl tests with ancient IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
397
diff
changeset
|
28 eval { require IO::Socket::SSL; }; |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 plan(skip_all => 'IO::Socket::SSL not installed') if $@; |
430
a82b02635614
Tests: skip ssl tests with ancient IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
397
diff
changeset
|
30 eval { IO::Socket::SSL::SSL_VERIFY_NONE(); }; |
a82b02635614
Tests: skip ssl tests with ancient IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
397
diff
changeset
|
31 plan(skip_all => 'IO::Socket::SSL too old') if $@; |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 |
1325
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
33 my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite proxy/) |
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
34 ->has_daemon('openssl')->plan(21); |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
36 $t->write_file_expand('nginx.conf', <<'EOF'); |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 %%TEST_GLOBALS%% |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 daemon off; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 events { |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 http { |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 %%TEST_GLOBALS_HTTP%% |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
48 ssl_certificate_key localhost.key; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
49 ssl_certificate localhost.crt; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
50 |
1675
0d1cec688111
Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1655
diff
changeset
|
51 log_format ssl $ssl_protocol; |
0d1cec688111
Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1655
diff
changeset
|
52 |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
54 listen 127.0.0.1:8085 ssl; |
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
55 listen 127.0.0.1:8080; |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 server_name localhost; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
58 ssl_certificate_key inner.key; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
59 ssl_certificate inner.crt; |
503
071e8941e3bf
Tests: reduce shared memory zone sizes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
430
diff
changeset
|
60 ssl_session_cache shared:SSL:1m; |
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
61 ssl_session_tickets on; |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
62 ssl_verify_client optional_no_ca; |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 |
1552
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
64 keepalive_requests 1000; |
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
65 |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
66 location / { |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 return 200 "body $ssl_session_reused"; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 location /id { |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 return 200 "body $ssl_session_id"; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 } |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
72 location /cipher { |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
73 return 200 "body $ssl_cipher"; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
74 } |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
75 location /ciphers { |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
76 return 200 "body $ssl_ciphers"; |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
77 } |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
78 location /client_verify { |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
79 return 200 "body $ssl_client_verify"; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
80 } |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
81 location /protocol { |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
82 return 200 "body $ssl_protocol"; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
83 } |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
84 location /issuer { |
1382
cb1346b553aa
Tests: simple https tests merged back.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1325
diff
changeset
|
85 return 200 "body $ssl_client_i_dn:$ssl_client_i_dn_legacy"; |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
86 } |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
87 location /subject { |
1382
cb1346b553aa
Tests: simple https tests merged back.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1325
diff
changeset
|
88 return 200 "body $ssl_client_s_dn:$ssl_client_s_dn_legacy"; |
cb1346b553aa
Tests: simple https tests merged back.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1325
diff
changeset
|
89 } |
cb1346b553aa
Tests: simple https tests merged back.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1325
diff
changeset
|
90 location /time { |
cb1346b553aa
Tests: simple https tests merged back.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1325
diff
changeset
|
91 return 200 "body $ssl_client_v_start!$ssl_client_v_end!$ssl_client_v_remain"; |
1094
dd8f126afa32
Tests: client certificate time variables tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1093
diff
changeset
|
92 } |
1325
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
93 |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
94 location /body { |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
95 add_header X-Body $request_body always; |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
96 proxy_pass http://127.0.0.1:8080/; |
1675
0d1cec688111
Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1655
diff
changeset
|
97 |
0d1cec688111
Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1655
diff
changeset
|
98 access_log %%TESTDIR%%/ssl.log ssl; |
1325
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
99 } |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
100 } |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
101 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
102 server { |
1655
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
103 listen 127.0.0.1:8086 ssl; |
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
104 server_name localhost; |
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
105 |
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
106 ssl_session_cache shared:SSL:1m; |
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
107 ssl_session_tickets on; |
1655
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
108 ssl_session_timeout 1; |
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
109 |
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
110 location / { |
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
111 return 200 "body $ssl_session_reused"; |
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
112 } |
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
113 } |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 EOF |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 $t->write_file('openssl.conf', <<EOF); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 [ req ] |
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1478
diff
changeset
|
120 default_bits = 2048 |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 encrypt_key = no |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 distinguished_name = req_distinguished_name |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 [ req_distinguished_name ] |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 EOF |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 my $d = $t->testdir(); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
128 $t->write_file('ca.conf', <<EOF); |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
129 [ ca ] |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
130 default_ca = myca |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
131 |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
132 [ myca ] |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
133 new_certs_dir = $d |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
134 database = $d/certindex |
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1478
diff
changeset
|
135 default_md = sha256 |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
136 policy = myca_policy |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
137 serial = $d/certserial |
1094
dd8f126afa32
Tests: client certificate time variables tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1093
diff
changeset
|
138 default_days = 3 |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
139 |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
140 [ myca_policy ] |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
141 commonName = supplied |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
142 EOF |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
143 |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
144 $t->write_file('certserial', '1000'); |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
145 $t->write_file('certindex', ''); |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
146 |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
147 system('openssl req -x509 -new ' |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1139
diff
changeset
|
148 . "-config $d/openssl.conf -subj /CN=issuer/ " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1139
diff
changeset
|
149 . "-out $d/issuer.crt -keyout $d/issuer.key " |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
150 . ">>$d/openssl.out 2>&1") == 0 |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
151 or die "Can't create certificate for issuer: $!\n"; |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
152 |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
153 system("openssl req -new " |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1139
diff
changeset
|
154 . "-config $d/openssl.conf -subj /CN=subject/ " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1139
diff
changeset
|
155 . "-out $d/subject.csr -keyout $d/subject.key " |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
156 . ">>$d/openssl.out 2>&1") == 0 |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
157 or die "Can't create certificate for subject: $!\n"; |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
158 |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1139
diff
changeset
|
159 system("openssl ca -batch -config $d/ca.conf " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1139
diff
changeset
|
160 . "-keyfile $d/issuer.key -cert $d/issuer.crt " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1139
diff
changeset
|
161 . "-subj /CN=subject/ -in $d/subject.csr -out $d/subject.crt " |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
162 . ">>$d/openssl.out 2>&1") == 0 |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
163 or die "Can't sign certificate for subject: $!\n"; |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
164 |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
165 foreach my $name ('localhost', 'inner') { |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
166 system('openssl req -x509 -new ' |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1139
diff
changeset
|
167 . "-config $d/openssl.conf -subj /CN=$name/ " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1139
diff
changeset
|
168 . "-out $d/$name.crt -keyout $d/$name.key " |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
169 . ">>$d/openssl.out 2>&1") == 0 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
170 or die "Can't create certificate for $name: $!\n"; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
171 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
172 |
1139
e7e968e3eb74
Tests: split ssl.t to run relevant tests on stable versions again.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1132
diff
changeset
|
173 $t->run(); |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
174 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
175 ############################################################################### |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
176 |
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
177 # ssl session reuse |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
178 |
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
179 my $ctx = get_ssl_context(); |
1478
f9718a0773b9
Tests: skip TLS 1.3 session reuse tests with older Perl modules.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1449
diff
changeset
|
180 |
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
181 like(get('/', 8085, $ctx), qr/^body \.$/m, 'session'); |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
182 |
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
183 TODO: { |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
184 local $TODO = 'no TLSv1.3 sessions, old Net::SSLeay' |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
185 if $Net::SSLeay::VERSION < 1.88 && test_tls13(); |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
186 local $TODO = 'no TLSv1.3 sessions, old IO::Socket::SSL' |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
187 if $IO::Socket::SSL::VERSION < 2.061 && test_tls13(); |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
188 |
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
189 like(get('/', 8085, $ctx), qr/^body r$/m, 'session reused'); |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
190 |
1478
f9718a0773b9
Tests: skip TLS 1.3 session reuse tests with older Perl modules.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1449
diff
changeset
|
191 } |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
192 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
193 # ssl certificate inheritance |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
194 |
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
195 my $s = get_ssl_socket(8086); |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
196 like($s->dump_peer_certificate(), qr/CN=localhost/, 'CN'); |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
197 |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
198 $s = get_ssl_socket(8085); |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
199 like($s->dump_peer_certificate(), qr/CN=inner/, 'CN inner'); |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
200 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
201 # session timeout |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
202 |
1655
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
203 $ctx = get_ssl_context(); |
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
204 |
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
205 get('/', 8086, $ctx); |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
206 select undef, undef, undef, 2.1; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
207 |
1655
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
208 like(get('/', 8086, $ctx), qr/^body \.$/m, 'session timeout'); |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
209 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
210 # embedded variables |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
211 |
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
212 $ctx = get_ssl_context(); |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
213 like(get('/id', 8085, $ctx), qr/^body (\w{64})?$/m, 'session id'); |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
214 like(get('/id', 8085, $ctx), qr/^body \w{64}$/m, 'session id reused'); |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
215 |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
216 unlike(http_get('/id'), qr/body \w/, 'session id no ssl'); |
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
217 |
1067
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
218 like(get('/cipher', 8085), qr/^body [\w-]+$/m, 'cipher'); |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
219 |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
220 SKIP: { |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
221 skip 'BoringSSL', 1 if $t->has_module('BoringSSL'); |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
222 |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
223 like(get('/ciphers', 8085), qr/^body [:\w-]+$/m, 'ciphers'); |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
224 |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
225 } |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
226 |
1067
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
227 like(get('/client_verify', 8085), qr/^body NONE$/m, 'client verify'); |
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
228 like(get('/protocol', 8085), qr/^body (TLS|SSL)v(\d|\.)+$/m, 'protocol'); |
1382
cb1346b553aa
Tests: simple https tests merged back.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1325
diff
changeset
|
229 like(cert('/issuer', 8085), qr!^body CN=issuer:/CN=issuer$!m, 'issuer'); |
cb1346b553aa
Tests: simple https tests merged back.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1325
diff
changeset
|
230 like(cert('/subject', 8085), qr!^body CN=subject:/CN=subject$!m, 'subject'); |
cb1346b553aa
Tests: simple https tests merged back.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1325
diff
changeset
|
231 like(cert('/time', 8085), qr/^body [:\s\w]+![:\s\w]+![23]$/m, 'time'); |
1139
e7e968e3eb74
Tests: split ssl.t to run relevant tests on stable versions again.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1132
diff
changeset
|
232 |
1325
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
233 # c->read->ready handling bug in ngx_ssl_recv(), triggered with chunked body |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
234 |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
235 like(get_body('/body', '0123456789', 20, 5), qr/X-Body: (0123456789){100}/, |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
236 'request body chunked'); |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
237 |
1552
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
238 # pipelined requests |
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
239 |
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
240 $s = get_ssl_socket(8085); |
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
241 my $req = <<EOF; |
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
242 GET / HTTP/1.1 |
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
243 Host: localhost |
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
244 |
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
245 EOF |
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
246 |
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
247 $req x= 1000; |
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
248 |
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
249 my $r = http($req, socket => $s) || ""; |
1820
84b6bb8d74e5
Tests: speedup lingering close with request pipelining.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1748
diff
changeset
|
250 $s = undef; |
1552
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
251 is(() = $r =~ /(200 OK)/g, 1000, 'pipelined requests'); |
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
252 |
1723
3581dc3c1937
Tests: added ssl test for "unexpected eof while reading".
Sergey Kandaurov <pluknet@nginx.com>
parents:
1695
diff
changeset
|
253 # OpenSSL 3.0 error "unexpected eof while reading" seen as a critical error |
3581dc3c1937
Tests: added ssl test for "unexpected eof while reading".
Sergey Kandaurov <pluknet@nginx.com>
parents:
1695
diff
changeset
|
254 |
3581dc3c1937
Tests: added ssl test for "unexpected eof while reading".
Sergey Kandaurov <pluknet@nginx.com>
parents:
1695
diff
changeset
|
255 ok(get_ssl_socket(8085), 'ssl unexpected eof'); |
3581dc3c1937
Tests: added ssl test for "unexpected eof while reading".
Sergey Kandaurov <pluknet@nginx.com>
parents:
1695
diff
changeset
|
256 |
1608
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
257 # close_notify is sent before lingering close |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
258 |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
259 is(get_ssl_shutdown(8085), 1, 'ssl shutdown on lingering close'); |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
260 |
1675
0d1cec688111
Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1655
diff
changeset
|
261 $t->stop(); |
0d1cec688111
Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1655
diff
changeset
|
262 |
0d1cec688111
Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1655
diff
changeset
|
263 like($t->read_file('ssl.log'), qr/^(TLS|SSL)v(\d|\.)+$/m, |
0d1cec688111
Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1655
diff
changeset
|
264 'log ssl variable on lingering close'); |
0d1cec688111
Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1655
diff
changeset
|
265 |
1723
3581dc3c1937
Tests: added ssl test for "unexpected eof while reading".
Sergey Kandaurov <pluknet@nginx.com>
parents:
1695
diff
changeset
|
266 like(`grep -F '[crit]' ${\($t->testdir())}/error.log`, qr/^$/s, 'no crit'); |
3581dc3c1937
Tests: added ssl test for "unexpected eof while reading".
Sergey Kandaurov <pluknet@nginx.com>
parents:
1695
diff
changeset
|
267 |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
268 ############################################################################### |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
269 |
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
270 sub test_tls13 { |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
271 return get('/protocol', 8085) =~ /TLSv1.3/; |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
272 } |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
273 |
1067
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
274 sub get { |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
275 my ($uri, $port, $ctx) = @_; |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
276 my $s = get_ssl_socket($port, $ctx) or return; |
1132
3d312b6a1a19
Tests: avoid $ssl_session_reused tests failure with OpenSSL 1.1.0.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
277 my $r = http_get($uri, socket => $s); |
3d312b6a1a19
Tests: avoid $ssl_session_reused tests failure with OpenSSL 1.1.0.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
278 $s->close(); |
3d312b6a1a19
Tests: avoid $ssl_session_reused tests failure with OpenSSL 1.1.0.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
279 return $r; |
1067
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
280 } |
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
281 |
1325
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
282 sub get_body { |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
283 my ($uri, $body, $len, $n) = @_; |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
284 my $s = get_ssl_socket(8085) or return; |
1325
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
285 http("GET /body HTTP/1.1" . CRLF |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
286 . "Host: localhost" . CRLF |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
287 . "Connection: close" . CRLF |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
288 . "Transfer-Encoding: chunked" . CRLF . CRLF, |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
289 socket => $s, start => 1); |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
290 my $chs = unpack("H*", pack("C", length($body) * $len)); |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
291 http($chs . CRLF . $body x $len . CRLF, socket => $s, start => 1) |
1325
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
292 for 1 .. $n; |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
293 my $r = http("0" . CRLF . CRLF, socket => $s); |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
294 $s->close(); |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
295 return $r; |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
296 } |
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
297 |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
298 sub cert { |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
299 my ($uri, $port) = @_; |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
300 my $s = get_ssl_socket($port, undef, |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
301 SSL_cert_file => "$d/subject.crt", |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
302 SSL_key_file => "$d/subject.key") or return; |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
303 http_get($uri, socket => $s); |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
304 } |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
305 |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
306 sub get_ssl_context { |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
307 return IO::Socket::SSL::SSL_Context->new( |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
308 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
309 SSL_session_cache_size => 100 |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
310 ); |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
311 } |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
312 |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
313 sub get_ssl_socket { |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
314 my ($port, $ctx, %extra) = @_; |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
315 my $s; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
316 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
317 eval { |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
318 local $SIG{ALRM} = sub { die "timeout\n" }; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
319 local $SIG{PIPE} = sub { die "sigpipe\n" }; |
1421
4e48bf51714f
Tests: aligned various generic read timeouts to http_end().
Sergey Kandaurov <pluknet@nginx.com>
parents:
1407
diff
changeset
|
320 alarm(8); |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
321 $s = IO::Socket::SSL->new( |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
322 Proto => 'tcp', |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
323 PeerAddr => '127.0.0.1', |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
324 PeerPort => port($port), |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
325 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
326 SSL_reuse_ctx => $ctx, |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
327 SSL_error_trap => sub { die $_[1] }, |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
328 %extra |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
329 ); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
330 alarm(0); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
331 }; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
332 alarm(0); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
333 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
334 if ($@) { |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
335 log_in("died: $@"); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
336 return undef; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
337 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
338 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
339 return $s; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
340 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
341 |
1608
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
342 sub get_ssl_shutdown { |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
343 my ($port) = @_; |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
344 |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
345 my $s = IO::Socket::INET->new('127.0.0.1:' . port($port)); |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
346 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!"); |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
347 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!"); |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
348 Net::SSLeay::set_fd($ssl, fileno($s)); |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
349 Net::SSLeay::connect($ssl) or die("ssl connect"); |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
350 Net::SSLeay::write($ssl, 'GET /' . CRLF . 'extra'); |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
351 Net::SSLeay::read($ssl); |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
352 Net::SSLeay::set_shutdown($ssl, 1); |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
353 Net::SSLeay::shutdown($ssl); |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
354 } |
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
355 |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
356 ############################################################################### |