Mercurial > hg > nginx-tests
annotate proxy_ssl.t @ 1842:af47a0b348a5
Tests: LibreSSL certificate negotiation with TLSv1.3.
LibreSSL fails to negotiate certificates based on signature algorithms
when using TLSv1.3, and fails with "missing rsa certificate" and
"unknown pkey type" errors.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Thu, 23 Mar 2023 19:50:17 +0300 |
| parents | ebc6e5afe597 |
| children | cdcd75657e52 |
| rev | line source |
|---|---|
|
311
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Nginx, Inc. |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 # Tests for proxy to ssl backend. |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 ############################################################################### |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 use warnings; |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use strict; |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 use Test::More; |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 BEGIN { use FindBin; chdir($FindBin::Bin); } |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 use lib 'lib'; |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use Test::Nginx; |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 ############################################################################### |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 select STDERR; $| = 1; |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 select STDOUT; $| = 1; |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 |
|
1079
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
24 eval { require IO::Socket::SSL; }; |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
25 plan(skip_all => 'IO::Socket::SSL not installed') if $@; |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
26 |
|
311
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 my $t = Test::Nginx->new()->has(qw/http proxy http_ssl/)->has_daemon('openssl') |
|
1523
5a55da6aed13
Tests: extended proxy_ssl.t for more ngx_ssl_recv_chain() cases.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
28 ->plan(8)->write_file_expand('nginx.conf', <<'EOF'); |
|
311
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 %%TEST_GLOBALS%% |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 daemon off; |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 events { |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 } |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 http { |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 %%TEST_GLOBALS_HTTP%% |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 server { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
41 listen 127.0.0.1:8081 ssl; |
|
311
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 ssl_certificate_key localhost.key; |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 ssl_certificate localhost.crt; |
|
437
8b4a6b8691eb
Tests: set ssl_session_cache.
Sergey Kandaurov <pluknet@nginx.com>
parents:
435
diff
changeset
|
45 ssl_session_cache builtin; |
|
435
a7d04159e52b
Tests: completed proxy_ssl_session_reuse tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
311
diff
changeset
|
46 |
|
a7d04159e52b
Tests: completed proxy_ssl_session_reuse tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
311
diff
changeset
|
47 location / { |
|
a7d04159e52b
Tests: completed proxy_ssl_session_reuse tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
311
diff
changeset
|
48 add_header X-Session $ssl_session_reused; |
|
1839
ebc6e5afe597
Tests: fixed proxy_ssl.t with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1523
diff
changeset
|
49 add_header X-Protocol $ssl_protocol; |
|
435
a7d04159e52b
Tests: completed proxy_ssl_session_reuse tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
311
diff
changeset
|
50 } |
|
311
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 } |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 server { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
54 listen 127.0.0.1:8080; |
|
311
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 server_name localhost; |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 location /ssl_reuse { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
58 proxy_pass https://127.0.0.1:8081/; |
|
311
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 proxy_ssl_session_reuse on; |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 } |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 location /ssl { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
63 proxy_pass https://127.0.0.1:8081/; |
|
311
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 proxy_ssl_session_reuse off; |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 } |
|
732
984bfe661cce
Tests: stream and http proxy_connect_timeout tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
437
diff
changeset
|
66 |
|
984bfe661cce
Tests: stream and http proxy_connect_timeout tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
437
diff
changeset
|
67 location /timeout { |
|
1079
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
68 proxy_pass https://127.0.0.1:8082; |
|
1264
eb727c5ccef6
Tests: adjust proxy_ssl.t connect timeout test and mark it unsafe.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1251
diff
changeset
|
69 proxy_connect_timeout 3s; |
|
732
984bfe661cce
Tests: stream and http proxy_connect_timeout tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
437
diff
changeset
|
70 } |
|
1080
cd4395a68fc6
Tests: proxy ssl test with handshake timeout (ticket #1126).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1079
diff
changeset
|
71 |
|
cd4395a68fc6
Tests: proxy ssl test with handshake timeout (ticket #1126).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1079
diff
changeset
|
72 location /timeout_h { |
|
cd4395a68fc6
Tests: proxy ssl test with handshake timeout (ticket #1126).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1079
diff
changeset
|
73 proxy_pass https://127.0.0.1:8083; |
|
cd4395a68fc6
Tests: proxy ssl test with handshake timeout (ticket #1126).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1079
diff
changeset
|
74 proxy_connect_timeout 1s; |
|
cd4395a68fc6
Tests: proxy ssl test with handshake timeout (ticket #1126).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1079
diff
changeset
|
75 } |
|
311
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 } |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 } |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 EOF |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 $t->write_file('openssl.conf', <<EOF); |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 [ req ] |
|
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1264
diff
changeset
|
83 default_bits = 2048 |
|
311
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 encrypt_key = no |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 distinguished_name = req_distinguished_name |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 [ req_distinguished_name ] |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 EOF |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 |
|
1523
5a55da6aed13
Tests: extended proxy_ssl.t for more ngx_ssl_recv_chain() cases.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
89 $t->write_file('big.html', 'xxxxxxxxxx' x 72000); |
|
311
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 $t->write_file('index.html', ''); |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 my $d = $t->testdir(); |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 foreach my $name ('localhost') { |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 system('openssl req -x509 -new ' |
|
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1197
diff
changeset
|
96 . "-config $d/openssl.conf -subj /CN=$name/ " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1197
diff
changeset
|
97 . "-out $d/$name.crt -keyout $d/$name.key " |
|
311
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 . ">>$d/openssl.out 2>&1") == 0 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 or die "Can't create certificate for $name: $!\n"; |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 } |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 |
|
1079
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
102 $t->run_daemon(\&http_daemon, port(8082)); |
|
1080
cd4395a68fc6
Tests: proxy ssl test with handshake timeout (ticket #1126).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1079
diff
changeset
|
103 $t->run_daemon(\&http_daemon, port(8083)); |
|
311
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 $t->run(); |
|
1079
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
105 $t->waitforsocket('127.0.0.1:' . port(8082)); |
|
1080
cd4395a68fc6
Tests: proxy ssl test with handshake timeout (ticket #1126).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1079
diff
changeset
|
106 $t->waitforsocket('127.0.0.1:' . port(8083)); |
|
311
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 ############################################################################### |
|
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 |
|
435
a7d04159e52b
Tests: completed proxy_ssl_session_reuse tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
311
diff
changeset
|
110 like(http_get('/ssl'), qr/200 OK.*X-Session: \./s, 'ssl'); |
|
a7d04159e52b
Tests: completed proxy_ssl_session_reuse tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
311
diff
changeset
|
111 like(http_get('/ssl'), qr/200 OK.*X-Session: \./s, 'ssl 2'); |
|
1196
68c8f2778c50
Tests: consistent proxy ssl test names.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
112 like(http_get('/ssl_reuse'), qr/200 OK.*X-Session: \./s, 'ssl session new'); |
|
1839
ebc6e5afe597
Tests: fixed proxy_ssl.t with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1523
diff
changeset
|
113 |
|
ebc6e5afe597
Tests: fixed proxy_ssl.t with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1523
diff
changeset
|
114 TODO: { |
|
ebc6e5afe597
Tests: fixed proxy_ssl.t with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1523
diff
changeset
|
115 local $TODO = 'no TLS 1.3 sessions in LibreSSL' |
|
ebc6e5afe597
Tests: fixed proxy_ssl.t with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1523
diff
changeset
|
116 if $t->has_module('LibreSSL') && http_get('/ssl') =~ /TLSv1.3/; |
|
ebc6e5afe597
Tests: fixed proxy_ssl.t with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1523
diff
changeset
|
117 |
|
1196
68c8f2778c50
Tests: consistent proxy ssl test names.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
118 like(http_get('/ssl_reuse'), qr/200 OK.*X-Session: r/s, 'ssl session reused'); |
|
1197
155573499f20
Tests: more ssl session tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1196
diff
changeset
|
119 like(http_get('/ssl_reuse'), qr/200 OK.*X-Session: r/s, 'ssl session reused 2'); |
|
1264
eb727c5ccef6
Tests: adjust proxy_ssl.t connect timeout test and mark it unsafe.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1251
diff
changeset
|
120 |
|
1839
ebc6e5afe597
Tests: fixed proxy_ssl.t with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1523
diff
changeset
|
121 } |
|
ebc6e5afe597
Tests: fixed proxy_ssl.t with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1523
diff
changeset
|
122 |
|
1264
eb727c5ccef6
Tests: adjust proxy_ssl.t connect timeout test and mark it unsafe.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1251
diff
changeset
|
123 SKIP: { |
|
eb727c5ccef6
Tests: adjust proxy_ssl.t connect timeout test and mark it unsafe.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1251
diff
changeset
|
124 skip 'long test', 1 unless $ENV{TEST_NGINX_UNSAFE}; |
|
eb727c5ccef6
Tests: adjust proxy_ssl.t connect timeout test and mark it unsafe.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1251
diff
changeset
|
125 |
|
1079
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
126 like(http_get('/timeout'), qr/200 OK/, 'proxy connect timeout'); |
|
1264
eb727c5ccef6
Tests: adjust proxy_ssl.t connect timeout test and mark it unsafe.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1251
diff
changeset
|
127 |
|
eb727c5ccef6
Tests: adjust proxy_ssl.t connect timeout test and mark it unsafe.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1251
diff
changeset
|
128 } |
|
eb727c5ccef6
Tests: adjust proxy_ssl.t connect timeout test and mark it unsafe.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1251
diff
changeset
|
129 |
|
1080
cd4395a68fc6
Tests: proxy ssl test with handshake timeout (ticket #1126).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1079
diff
changeset
|
130 like(http_get('/timeout_h'), qr/504 Gateway/, 'proxy handshake timeout'); |
|
cd4395a68fc6
Tests: proxy ssl test with handshake timeout (ticket #1126).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1079
diff
changeset
|
131 |
|
1523
5a55da6aed13
Tests: extended proxy_ssl.t for more ngx_ssl_recv_chain() cases.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
132 is(length(Test::Nginx::http_content(http_get('/ssl/big.html'))), 720000, |
|
5a55da6aed13
Tests: extended proxy_ssl.t for more ngx_ssl_recv_chain() cases.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
133 'big length'); |
|
5a55da6aed13
Tests: extended proxy_ssl.t for more ngx_ssl_recv_chain() cases.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
134 |
|
311
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 ############################################################################### |
|
1079
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
136 |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
137 sub http_daemon { |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
138 my ($port) = @_; |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
139 my $server = IO::Socket::INET->new( |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
140 Proto => 'tcp', |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
141 LocalHost => '127.0.0.1:' . $port, |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
142 Listen => 5, |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
143 Reuse => 1 |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
144 ) |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
145 or die "Can't create listening socket: $!\n"; |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
146 |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
147 local $SIG{PIPE} = 'IGNORE'; |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
148 |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
149 while (my $client = $server->accept()) { |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
150 $client->autoflush(1); |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
151 |
|
1080
cd4395a68fc6
Tests: proxy ssl test with handshake timeout (ticket #1126).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1079
diff
changeset
|
152 if ($port == port(8083)) { |
|
cd4395a68fc6
Tests: proxy ssl test with handshake timeout (ticket #1126).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1079
diff
changeset
|
153 sleep 3; |
|
cd4395a68fc6
Tests: proxy ssl test with handshake timeout (ticket #1126).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1079
diff
changeset
|
154 |
|
cd4395a68fc6
Tests: proxy ssl test with handshake timeout (ticket #1126).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1079
diff
changeset
|
155 close $client; |
|
cd4395a68fc6
Tests: proxy ssl test with handshake timeout (ticket #1126).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1079
diff
changeset
|
156 next; |
|
cd4395a68fc6
Tests: proxy ssl test with handshake timeout (ticket #1126).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1079
diff
changeset
|
157 } |
|
cd4395a68fc6
Tests: proxy ssl test with handshake timeout (ticket #1126).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1079
diff
changeset
|
158 |
|
1079
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
159 my $headers = ''; |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
160 my $uri = ''; |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
161 |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
162 # would fail on waitforsocket |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
163 |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
164 eval { |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
165 IO::Socket::SSL->start_SSL($client, |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
166 SSL_server => 1, |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
167 SSL_cert_file => "$d/localhost.crt", |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
168 SSL_key_file => "$d/localhost.key", |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
169 SSL_error_trap => sub { die $_[1] } |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
170 ); |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
171 }; |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
172 next if $@; |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
173 |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
174 while (<$client>) { |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
175 $headers .= $_; |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
176 last if (/^\x0d?\x0a?$/); |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
177 } |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
178 |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
179 $uri = $1 if $headers =~ /^\S+\s+([^ ]+)\s+HTTP/i; |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
180 next if $uri eq ''; |
|
1084
ce3d15edbf05
Tests: whitespace fix.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1080
diff
changeset
|
181 |
|
1079
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
182 if ($uri eq '/timeout') { |
|
1264
eb727c5ccef6
Tests: adjust proxy_ssl.t connect timeout test and mark it unsafe.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1251
diff
changeset
|
183 sleep 4; |
|
1079
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
184 |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
185 print $client <<EOF; |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
186 HTTP/1.1 200 OK |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
187 Connection: close |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
188 |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
189 EOF |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
190 } |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
191 |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
192 close $client; |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
193 } |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
194 } |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
195 |
|
cbc8641a204e
Tests: fixed "proxy connect timeout" http tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
974
diff
changeset
|
196 ############################################################################### |