Mercurial > hg > nginx-tests
annotate uwsgi_ssl_verify.t @ 1983:c7315caf2110
Tests: optimized processing of large QUIC packets with padding.
Path MTU discovery packets might contain a lot of padding, and creating
a copy of the whole buffer for each PADDING frame, which is just one
byte with type 0, consumes lots of resources. This was seen to result
in flapping of at least h3_keepalive.t and h3_ssl_early_data.t tests.
Fix is to copy at most 8 bytes for parse_int() calls when parsing
frame types.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 03 Jun 2024 04:17:28 +0300 |
parents | 1b9f21836f57 |
children |
rev | line source |
---|---|
1688
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Maxim Dounin |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Sergey Kandaurov |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 # (C) Nginx, Inc. |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 # Tests for uwsgi backend with SSL, backend certificate verification. |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 ############################################################################### |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use warnings; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 use strict; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 use Test::More; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 BEGIN { use FindBin; chdir($FindBin::Bin); } |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use lib 'lib'; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 use Test::Nginx; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 ############################################################################### |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDERR; $| = 1; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 select STDOUT; $| = 1; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 my $t = Test::Nginx->new()->has(qw/http http_ssl uwsgi/) |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 ->has_daemon('uwsgi')->has_daemon('openssl')->plan(6) |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 ->write_file_expand('nginx.conf', <<'EOF'); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 %%TEST_GLOBALS%% |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 daemon off; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 events { |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 } |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 http { |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 %%TEST_GLOBALS_HTTP%% |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 server { |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 listen 127.0.0.1:8080; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 server_name localhost; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 location /verify { |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 uwsgi_pass suwsgi://127.0.0.1:8081; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 uwsgi_ssl_name example.com; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 uwsgi_ssl_verify on; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 uwsgi_ssl_trusted_certificate 1.example.com.crt; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 } |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 location /wildcard { |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 uwsgi_pass suwsgi://127.0.0.1:8081; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 uwsgi_ssl_name foo.example.com; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 uwsgi_ssl_verify on; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 uwsgi_ssl_trusted_certificate 1.example.com.crt; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 } |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 location /fail { |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 uwsgi_pass suwsgi://127.0.0.1:8081; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 uwsgi_ssl_name no.match.example.com; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 uwsgi_ssl_verify on; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 uwsgi_ssl_trusted_certificate 1.example.com.crt; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 } |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 location /cn { |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 uwsgi_pass suwsgi://127.0.0.1:8082; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 uwsgi_ssl_name 2.example.com; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 uwsgi_ssl_verify on; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 uwsgi_ssl_trusted_certificate 2.example.com.crt; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 } |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 location /cn/fail { |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 uwsgi_pass suwsgi://127.0.0.1:8082; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 uwsgi_ssl_name bad.example.com; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 uwsgi_ssl_verify on; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 uwsgi_ssl_trusted_certificate 2.example.com.crt; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 } |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 location /untrusted { |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 uwsgi_pass suwsgi://127.0.0.1:8082; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 uwsgi_ssl_verify on; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 uwsgi_ssl_trusted_certificate 1.example.com.crt; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 uwsgi_ssl_session_reuse off; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 } |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 } |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 } |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 EOF |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 $t->write_file('openssl.1.example.com.conf', <<EOF); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 [ req ] |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 prompt = no |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 default_bits = 2048 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 encrypt_key = no |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 distinguished_name = req_distinguished_name |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 x509_extensions = v3_req |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 [ req_distinguished_name ] |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 commonName=no.match.example.com |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 [ v3_req ] |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 subjectAltName = DNS:example.com,DNS:*.example.com |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 EOF |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 $t->write_file('openssl.2.example.com.conf', <<EOF); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 [ req ] |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 prompt = no |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 default_bits = 2048 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 encrypt_key = no |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 distinguished_name = req_distinguished_name |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 [ req_distinguished_name ] |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 commonName=2.example.com |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 EOF |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 my $d = $t->testdir(); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 my $crt1 = "$d/1.example.com.crt"; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 my $crt2 = "$d/2.example.com.crt"; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 my $key1 = "$d/1.example.com.key"; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 my $key2 = "$d/2.example.com.key"; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 foreach my $name ('1.example.com', '2.example.com') { |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 system('openssl req -x509 -new ' |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 . "-config $d/openssl.$name.conf " |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 . "-out $d/$name.crt -keyout $d/$name.key " |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 . ">>$d/openssl.out 2>&1") == 0 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 or die "Can't create certificate for $name: $!\n"; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 } |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 $t->write_file('uwsgi_test_app.py', <<END); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
131 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
132 def application(env, start_response): |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
133 start_response('200 OK', [('Content-Type','text/plain')]) |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 return b"SEE-THIS" |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
136 END |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
137 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
138 my $uwsgihelp = `uwsgi -h`; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 my @uwsgiopts = (); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
140 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
141 if ($uwsgihelp !~ /--wsgi-file/) { |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
142 # uwsgi has no python support, maybe plugin load is necessary |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
143 push @uwsgiopts, '--plugin', 'python'; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
144 push @uwsgiopts, '--plugin', 'python3'; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
145 } |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
146 |
1923
1b9f21836f57
Tests: enabled TLSv1 in uwsgi SSL tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1688
diff
changeset
|
147 if ($uwsgihelp =~ /--ssl-enable-tlsv1/) { |
1b9f21836f57
Tests: enabled TLSv1 in uwsgi SSL tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1688
diff
changeset
|
148 # uwsgi disables TLSv1 by default since 2.0.17.1 |
1b9f21836f57
Tests: enabled TLSv1 in uwsgi SSL tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1688
diff
changeset
|
149 push @uwsgiopts, '--ssl-enable-tlsv1'; |
1b9f21836f57
Tests: enabled TLSv1 in uwsgi SSL tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1688
diff
changeset
|
150 } |
1b9f21836f57
Tests: enabled TLSv1 in uwsgi SSL tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1688
diff
changeset
|
151 |
1688
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
152 open OLDERR, ">&", \*STDERR; close STDERR; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
153 $t->run_daemon('uwsgi', @uwsgiopts, |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
154 '--ssl-socket', '127.0.0.1:' . port(8081) . ",$crt1,$key1", |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
155 '--wsgi-file', $d . '/uwsgi_test_app.py', |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
156 '--logto', $d . '/uwsgi_log'); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
157 $t->run_daemon('uwsgi', @uwsgiopts, |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
158 '--ssl-socket', '127.0.0.1:' . port(8082) . ",$crt2,$key2", |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
159 '--wsgi-file', $d . '/uwsgi_test_app.py', |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
160 '--logto', $d . '/uwsgi_log'); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
161 open STDERR, ">&", \*OLDERR; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
162 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
163 $t->run(); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
164 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
165 $t->waitforsocket('127.0.0.1:' . port(8081)) |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
166 or die "Can't start uwsgi"; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
167 $t->waitforsocket('127.0.0.1:' . port(8082)) |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
168 or die "Can't start uwsgi"; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
169 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
170 ############################################################################### |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
171 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
172 # subjectAltName |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
173 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
174 like(http_get('/verify'), qr/200 OK/ms, 'verify'); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
175 like(http_get('/wildcard'), qr/200 OK/ms, 'verify wildcard'); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
176 like(http_get('/fail'), qr/502 Bad/ms, 'verify fail'); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
177 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
178 # commonName |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
179 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
180 like(http_get('/cn'), qr/200 OK/ms, 'verify cn'); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
181 like(http_get('/cn/fail'), qr/502 Bad/ms, 'verify cn fail'); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
182 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
183 # untrusted |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
184 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
185 like(http_get('/untrusted'), qr/502 Bad/ms, 'untrusted'); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
186 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
187 ############################################################################### |