Mercurial > hg > nginx-tests
annotate proxy_ssl_conf_command.t @ 1971:ab45ee8011df
Tests: guarded session ticket tests for old OpenSSL versions.
Much like SNI support, TLS session tickets are available starting with
OpenSSL 0.9.8f if TLS extensions support is explicitly configured, and
enabled by default since 0.9.8j. As such, SNI availability is checked
to ensure TLS extensions support is compiled in.
Additionally, the ssl_session_ticket_key.t tests for automatic ticket key
rotation, which uses session ticket key callback, as introduced in
OpenSSL 0.9.8h.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 06 May 2024 00:03:16 +0300 |
parents | 236d038dc04a |
children | 11463d379570 |
rev | line source |
---|---|
1604
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
1697
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
6 # Tests for proxy_ssl_conf_command and friends. |
1604
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 ############################################################################### |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 select STDERR; $| = 1; |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDOUT; $| = 1; |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
1860
58951cf933e1
Tests: added has_feature() test for SSL libraries.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1697
diff
changeset
|
25 my $t = Test::Nginx->new() |
58951cf933e1
Tests: added has_feature() test for SSL libraries.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1697
diff
changeset
|
26 ->has(qw/http http_ssl proxy uwsgi http_v2 grpc openssl:1.0.2/) |
1604
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 ->has_daemon('openssl'); |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 |
1696
4baeba0e0da2
Tests: skip ssl_conf_command tests with BoringSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1693
diff
changeset
|
29 plan(skip_all => 'no ssl_conf_command') if $t->has_module('BoringSSL'); |
1692
f6795e2e6a4b
Tests: skip ssl_conf_command tests on too old OpenSSL explicitly.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1604
diff
changeset
|
30 |
1900
236d038dc04a
Tests: suppress "listen .. http2;" deprecation warnings.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1860
diff
changeset
|
31 $t->write_file_expand('nginx.conf', <<'EOF')->plan(3); |
1604
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 %%TEST_GLOBALS%% |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 daemon off; |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 events { |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 } |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 http { |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 %%TEST_GLOBALS_HTTP%% |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 server { |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 listen 127.0.0.1:8080; |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 server_name localhost; |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 |
1697
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
47 location / { |
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
48 proxy_ssl_certificate localhost.crt; |
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
49 proxy_ssl_certificate_key localhost.key; |
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
50 proxy_ssl_conf_command Certificate override.crt; |
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
51 proxy_ssl_conf_command PrivateKey override.key; |
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
52 proxy_pass https://127.0.0.1:8081; |
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
53 } |
1604
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 |
1697
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
55 location /uwsgi { |
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
56 uwsgi_ssl_certificate localhost.crt; |
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
57 uwsgi_ssl_certificate_key localhost.key; |
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
58 uwsgi_ssl_conf_command Certificate override.crt; |
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
59 uwsgi_ssl_conf_command PrivateKey override.key; |
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
60 uwsgi_ssl_session_reuse off; |
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
61 uwsgi_pass suwsgi://127.0.0.1:8081; |
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
62 } |
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
63 |
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
64 location /grpc { |
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
65 grpc_ssl_certificate localhost.crt; |
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
66 grpc_ssl_certificate_key localhost.key; |
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
67 grpc_ssl_conf_command Certificate override.crt; |
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
68 grpc_ssl_conf_command PrivateKey override.key; |
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
69 grpc_pass grpcs://127.0.0.1:8082; |
1604
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 } |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 } |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 server { |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 listen 127.0.0.1:8081 ssl; |
1697
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
75 listen 127.0.0.1:8082 ssl http2; |
1604
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 server_name localhost; |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 ssl_certificate localhost.crt; |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 ssl_certificate_key localhost.key; |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 ssl_verify_client optional_no_ca; |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 |
1697
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
82 # stub to implement SSL logic for tests |
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
83 |
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
84 add_header X-Cert $ssl_client_s_dn always; |
1604
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 } |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 } |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 EOF |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 $t->write_file('openssl.conf', <<EOF); |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 [ req ] |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 default_bits = 2048 |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 encrypt_key = no |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 distinguished_name = req_distinguished_name |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 [ req_distinguished_name ] |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 EOF |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 my $d = $t->testdir(); |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 foreach my $name ('localhost', 'override') { |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 system('openssl req -x509 -new ' |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 . "-config $d/openssl.conf -subj /CN=$name/ " |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 . "-out $d/$name.crt -keyout $d/$name.key " |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 . ">>$d/openssl.out 2>&1") == 0 |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 or die "Can't create certificate for $name: $!\n"; |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 } |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 $t->write_file('index.html', ''); |
1900
236d038dc04a
Tests: suppress "listen .. http2;" deprecation warnings.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1860
diff
changeset
|
109 |
236d038dc04a
Tests: suppress "listen .. http2;" deprecation warnings.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1860
diff
changeset
|
110 # suppress deprecation warning |
236d038dc04a
Tests: suppress "listen .. http2;" deprecation warnings.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1860
diff
changeset
|
111 |
236d038dc04a
Tests: suppress "listen .. http2;" deprecation warnings.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1860
diff
changeset
|
112 open OLDERR, ">&", \*STDERR; close STDERR; |
236d038dc04a
Tests: suppress "listen .. http2;" deprecation warnings.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1860
diff
changeset
|
113 $t->run(); |
236d038dc04a
Tests: suppress "listen .. http2;" deprecation warnings.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1860
diff
changeset
|
114 open STDERR, ">&", \*OLDERR; |
1604
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 ############################################################################### |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 |
1697
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
118 like(http_get('/'), qr/CN=override/, 'proxy_ssl_conf_command'); |
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
119 like(http_get('/uwsgi'), qr/CN=override/, 'uwsgi_ssl_conf_command'); |
5386f4328b90
Tests: added OpenSSL command tests for uwsgi and grpc backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1696
diff
changeset
|
120 like(http_get('/grpc'), qr/CN=override/, 'grpc_ssl_conf_command'); |
1604
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 |
4be791074207
Tests: proxy_ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 ############################################################################### |