Mercurial > hg > nginx-tests
annotate ssl.t @ 1971:ab45ee8011df
Tests: guarded session ticket tests for old OpenSSL versions.
Much like SNI support, TLS session tickets are available starting with
OpenSSL 0.9.8f if TLS extensions support is explicitly configured, and
enabled by default since 0.9.8j. As such, SNI availability is checked
to ensure TLS extensions support is compiled in.
Additionally, the ssl_session_ticket_key.t tests for automatic ticket key
rotation, which uses session ticket key callback, as introduced in
OpenSSL 0.9.8h.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Mon, 06 May 2024 00:03:16 +0300 |
| parents | 6d3a8f4eb9b2 |
| children |
| rev | line source |
|---|---|
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
|
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
4 # (C) Andrey Zelenkov |
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 # (C) Nginx, Inc. |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 # Tests for http ssl module. |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 ############################################################################### |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use warnings; |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 use strict; |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 use Test::More; |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 |
|
1325
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
16 use Socket qw/ CRLF /; |
|
1866
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
17 use IO::Select; |
|
1325
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
18 |
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 BEGIN { use FindBin; chdir($FindBin::Bin); } |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 use lib 'lib'; |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 use Test::Nginx; |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 ############################################################################### |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 select STDERR; $| = 1; |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 select STDOUT; $| = 1; |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 |
|
1858
cdcd75657e52
Tests: added has_feature() tests for IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1830
diff
changeset
|
29 my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite proxy socket_ssl/) |
|
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
30 ->has_daemon('openssl')->plan(21); |
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 |
|
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
32 $t->write_file_expand('nginx.conf', <<'EOF'); |
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 %%TEST_GLOBALS%% |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 daemon off; |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 events { |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 } |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 http { |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 %%TEST_GLOBALS_HTTP%% |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 |
|
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
44 ssl_certificate_key localhost.key; |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
45 ssl_certificate localhost.crt; |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
46 |
|
1675
0d1cec688111
Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1655
diff
changeset
|
47 log_format ssl $ssl_protocol; |
|
0d1cec688111
Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1655
diff
changeset
|
48 |
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 server { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
50 listen 127.0.0.1:8085 ssl; |
|
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
51 listen 127.0.0.1:8080; |
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 server_name localhost; |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 |
|
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
54 ssl_certificate_key inner.key; |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
55 ssl_certificate inner.crt; |
|
503
071e8941e3bf
Tests: reduce shared memory zone sizes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
430
diff
changeset
|
56 ssl_session_cache shared:SSL:1m; |
|
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
57 ssl_session_tickets on; |
|
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
58 ssl_verify_client optional_no_ca; |
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 |
|
1552
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
60 keepalive_requests 1000; |
|
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
61 |
|
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
62 location / { |
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 return 200 "body $ssl_session_reused"; |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 } |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 location /id { |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 return 200 "body $ssl_session_id"; |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 } |
|
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
68 location /cipher { |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
69 return 200 "body $ssl_cipher"; |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
70 } |
|
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
71 location /ciphers { |
|
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
72 return 200 "body $ssl_ciphers"; |
|
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
73 } |
|
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
74 location /client_verify { |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
75 return 200 "body $ssl_client_verify"; |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
76 } |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
77 location /protocol { |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
78 return 200 "body $ssl_protocol"; |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
79 } |
|
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
80 location /issuer { |
|
1382
cb1346b553aa
Tests: simple https tests merged back.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1325
diff
changeset
|
81 return 200 "body $ssl_client_i_dn:$ssl_client_i_dn_legacy"; |
|
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
82 } |
|
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
83 location /subject { |
|
1382
cb1346b553aa
Tests: simple https tests merged back.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1325
diff
changeset
|
84 return 200 "body $ssl_client_s_dn:$ssl_client_s_dn_legacy"; |
|
cb1346b553aa
Tests: simple https tests merged back.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1325
diff
changeset
|
85 } |
|
cb1346b553aa
Tests: simple https tests merged back.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1325
diff
changeset
|
86 location /time { |
|
cb1346b553aa
Tests: simple https tests merged back.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1325
diff
changeset
|
87 return 200 "body $ssl_client_v_start!$ssl_client_v_end!$ssl_client_v_remain"; |
|
1094
dd8f126afa32
Tests: client certificate time variables tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1093
diff
changeset
|
88 } |
|
1325
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
89 |
|
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
90 location /body { |
|
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
91 add_header X-Body $request_body always; |
|
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
92 proxy_pass http://127.0.0.1:8080/; |
|
1675
0d1cec688111
Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1655
diff
changeset
|
93 |
|
0d1cec688111
Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1655
diff
changeset
|
94 access_log %%TESTDIR%%/ssl.log ssl; |
|
1325
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
95 } |
|
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
96 } |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
97 |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
98 server { |
|
1655
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
99 listen 127.0.0.1:8086 ssl; |
|
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
100 server_name localhost; |
|
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
101 |
|
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
102 ssl_session_cache shared:SSL:1m; |
|
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
103 ssl_session_tickets on; |
|
1655
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
104 ssl_session_timeout 1; |
|
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
105 |
|
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
106 location / { |
|
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
107 return 200 "body $ssl_session_reused"; |
|
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
108 } |
|
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
109 } |
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 } |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 EOF |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 $t->write_file('openssl.conf', <<EOF); |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 [ req ] |
|
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1478
diff
changeset
|
116 default_bits = 2048 |
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 encrypt_key = no |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 distinguished_name = req_distinguished_name |
|
1945
0b5ec15c62ed
Tests: compatibility with "openssl" app from OpenSSL 3.2.0.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1866
diff
changeset
|
119 x509_extensions = myca_extensions |
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 [ req_distinguished_name ] |
|
1945
0b5ec15c62ed
Tests: compatibility with "openssl" app from OpenSSL 3.2.0.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1866
diff
changeset
|
121 [ myca_extensions ] |
|
0b5ec15c62ed
Tests: compatibility with "openssl" app from OpenSSL 3.2.0.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1866
diff
changeset
|
122 basicConstraints = critical,CA:TRUE |
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 EOF |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 my $d = $t->testdir(); |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 |
|
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
127 $t->write_file('ca.conf', <<EOF); |
|
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
128 [ ca ] |
|
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
129 default_ca = myca |
|
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
130 |
|
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
131 [ myca ] |
|
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
132 new_certs_dir = $d |
|
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
133 database = $d/certindex |
|
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1478
diff
changeset
|
134 default_md = sha256 |
|
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
135 policy = myca_policy |
|
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
136 serial = $d/certserial |
|
1094
dd8f126afa32
Tests: client certificate time variables tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1093
diff
changeset
|
137 default_days = 3 |
|
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
138 |
|
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
139 [ myca_policy ] |
|
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
140 commonName = supplied |
|
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
141 EOF |
|
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
142 |
|
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
143 $t->write_file('certserial', '1000'); |
|
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
144 $t->write_file('certindex', ''); |
|
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
145 |
|
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
146 system('openssl req -x509 -new ' |
|
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1139
diff
changeset
|
147 . "-config $d/openssl.conf -subj /CN=issuer/ " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1139
diff
changeset
|
148 . "-out $d/issuer.crt -keyout $d/issuer.key " |
|
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
149 . ">>$d/openssl.out 2>&1") == 0 |
|
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
150 or die "Can't create certificate for issuer: $!\n"; |
|
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
151 |
|
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
152 system("openssl req -new " |
|
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1139
diff
changeset
|
153 . "-config $d/openssl.conf -subj /CN=subject/ " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1139
diff
changeset
|
154 . "-out $d/subject.csr -keyout $d/subject.key " |
|
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
155 . ">>$d/openssl.out 2>&1") == 0 |
|
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
156 or die "Can't create certificate for subject: $!\n"; |
|
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
157 |
|
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1139
diff
changeset
|
158 system("openssl ca -batch -config $d/ca.conf " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1139
diff
changeset
|
159 . "-keyfile $d/issuer.key -cert $d/issuer.crt " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1139
diff
changeset
|
160 . "-subj /CN=subject/ -in $d/subject.csr -out $d/subject.crt " |
|
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
161 . ">>$d/openssl.out 2>&1") == 0 |
|
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
162 or die "Can't sign certificate for subject: $!\n"; |
|
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
163 |
|
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
164 foreach my $name ('localhost', 'inner') { |
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
165 system('openssl req -x509 -new ' |
|
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1139
diff
changeset
|
166 . "-config $d/openssl.conf -subj /CN=$name/ " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1139
diff
changeset
|
167 . "-out $d/$name.crt -keyout $d/$name.key " |
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
168 . ">>$d/openssl.out 2>&1") == 0 |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
169 or die "Can't create certificate for $name: $!\n"; |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
170 } |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
171 |
|
1139
e7e968e3eb74
Tests: split ssl.t to run relevant tests on stable versions again.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1132
diff
changeset
|
172 $t->run(); |
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
173 |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
174 ############################################################################### |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
175 |
|
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
176 # ssl session reuse |
|
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
177 |
|
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
178 my $ctx = get_ssl_context(); |
|
1478
f9718a0773b9
Tests: skip TLS 1.3 session reuse tests with older Perl modules.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1449
diff
changeset
|
179 |
|
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
180 like(get('/', 8085, $ctx), qr/^body \.$/m, 'session'); |
|
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
181 |
|
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
182 TODO: { |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
183 local $TODO = 'no TLSv1.3 sessions, old Net::SSLeay' |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
184 if $Net::SSLeay::VERSION < 1.88 && test_tls13(); |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
185 local $TODO = 'no TLSv1.3 sessions, old IO::Socket::SSL' |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
186 if $IO::Socket::SSL::VERSION < 2.061 && test_tls13(); |
|
1830
8dec885fa3da
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1829
diff
changeset
|
187 local $TODO = 'no TLSv1.3 sessions in LibreSSL' |
|
8dec885fa3da
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1829
diff
changeset
|
188 if $t->has_module('LibreSSL') && test_tls13(); |
|
1966
c924ae8d7104
Tests: session reuse handling with Net::SSLeay with LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1945
diff
changeset
|
189 local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)' |
|
c924ae8d7104
Tests: session reuse handling with Net::SSLeay with LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1945
diff
changeset
|
190 if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13(); |
|
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
191 |
|
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
192 like(get('/', 8085, $ctx), qr/^body r$/m, 'session reused'); |
|
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
193 |
|
1478
f9718a0773b9
Tests: skip TLS 1.3 session reuse tests with older Perl modules.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1449
diff
changeset
|
194 } |
|
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
195 |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
196 # ssl certificate inheritance |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
197 |
|
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
198 my $s = get_ssl_socket(8086); |
|
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
199 like($s->dump_peer_certificate(), qr/CN=localhost/, 'CN'); |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
200 |
|
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
201 $s = get_ssl_socket(8085); |
|
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
202 like($s->dump_peer_certificate(), qr/CN=inner/, 'CN inner'); |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
203 |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
204 # session timeout |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
205 |
|
1655
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
206 $ctx = get_ssl_context(); |
|
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
207 |
|
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
208 get('/', 8086, $ctx); |
|
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
209 select undef, undef, undef, 2.1; |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
210 |
|
1655
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
211 like(get('/', 8086, $ctx), qr/^body \.$/m, 'session timeout'); |
|
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
212 |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
213 # embedded variables |
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
214 |
|
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
215 $ctx = get_ssl_context(); |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
216 like(get('/id', 8085, $ctx), qr/^body (\w{64})?$/m, 'session id'); |
|
1830
8dec885fa3da
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1829
diff
changeset
|
217 |
|
8dec885fa3da
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1829
diff
changeset
|
218 TODO: { |
|
8dec885fa3da
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1829
diff
changeset
|
219 local $TODO = 'no TLSv1.3 sessions in LibreSSL' |
|
8dec885fa3da
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1829
diff
changeset
|
220 if $t->has_module('LibreSSL') && test_tls13(); |
|
8dec885fa3da
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1829
diff
changeset
|
221 local $TODO = 'no TLSv1.3 sessions ids in BoringSSL' |
|
8dec885fa3da
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1829
diff
changeset
|
222 if $t->has_module('BoringSSL') && test_tls13(); |
|
8dec885fa3da
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1829
diff
changeset
|
223 |
|
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
224 like(get('/id', 8085, $ctx), qr/^body \w{64}$/m, 'session id reused'); |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
225 |
|
1830
8dec885fa3da
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1829
diff
changeset
|
226 } |
|
8dec885fa3da
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1829
diff
changeset
|
227 |
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
228 unlike(http_get('/id'), qr/body \w/, 'session id no ssl'); |
|
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
229 |
|
1067
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
230 like(get('/cipher', 8085), qr/^body [\w-]+$/m, 'cipher'); |
|
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
231 |
|
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
232 SKIP: { |
|
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
233 skip 'BoringSSL', 1 if $t->has_module('BoringSSL'); |
|
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
234 |
|
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
235 like(get('/ciphers', 8085), qr/^body [:\w-]+$/m, 'ciphers'); |
|
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
236 |
|
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
237 } |
|
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
238 |
|
1067
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
239 like(get('/client_verify', 8085), qr/^body NONE$/m, 'client verify'); |
|
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
240 like(get('/protocol', 8085), qr/^body (TLS|SSL)v(\d|\.)+$/m, 'protocol'); |
|
1382
cb1346b553aa
Tests: simple https tests merged back.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1325
diff
changeset
|
241 like(cert('/issuer', 8085), qr!^body CN=issuer:/CN=issuer$!m, 'issuer'); |
|
cb1346b553aa
Tests: simple https tests merged back.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1325
diff
changeset
|
242 like(cert('/subject', 8085), qr!^body CN=subject:/CN=subject$!m, 'subject'); |
|
cb1346b553aa
Tests: simple https tests merged back.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1325
diff
changeset
|
243 like(cert('/time', 8085), qr/^body [:\s\w]+![:\s\w]+![23]$/m, 'time'); |
|
1139
e7e968e3eb74
Tests: split ssl.t to run relevant tests on stable versions again.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1132
diff
changeset
|
244 |
|
1325
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
245 # c->read->ready handling bug in ngx_ssl_recv(), triggered with chunked body |
|
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
246 |
|
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
247 like(get_body('/body', '0123456789', 20, 5), qr/X-Body: (0123456789){100}/, |
|
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
248 'request body chunked'); |
|
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
249 |
|
1552
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
250 # pipelined requests |
|
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
251 |
|
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
252 $s = get_ssl_socket(8085); |
|
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
253 my $req = <<EOF; |
|
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
254 GET / HTTP/1.1 |
|
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
255 Host: localhost |
|
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
256 |
|
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
257 EOF |
|
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
258 |
|
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
259 $req x= 1000; |
|
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
260 |
|
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
261 my $r = http($req, socket => $s) || ""; |
|
1820
84b6bb8d74e5
Tests: speedup lingering close with request pipelining.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1748
diff
changeset
|
262 $s = undef; |
|
1552
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
263 is(() = $r =~ /(200 OK)/g, 1000, 'pipelined requests'); |
|
3b6b2667ece9
Tests: added https test with pipelined requests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1514
diff
changeset
|
264 |
|
1723
3581dc3c1937
Tests: added ssl test for "unexpected eof while reading".
Sergey Kandaurov <pluknet@nginx.com>
parents:
1695
diff
changeset
|
265 # OpenSSL 3.0 error "unexpected eof while reading" seen as a critical error |
|
3581dc3c1937
Tests: added ssl test for "unexpected eof while reading".
Sergey Kandaurov <pluknet@nginx.com>
parents:
1695
diff
changeset
|
266 |
|
3581dc3c1937
Tests: added ssl test for "unexpected eof while reading".
Sergey Kandaurov <pluknet@nginx.com>
parents:
1695
diff
changeset
|
267 ok(get_ssl_socket(8085), 'ssl unexpected eof'); |
|
3581dc3c1937
Tests: added ssl test for "unexpected eof while reading".
Sergey Kandaurov <pluknet@nginx.com>
parents:
1695
diff
changeset
|
268 |
|
1608
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
269 # close_notify is sent before lingering close |
|
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
270 |
|
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
271 is(get_ssl_shutdown(8085), 1, 'ssl shutdown on lingering close'); |
|
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
272 |
|
1675
0d1cec688111
Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1655
diff
changeset
|
273 $t->stop(); |
|
0d1cec688111
Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1655
diff
changeset
|
274 |
|
0d1cec688111
Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1655
diff
changeset
|
275 like($t->read_file('ssl.log'), qr/^(TLS|SSL)v(\d|\.)+$/m, |
|
0d1cec688111
Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1655
diff
changeset
|
276 'log ssl variable on lingering close'); |
|
0d1cec688111
Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1655
diff
changeset
|
277 |
|
1723
3581dc3c1937
Tests: added ssl test for "unexpected eof while reading".
Sergey Kandaurov <pluknet@nginx.com>
parents:
1695
diff
changeset
|
278 like(`grep -F '[crit]' ${\($t->testdir())}/error.log`, qr/^$/s, 'no crit'); |
|
3581dc3c1937
Tests: added ssl test for "unexpected eof while reading".
Sergey Kandaurov <pluknet@nginx.com>
parents:
1695
diff
changeset
|
279 |
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
280 ############################################################################### |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
281 |
|
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
282 sub test_tls13 { |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
283 return get('/protocol', 8085) =~ /TLSv1.3/; |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
284 } |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
285 |
|
1067
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
286 sub get { |
|
1866
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
287 my ($uri, $port, $ctx, %extra) = @_; |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
288 my $s = get_ssl_socket($port, $ctx, %extra) or return; |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
289 return http_get($uri, socket => $s); |
|
1067
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
290 } |
|
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
291 |
|
1325
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
292 sub get_body { |
|
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
293 my ($uri, $body, $len, $n) = @_; |
|
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
294 my $s = get_ssl_socket(8085) or return; |
|
1325
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
295 http("GET /body HTTP/1.1" . CRLF |
|
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
296 . "Host: localhost" . CRLF |
|
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
297 . "Connection: close" . CRLF |
|
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
298 . "Transfer-Encoding: chunked" . CRLF . CRLF, |
|
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
299 socket => $s, start => 1); |
|
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
300 my $chs = unpack("H*", pack("C", length($body) * $len)); |
|
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
301 http($chs . CRLF . $body x $len . CRLF, socket => $s, start => 1) |
|
1325
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
302 for 1 .. $n; |
|
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
303 my $r = http("0" . CRLF . CRLF, socket => $s); |
|
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
304 return $r; |
|
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
305 } |
|
f80176242a7e
Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
306 |
|
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
307 sub cert { |
|
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
308 my ($uri, $port) = @_; |
|
1866
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
309 return get( |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
310 $uri, $port, undef, |
|
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
311 SSL_cert_file => "$d/subject.crt", |
|
1866
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
312 SSL_key_file => "$d/subject.key" |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
313 ); |
|
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
314 } |
|
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
315 |
|
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
316 sub get_ssl_context { |
|
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
317 return IO::Socket::SSL::SSL_Context->new( |
|
1970
6d3a8f4eb9b2
Tests: relaxed SSL version used in testing.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1966
diff
changeset
|
318 SSL_version => 'SSLv23', |
|
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
319 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
|
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
320 SSL_session_cache_size => 100 |
|
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
321 ); |
|
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
322 } |
|
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
323 |
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
324 sub get_ssl_socket { |
|
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
325 my ($port, $ctx, %extra) = @_; |
|
1866
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
326 return http( |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
327 '', PeerAddr => '127.0.0.1:' . port($port), start => 1, |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
328 SSL => 1, |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
329 SSL_reuse_ctx => $ctx, |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
330 %extra |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
331 ); |
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
332 } |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
333 |
|
1608
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
334 sub get_ssl_shutdown { |
|
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
335 my ($port) = @_; |
|
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
336 |
|
1866
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
337 my $s = http( |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
338 'GET /' . CRLF . 'extra', |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
339 PeerAddr => '127.0.0.1:' . port($port), start => 1, |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
340 SSL => 1 |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
341 ); |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
342 |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
343 $s->blocking(0); |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
344 while (IO::Select->new($s)->can_read(8)) { |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
345 my $n = $s->sysread(my $buf, 16384); |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
346 next if !defined $n && $!{EWOULDBLOCK}; |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
347 last; |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
348 } |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
349 $s->blocking(1); |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
350 |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
351 return $s->stop_SSL(); |
|
1608
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
352 } |
|
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
353 |
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
354 ############################################################################### |