Mercurial > hg > nginx-tests
annotate ssl_certificate_chain.t @ 836:a9c4cebcfe69
Tests: adjusted http resolver test with resend.
Don't bother with socket error to force resolver resend. Nginx doesn't handle
well ECONNREFUSED send() error, which results in "500 Internal Server Error".
It may deserve a separate test, though.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Fri, 29 Jan 2016 00:40:05 +0300 |
parents | 0af386a519d2 |
children | e9064d691790 |
rev | line source |
---|---|
686
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for http ssl module with certificate chain. |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 ############################################################################### |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 select STDERR; $| = 1; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDOUT; $| = 1; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 eval { require IO::Socket::SSL; }; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 plan(skip_all => 'IO::Socket::SSL not installed') if $@; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 eval { IO::Socket::SSL::SSL_VERIFY_NONE(); }; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 plan(skip_all => 'IO::Socket::SSL too old') if $@; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 my $t = Test::Nginx->new()->has(qw/http http_ssl/) |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 ->has_daemon('openssl')->plan(3); |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 $t->write_file_expand('nginx.conf', <<'EOF'); |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 %%TEST_GLOBALS%% |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 daemon off; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 events { |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 } |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 http { |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 %%TEST_GLOBALS_HTTP%% |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 server { |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 listen 127.0.0.1:8081 ssl; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 server_name localhost; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 ssl_certificate_key end.key; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 ssl_certificate end.crt; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 } |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 server { |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 listen 127.0.0.1:8082 ssl; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 server_name localhost; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 ssl_certificate_key int.key; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 ssl_certificate int.crt; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 } |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 server { |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 listen 127.0.0.1:8083 ssl; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 server_name localhost; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 ssl_certificate_key end.key; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 ssl_certificate end-int.crt; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 } |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 } |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 EOF |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 my $d = $t->testdir(); |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 $t->write_file('openssl.conf', <<EOF); |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 [ req ] |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 default_bits = 2048 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 encrypt_key = no |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 distinguished_name = req_distinguished_name |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 [ req_distinguished_name ] |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 EOF |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 $t->write_file('ca.conf', <<EOF); |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 [ ca ] |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 default_ca = myca |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 [ myca ] |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 new_certs_dir = $d |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 database = $d/certindex |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 default_md = sha1 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 policy = myca_policy |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 serial = $d/certserial |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 default_days = 1 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 x509_extensions = myca_extensions |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 [ myca_policy ] |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 commonName = supplied |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 [ myca_extensions ] |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 basicConstraints = critical,CA:TRUE |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 EOF |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 foreach my $name ('root') { |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 system('openssl req -x509 -new ' |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 . "-config '$d/openssl.conf' -subj '/CN=$name/' " |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 . "-out '$d/$name.crt' -keyout '$d/$name.key' " |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 . ">>$d/openssl.out 2>&1") == 0 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 or die "Can't create certificate for $name: $!\n"; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 } |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 foreach my $name ('int', 'end') { |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 system("openssl req -new " |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 . "-config '$d/openssl.conf' -subj '/CN=$name/' " |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 . "-out '$d/$name.csr' -keyout '$d/$name.key' " |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 . ">>$d/openssl.out 2>&1") == 0 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 or die "Can't create certificate for $name: $!\n"; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 } |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 $t->write_file('certserial', '1000'); |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 $t->write_file('certindex', ''); |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 system("openssl ca -batch -config '$d/ca.conf' " |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 . "-keyfile '$d/root.key' -cert '$d/root.crt' " |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 . "-subj '/CN=int/' -in '$d/int.csr' -out '$d/int.crt' " |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 . ">>$d/openssl.out 2>&1") == 0 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 or die "Can't sign certificate for int: $!\n"; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 system("openssl ca -batch -config '$d/ca.conf' " |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 . "-keyfile '$d/int.key' -cert '$d/int.crt' " |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 . "-subj '/CN=end/' -in '$d/end.csr' -out '$d/end.crt' " |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 . ">>$d/openssl.out 2>&1") == 0 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
131 or die "Can't sign certificate for end: $!\n"; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
132 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
133 $t->write_file('end-int.crt', |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 $t->read_file('end.crt') . $t->read_file('int.crt')); |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
136 $t->run(); |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
137 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
138 ############################################################################### |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
140 is(get_ssl_socket(8081), undef, 'incomplete chain'); |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
141 ok(get_ssl_socket(8082), 'intermediate'); |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
142 ok(get_ssl_socket(8083), 'intermediate server'); |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
143 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
144 ############################################################################### |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
145 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
146 sub get_ssl_socket { |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 my ($port) = @_; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
148 my ($s, $verify); |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
149 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
150 eval { |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
151 local $SIG{ALRM} = sub { die "timeout\n" }; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
152 local $SIG{PIPE} = sub { die "sigpipe\n" }; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
153 alarm(2); |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
154 $s = IO::Socket::SSL->new( |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
155 Proto => 'tcp', |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
156 PeerAddr => '127.0.0.1', |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
157 PeerPort => $port, |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
158 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_PEER(), |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
159 SSL_ca_file => "$d/root.crt", |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
160 SSL_verify_callback => sub { |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
161 my ($ok) = @_; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
162 $verify = $ok; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
163 return $ok; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
164 }, |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
165 SSL_error_trap => sub { die $_[1] } |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
166 ); |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
167 alarm(0); |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
168 }; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
169 alarm(0); |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
170 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
171 if ($@) { |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
172 log_in("died: $@"); |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
173 return undef; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
174 } |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
175 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
176 return $verify; |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
177 } |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
178 |
0af386a519d2
Tests: tests for http ssl module with certificate chain.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
179 ############################################################################### |