Mercurial > hg > nginx-tests
annotate stream_proxy_ssl_certificate_vars.t @ 1888:cc13f7b098db
Tests: avoid premature stream reset in h3_limit_req.t.
STREAM and RESET_STREAM frames could be batched, which prevents the stream
from being processed and changes the status code. The fix is to wait for
the stream acknowledgment. Here we just look at the largest acknowledged,
this should be enough for simple cases.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 04 Apr 2023 00:33:54 +0400 |
parents | 55816c5fc861 |
children | 2a0a6035a1af |
rev | line source |
---|---|
1674
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for stream proxy module with variables in ssl certificates. |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 ############################################################################### |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 select STDERR; $| = 1; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDOUT; $| = 1; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 my $t = Test::Nginx->new()->has(qw/stream stream_ssl stream_map http http_ssl/) |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 ->has_daemon('openssl'); |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 $t->write_file_expand('nginx.conf', <<'EOF'); |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 %%TEST_GLOBALS%% |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 daemon off; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 events { |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 } |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 stream { |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 %%TEST_GLOBALS_STREAM%% |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 map $server_port $cert { |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 %%PORT_8082%% 1; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 %%PORT_8083%% 2; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 %%PORT_8084%% 3; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 %%PORT_8085%% ""; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 } |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 proxy_ssl on; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 proxy_ssl_session_reuse off; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 server { |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 listen 127.0.0.1:8082; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 listen 127.0.0.1:8083; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 proxy_pass 127.0.0.1:8080; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 proxy_ssl_certificate $cert.example.com.crt; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 proxy_ssl_certificate_key $cert.example.com.key; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 } |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 server { |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 listen 127.0.0.1:8084; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 proxy_pass 127.0.0.1:8081; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 proxy_ssl_certificate $cert.example.com.crt; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 proxy_ssl_certificate_key $cert.example.com.key; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 proxy_ssl_password_file password; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 } |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 server { |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 listen 127.0.0.1:8085; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 proxy_pass 127.0.0.1:8081; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 proxy_ssl_certificate $cert; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 proxy_ssl_certificate_key $cert; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 } |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 } |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 http { |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 %%TEST_GLOBALS_HTTP%% |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 server { |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 listen 127.0.0.1:8080 ssl; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 server_name localhost; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 ssl_certificate 2.example.com.crt; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 ssl_certificate_key 2.example.com.key; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 ssl_verify_client optional_no_ca; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 ssl_trusted_certificate 1.example.com.crt; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 location / { |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 add_header X-Verify $ssl_client_verify; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 add_header X-Name $ssl_client_s_dn; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 } |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 } |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 server { |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 listen 127.0.0.1:8081 ssl; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 server_name localhost; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 ssl_certificate 1.example.com.crt; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 ssl_certificate_key 1.example.com.key; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 ssl_verify_client optional_no_ca; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 ssl_trusted_certificate 3.example.com.crt; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 location / { |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 add_header X-Verify $ssl_client_verify; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 } |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 } |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 } |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 EOF |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 $t->write_file('openssl.conf', <<EOF); |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 [ req ] |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 default_bits = 2048 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 encrypt_key = no |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 distinguished_name = req_distinguished_name |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 [ req_distinguished_name ] |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 EOF |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 my $d = $t->testdir(); |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 foreach my $name ('1.example.com', '2.example.com') { |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 system('openssl req -x509 -new ' |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 . "-config $d/openssl.conf -subj /CN=$name/ " |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 . "-out $d/$name.crt -keyout $d/$name.key " |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 . ">>$d/openssl.out 2>&1") == 0 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 or die "Can't create certificate for $name: $!\n"; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 } |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
131 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
132 foreach my $name ('3.example.com') { |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
133 system("openssl genrsa -out $d/$name.key -passout pass:$name " |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 . "-aes128 2048 >>$d/openssl.out 2>&1") == 0 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 or die "Can't create private key: $!\n"; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
136 system('openssl req -x509 -new ' |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
137 . "-config $d/openssl.conf -subj /CN=$name/ " |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
138 . "-out $d/$name.crt " |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 . "-key $d/$name.key -passin pass:$name" |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
140 . ">>$d/openssl.out 2>&1") == 0 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
141 or die "Can't create certificate for $name: $!\n"; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
142 } |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
143 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
144 sleep 1 if $^O eq 'MSWin32'; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
145 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
146 $t->write_file('password', '3.example.com'); |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 $t->write_file('index.html', ''); |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
148 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
149 $t->try_run('no upstream ssl_certificate variables')->plan(4); |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
150 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
151 ############################################################################### |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
152 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
153 like(http_get('/', socket => IO::Socket::INET->new('127.0.0.1:' . port(8082))), |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
154 qr/X-Verify: SUCCESS/ms, 'variable - verify certificate'); |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
155 like(http_get('/', socket => IO::Socket::INET->new('127.0.0.1:' . port(8083))), |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
156 qr/X-Verify: FAILED/ms, 'variable - fail certificate'); |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
157 like(http_get('/', socket => IO::Socket::INET->new('127.0.0.1:' . port(8084))), |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
158 qr/X-Verify: SUCCESS/ms, 'variable - with encrypted key'); |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
159 like(http_get('/', socket => IO::Socket::INET->new('127.0.0.1:' . port(8085))), |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
160 qr/X-Verify: NONE/ms, 'variable - no certificate'); |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
161 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
162 ############################################################################### |