Mercurial > hg > nginx-tests
annotate stream_proxy_ssl_certificate.t @ 1974:b5036a0f9ae0
Tests: improved compatibility when using recent "openssl" app.
Starting with OpenSSL 3.0, "openssl genrsa" generates encrypted keys
in PKCS#8 format instead of previously used PKCS#1 format. Further,
since OpenSSL 1.1.0 such keys are using PBKDF2 hmacWithSHA256.
Such keys are not supported by old SSL libraries, notably by OpenSSL
before 1.0.0 (OpenSSL 0.9.8 only supports hmacWithSHA1) and by BoringSSL
before May 21, 2019 (support for hmacWithSHA256 was added in 302a4dee6c),
and trying to load such keys into nginx compiled with an old SSL library
results in "unsupported prf" errors.
To facilitate testing with old SSL libraries, keys are now generated
with "openssl genrsa -traditional" if the flag is available.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Mon, 06 May 2024 00:04:26 +0300 |
| parents | f3ba4c74de31 |
| children |
| rev | line source |
|---|---|
|
644
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for stream proxy module with proxy certificate to ssl backend. |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 # The proxy_ssl_certificate and proxy_ssl_password_file directives. |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 ############################################################################### |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use warnings; |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 use strict; |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 use Test::More; |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 BEGIN { use FindBin; chdir($FindBin::Bin); } |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use lib 'lib'; |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 use Test::Nginx; |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 ############################################################################### |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDERR; $| = 1; |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 select STDOUT; $| = 1; |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 my $t = Test::Nginx->new()->has(qw/stream stream_ssl http http_ssl/) |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 ->has_daemon('openssl')->plan(5); |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 $t->write_file_expand('nginx.conf', <<'EOF'); |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 %%TEST_GLOBALS%% |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 daemon off; |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 events { |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 } |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 stream { |
|
1609
f3ba4c74de31
Tests: added TEST_GLOBALS_STREAM variable support.
Andrei Belov <defan@nginx.com>
parents:
1488
diff
changeset
|
39 %%TEST_GLOBALS_STREAM%% |
|
f3ba4c74de31
Tests: added TEST_GLOBALS_STREAM variable support.
Andrei Belov <defan@nginx.com>
parents:
1488
diff
changeset
|
40 |
|
644
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 proxy_ssl on; |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 proxy_ssl_session_reuse off; |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 server { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
45 listen 127.0.0.1:8082; |
|
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
46 proxy_pass 127.0.0.1:8080; |
|
644
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 proxy_ssl_certificate 1.example.com.crt; |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 proxy_ssl_certificate_key 1.example.com.key; |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 } |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 server { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
53 listen 127.0.0.1:8083; |
|
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
54 proxy_pass 127.0.0.1:8080; |
|
644
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 proxy_ssl_certificate 2.example.com.crt; |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 proxy_ssl_certificate_key 2.example.com.key; |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 } |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 server { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
61 listen 127.0.0.1:8084; |
|
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
62 proxy_pass 127.0.0.1:8081; |
|
644
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 proxy_ssl_certificate 3.example.com.crt; |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 proxy_ssl_certificate_key 3.example.com.key; |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 proxy_ssl_password_file password; |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 } |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 } |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 http { |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 %%TEST_GLOBALS_HTTP%% |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 server { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
74 listen 127.0.0.1:8080 ssl; |
|
644
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 server_name localhost; |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 ssl_certificate 2.example.com.crt; |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 ssl_certificate_key 2.example.com.key; |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 ssl_verify_client optional_no_ca; |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 ssl_trusted_certificate 1.example.com.crt; |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 location / { |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 add_header X-Verify $ssl_client_verify; |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 add_header X-Name $ssl_client_s_dn; |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 } |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 } |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 server { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
90 listen 127.0.0.1:8081 ssl; |
|
644
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 server_name localhost; |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 ssl_certificate 1.example.com.crt; |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 ssl_certificate_key 1.example.com.key; |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 ssl_verify_client optional_no_ca; |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 ssl_trusted_certificate 3.example.com.crt; |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 location / { |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 add_header X-Verify $ssl_client_verify; |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 } |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 } |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 } |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 EOF |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 $t->write_file('openssl.conf', <<EOF); |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 [ req ] |
|
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1260
diff
changeset
|
109 default_bits = 2048 |
|
644
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 encrypt_key = no |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 distinguished_name = req_distinguished_name |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 [ req_distinguished_name ] |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 EOF |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 my $d = $t->testdir(); |
|
1974
b5036a0f9ae0
Tests: improved compatibility when using recent "openssl" app.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1609
diff
changeset
|
116 my $tr = `openssl genrsa -help 2>&1` =~ /-traditional/ ? '-traditional' : ''; |
|
644
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 foreach my $name ('1.example.com', '2.example.com') { |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 system('openssl req -x509 -new ' |
|
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
120 . "-config $d/openssl.conf -subj /CN=$name/ " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
121 . "-out $d/$name.crt -keyout $d/$name.key " |
|
644
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 . ">>$d/openssl.out 2>&1") == 0 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 or die "Can't create certificate for $name: $!\n"; |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 } |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 foreach my $name ('3.example.com') { |
|
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
127 system("openssl genrsa -out $d/$name.key -passout pass:$name " |
|
1974
b5036a0f9ae0
Tests: improved compatibility when using recent "openssl" app.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1609
diff
changeset
|
128 . "-aes128 $tr 2048 >>$d/openssl.out 2>&1") == 0 |
|
644
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 or die "Can't create private key: $!\n"; |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 system('openssl req -x509 -new ' |
|
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
131 . "-config $d/openssl.conf -subj /CN=$name/ " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
132 . "-out $d/$name.crt " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
133 . "-key $d/$name.key -passin pass:$name" |
|
644
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 . ">>$d/openssl.out 2>&1") == 0 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 or die "Can't create certificate for $name: $!\n"; |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
136 } |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
137 |
|
1260
eadd24ccfda1
Tests: postponed startup in certain ssl certificate tests on win32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1220
diff
changeset
|
138 sleep 1 if $^O eq 'MSWin32'; |
|
eadd24ccfda1
Tests: postponed startup in certain ssl certificate tests on win32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1220
diff
changeset
|
139 |
|
644
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
140 $t->write_file('password', '3.example.com'); |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
141 $t->write_file('index.html', ''); |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
142 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
143 $t->run(); |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
144 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
145 ############################################################################### |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
146 |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
147 like(http_get('/', socket => getconn('127.0.0.1:' . port(8082))), |
|
644
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
148 qr/X-Verify: SUCCESS/ms, 'verify certificate'); |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
149 like(http_get('/', socket => getconn('127.0.0.1:' . port(8083))), |
|
644
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
150 qr/X-Verify: FAILED/ms, 'fail certificate'); |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
151 like(http_get('/', socket => getconn('127.0.0.1:' . port(8084))), |
|
644
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
152 qr/X-Verify: SUCCESS/ms, 'with encrypted key'); |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
153 |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
154 like(http_get('/', socket => getconn('127.0.0.1:' . port(8082))), |
|
1069
1b11a12be179
Tests: pass both issuer/subject variable formats where appropriate.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1039
diff
changeset
|
155 qr!X-Name: /?CN=1.example!, 'valid certificate'); |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
156 unlike(http_get('/', socket => getconn('127.0.0.1:' . port(8083))), |
|
1069
1b11a12be179
Tests: pass both issuer/subject variable formats where appropriate.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1039
diff
changeset
|
157 qr!X-Name: /?CN=1.example!, 'invalid certificate'); |
|
644
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
158 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
159 ############################################################################### |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
160 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
161 sub getconn { |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
162 my $peer = shift; |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
163 my $s = IO::Socket::INET->new( |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
164 Proto => 'tcp', |
|
952
e9064d691790
Tests: converted tests to run in parallel.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
644
diff
changeset
|
165 PeerAddr => $peer |
|
644
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
166 ) |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
167 or die "Can't connect to nginx: $!\n"; |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
168 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
169 return $s; |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
170 } |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
171 |
|
df8a498e0d50
Tests: stream proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
172 ############################################################################### |