Mercurial > hg > nginx-tests

annotate ssl_password_file.t @ 1932:b68471aee5ad

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: improved test for a stream initiating QUIC path migration. Previously, the test mostly passed due to a push timer scheduled for an unrelated delayed ACK, and the new path had enough data received to send response back when the push timer fired. Otherwise, the test could fail due to unvalidated address. Now it is fixed to perform path validation.
author Sergey Kandaurov <pluknet@nginx.com>
date Mon, 21 Aug 2023 17:10:57 +0400
parents a797d7428fa5
children b5036a0f9ae0
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
420
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
1 #!/usr/bin/perl
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
2
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
3 # (C) Sergey Kandaurov
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
4 # (C) Nginx, Inc.
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
5
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
6 # Tests for ssl_password_file directive.
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
7
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
8 ###############################################################################
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
9
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
10 use warnings;
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
11 use strict;
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
12
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
13 use Test::More;
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
14
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
15 use POSIX qw/ mkfifo /;
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
16 use Socket qw/ $CRLF /;
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
17
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
18 BEGIN { use FindBin; chdir($FindBin::Bin); }
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
19
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
20 use lib 'lib';
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
21 use Test::Nginx;
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
22
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
23 ###############################################################################
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
24
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
25 select STDERR; $| = 1;
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
26 select STDOUT; $| = 1;
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
27
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
28 plan(skip_all => 'win32') if $^O eq 'MSWin32';
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
29
1858
cdcd75657e52 Tests: added has_feature() tests for IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1488
diff changeset
30 my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite socket_ssl/)
431
05c46688b54b Tests: ssl_password_file.t fixes.
Maxim Dounin <mdounin@mdounin.ru>
parents: 430
diff changeset
31 ->has_daemon('openssl');
420
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
32
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
33 $t->plan(3)->write_file_expand('nginx.conf', <<'EOF');
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
34
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
35 %%TEST_GLOBALS%%
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
36
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
37 daemon off;
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
38
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
39 events {
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
40 }
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
41
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
42 http {
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
43 %%TEST_GLOBALS_HTTP%%
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
44
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
45 ssl_certificate_key localhost.key;
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
46 ssl_certificate localhost.crt;
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
47
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
48 # inherited by server "inherits"
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
49 ssl_password_file password_http;
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
50
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
51 server {
1866
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1858
diff changeset
52 listen 127.0.0.1:8443 ssl;
974
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
53 listen 127.0.0.1:8080;
420
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
54 server_name localhost;
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
55
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
56 ssl_password_file password;
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
57
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
58 location / {
496
d13ea470657d Tests: fixed indentation.
Sergey Kandaurov <pluknet@nginx.com>
parents: 480
diff changeset
59 return 200 "$scheme";
420
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
60 }
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
61 }
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
62
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
63 server {
974
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
64 listen 127.0.0.1:8080;
421
e8db4355fe0b Tests: fixed building the server_names_hash.
Sergey Kandaurov <pluknet@nginx.com>
parents: 420
diff changeset
65 server_name two_entries;
420
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
66
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
67 ssl_password_file password_many;
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
68 }
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
69
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
70 server {
974
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
71 listen 127.0.0.1:8080;
420
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
72 server_name file_is_fifo;
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
73
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
74 ssl_password_file password_fifo;
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
75 }
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
76
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
77 server {
974
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
78 listen 127.0.0.1:8080;
420
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
79 server_name inherits;
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
80
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
81 ssl_certificate_key inherits.key;
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
82 ssl_certificate inherits.crt;
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
83 }
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
84 }
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
85
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
86 EOF
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
87
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
88 $t->write_file('openssl.conf', <<EOF);
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
89 [ req ]
1488
dbce8fb5f5f8 Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1421
diff changeset
90 default_bits = 2048
420
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
91 encrypt_key = no
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
92 distinguished_name = req_distinguished_name
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
93 [ req_distinguished_name ]
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
94 EOF
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
95
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
96 my $d = $t->testdir();
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
97 mkfifo("$d/password_fifo", 0700);
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
98
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
99 foreach my $name ('localhost', 'inherits') {
1220
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1140
diff changeset
100 system("openssl genrsa -out $d/$name.key -passout pass:$name "
1488
dbce8fb5f5f8 Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1421
diff changeset
101 . "-aes128 2048 >>$d/openssl.out 2>&1") == 0
420
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
102 or die "Can't create private key: $!\n";
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
103 system('openssl req -x509 -new '
1220
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1140
diff changeset
104 . "-config $d/openssl.conf -subj /CN=$name/ "
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1140
diff changeset
105 . "-out $d/$name.crt "
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1140
diff changeset
106 . "-key $d/$name.key -passin pass:$name"
420
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
107 . ">>$d/openssl.out 2>&1") == 0
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
108 or die "Can't create certificate for $name: $!\n";
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
109 }
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
110
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
111 $t->write_file('password', 'localhost');
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
112 $t->write_file('password_many', "wrong$CRLF" . "localhost$CRLF");
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
113 $t->write_file('password_http', 'inherits');
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
114
1087
534d209f6ae4 Tests: fixed ssl_password_file test hang with missing FIFO reader.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1039
diff changeset
115 my $p = fork();
534d209f6ae4 Tests: fixed ssl_password_file test hang with missing FIFO reader.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1039
diff changeset
116 exec("echo localhost > $d/password_fifo") if $p == 0;
420
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
117
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
118 # do not mangle with try_run()
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
119 # we need to distinguish ssl_password_file support vs its brokenness
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
120
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
121 eval {
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
122 open OLDERR, ">&", \*STDERR; close STDERR;
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
123 $t->run();
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
124 open STDERR, ">&", \*OLDERR;
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
125 };
1087
534d209f6ae4 Tests: fixed ssl_password_file test hang with missing FIFO reader.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1039
diff changeset
126 kill 'INT', $p if $@;
420
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
127
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
128 ###############################################################################
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
129
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
130 is($@, '', 'ssl_password_file works');
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
131
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
132 # simple tests to ensure that nothing broke with ssl_password_file directive
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
133
431
05c46688b54b Tests: ssl_password_file.t fixes.
Maxim Dounin <mdounin@mdounin.ru>
parents: 430
diff changeset
134 like(http_get('/'), qr/200 OK.*http/ms, 'http');
1866
a797d7428fa5 Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1858
diff changeset
135 like(http_get('/', SSL => 1), qr/200 OK.*https/ms, 'https');
420
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
136
a37ec4447597 Tests: ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
137 ###############################################################################