nginx-tests: ssl.t annotate

annotate ssl.t @ 1606:e4e0695552ed

Tests: fixed stream_proxy_ssl_conf_command.t. The stream_proxy_ssl_conf_command.t test used stream return module to return the response. Since this ignores actual request, but the perl test code used http_get(). This might result in the request being sent after the response is returned and the connection closed by the server, resulting in RST being generated and no response seen by the client at all. Fix is to use "stream(...)->read()" instead of http_get(), so no request is sent at all, eliminating possibility of RST being generated.

author	Maxim Dounin <mdounin@mdounin.ru>
date	Tue, 10 Nov 2020 05:03:29 +0300
parents	3b6b2667ece9
children	2f00ed2e0d1a

rev	line source
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	1 #!/usr/bin/perl
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	2
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	3 # (C) Sergey Kandaurov
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	4 # (C) Andrey Zelenkov
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	5 # (C) Nginx, Inc.
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	6
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	7 # Tests for http ssl module.
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	8
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	9 ###############################################################################
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	10
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	11 use warnings;
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	12 use strict;
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	13
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	14 use Test::More;
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	15
1325 f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	16 use Socket qw/ CRLF /;
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	17
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	18 BEGIN { use FindBin; chdir($FindBin::Bin); }
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	19
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	20 use lib 'lib';
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	21 use Test::Nginx;
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	22
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	23 ###############################################################################
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	24
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	25 select STDERR; $\| = 1;
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	26 select STDOUT; $\| = 1;
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	27
430 a82b02635614 Tests: skip ssl tests with ancient IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 397 diff changeset	28 eval { require IO::Socket::SSL; };
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	29 plan(skip_all => 'IO::Socket::SSL not installed') if $@;
430 a82b02635614 Tests: skip ssl tests with ancient IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 397 diff changeset	30 eval { IO::Socket::SSL::SSL_VERIFY_NONE(); };
a82b02635614 Tests: skip ssl tests with ancient IO::Socket::SSL. Maxim Dounin <mdounin@mdounin.ru> parents: 397 diff changeset	31 plan(skip_all => 'IO::Socket::SSL too old') if $@;
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	32
1325 f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	33 my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite proxy/)
1552 3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	34 ->has_daemon('openssl')->plan(24);
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	35
1068 d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	36 $t->write_file_expand('nginx.conf', <<'EOF');
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	37
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	38 %%TEST_GLOBALS%%
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	39
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	40 daemon off;
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	41
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	42 events {
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	43 }
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	44
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	45 http {
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	46 %%TEST_GLOBALS_HTTP%%
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	47
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	48 ssl_certificate_key localhost.key;
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	49 ssl_certificate localhost.crt;
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	50 ssl_session_tickets off;
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	51
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	52 server {
974 882267679006 Tests: simplified parallel modifications in tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 952 diff changeset	53 listen 127.0.0.1:8085 ssl;
882267679006 Tests: simplified parallel modifications in tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 952 diff changeset	54 listen 127.0.0.1:8080;
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	55 server_name localhost;
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	56
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	57 ssl_certificate_key inner.key;
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	58 ssl_certificate inner.crt;
503 071e8941e3bf Tests: reduce shared memory zone sizes. Maxim Dounin <mdounin@mdounin.ru> parents: 430 diff changeset	59 ssl_session_cache shared:SSL:1m;
1068 d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	60 ssl_verify_client optional_no_ca;
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	61
1552 3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	62 keepalive_requests 1000;
3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	63
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	64 location / {
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	65 return 200 "body $ssl_session_reused";
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	66 }
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	67 location /id {
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	68 return 200 "body $ssl_session_id";
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	69 }
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	70 location /cipher {
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	71 return 200 "body $ssl_cipher";
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	72 }
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	73 location /ciphers {
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	74 return 200 "body $ssl_ciphers";
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	75 }
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	76 location /client_verify {
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	77 return 200 "body $ssl_client_verify";
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	78 }
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	79 location /protocol {
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	80 return 200 "body $ssl_protocol";
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	81 }
1068 d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	82 location /issuer {
1382 cb1346b553aa Tests: simple https tests merged back. Sergey Kandaurov <pluknet@nginx.com> parents: 1325 diff changeset	83 return 200 "body $ssl_client_i_dn:$ssl_client_i_dn_legacy";
1068 d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	84 }
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	85 location /subject {
1382 cb1346b553aa Tests: simple https tests merged back. Sergey Kandaurov <pluknet@nginx.com> parents: 1325 diff changeset	86 return 200 "body $ssl_client_s_dn:$ssl_client_s_dn_legacy";
cb1346b553aa Tests: simple https tests merged back. Sergey Kandaurov <pluknet@nginx.com> parents: 1325 diff changeset	87 }
cb1346b553aa Tests: simple https tests merged back. Sergey Kandaurov <pluknet@nginx.com> parents: 1325 diff changeset	88 location /time {
cb1346b553aa Tests: simple https tests merged back. Sergey Kandaurov <pluknet@nginx.com> parents: 1325 diff changeset	89 return 200 "body $ssl_client_v_start!$ssl_client_v_end!$ssl_client_v_remain";
1094 dd8f126afa32 Tests: client certificate time variables tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 1093 diff changeset	90 }
1325 f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	91
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	92 location /body {
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	93 add_header X-Body $request_body always;
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	94 proxy_pass http://127.0.0.1:8080/;
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	95 }
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	96 }
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	97
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	98 server {
1276 490691c45b3f Tests: style. Sergey Kandaurov <pluknet@nginx.com> parents: 1251 diff changeset	99 listen 127.0.0.1:8081;
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	100 server_name localhost;
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	101
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	102 # Special case for enabled "ssl" directive.
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	103
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	104 ssl on;
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	105 ssl_session_cache builtin;
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	106 ssl_session_timeout 1;
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	107
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	108 location / {
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	109 return 200 "body $ssl_session_reused";
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	110 }
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	111 }
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	112
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	113 server {
1276 490691c45b3f Tests: style. Sergey Kandaurov <pluknet@nginx.com> parents: 1251 diff changeset	114 listen 127.0.0.1:8082 ssl;
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	115 server_name localhost;
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	116
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	117 ssl_session_cache builtin:1000;
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	118
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	119 location / {
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	120 return 200 "body $ssl_session_reused";
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	121 }
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	122 }
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	123
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	124 server {
1276 490691c45b3f Tests: style. Sergey Kandaurov <pluknet@nginx.com> parents: 1251 diff changeset	125 listen 127.0.0.1:8083 ssl;
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	126 server_name localhost;
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	127
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	128 ssl_session_cache none;
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	129
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	130 location / {
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	131 return 200 "body $ssl_session_reused";
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	132 }
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	133 }
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	134
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	135 server {
1276 490691c45b3f Tests: style. Sergey Kandaurov <pluknet@nginx.com> parents: 1251 diff changeset	136 listen 127.0.0.1:8084 ssl;
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	137 server_name localhost;
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	138
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	139 ssl_session_cache off;
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	140
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	141 location / {
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	142 return 200 "body $ssl_session_reused";
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	143 }
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	144 }
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	145 }
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	146
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	147 EOF
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	148
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	149 $t->write_file('openssl.conf', <<EOF);
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	150 [ req ]
1488 dbce8fb5f5f8 Tests: align with OpenSSL security level 2. Sergey Kandaurov <pluknet@nginx.com> parents: 1478 diff changeset	151 default_bits = 2048
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	152 encrypt_key = no
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	153 distinguished_name = req_distinguished_name
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	154 [ req_distinguished_name ]
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	155 EOF
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	156
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	157 my $d = $t->testdir();
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	158
1068 d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	159 $t->write_file('ca.conf', <<EOF);
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	160 [ ca ]
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	161 default_ca = myca
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	162
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	163 [ myca ]
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	164 new_certs_dir = $d
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	165 database = $d/certindex
1488 dbce8fb5f5f8 Tests: align with OpenSSL security level 2. Sergey Kandaurov <pluknet@nginx.com> parents: 1478 diff changeset	166 default_md = sha256
1068 d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	167 policy = myca_policy
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	168 serial = $d/certserial
1094 dd8f126afa32 Tests: client certificate time variables tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 1093 diff changeset	169 default_days = 3
1068 d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	170
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	171 [ myca_policy ]
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	172 commonName = supplied
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	173 EOF
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	174
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	175 $t->write_file('certserial', '1000');
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	176 $t->write_file('certindex', '');
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	177
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	178 system('openssl req -x509 -new '
1220 0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1139 diff changeset	179 . "-config $d/openssl.conf -subj /CN=issuer/ "
0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1139 diff changeset	180 . "-out $d/issuer.crt -keyout $d/issuer.key "
1068 d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	181 . ">>$d/openssl.out 2>&1") == 0
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	182 or die "Can't create certificate for issuer: $!\n";
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	183
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	184 system("openssl req -new "
1220 0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1139 diff changeset	185 . "-config $d/openssl.conf -subj /CN=subject/ "
0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1139 diff changeset	186 . "-out $d/subject.csr -keyout $d/subject.key "
1068 d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	187 . ">>$d/openssl.out 2>&1") == 0
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	188 or die "Can't create certificate for subject: $!\n";
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	189
1220 0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1139 diff changeset	190 system("openssl ca -batch -config $d/ca.conf "
0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1139 diff changeset	191 . "-keyfile $d/issuer.key -cert $d/issuer.crt "
0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1139 diff changeset	192 . "-subj /CN=subject/ -in $d/subject.csr -out $d/subject.crt "
1068 d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	193 . ">>$d/openssl.out 2>&1") == 0
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	194 or die "Can't sign certificate for subject: $!\n";
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	195
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	196 foreach my $name ('localhost', 'inner') {
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	197 system('openssl req -x509 -new '
1220 0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1139 diff changeset	198 . "-config $d/openssl.conf -subj /CN=$name/ "
0af58b78df35 Tests: removed single quotes from system() calls. Sergey Kandaurov <pluknet@nginx.com> parents: 1139 diff changeset	199 . "-out $d/$name.crt -keyout $d/$name.key "
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	200 . ">>$d/openssl.out 2>&1") == 0
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	201 or die "Can't create certificate for $name: $!\n";
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	202 }
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	203
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	204 # suppress deprecation warning
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	205
1324 918bf90466e0 Tests: hide startup warnings about deprecated ssl. Sergey Kandaurov <pluknet@nginx.com> parents: 1276 diff changeset	206 open OLDERR, ">&", \*STDERR; close STDERR;
1139 e7e968e3eb74 Tests: split ssl.t to run relevant tests on stable versions again. Sergey Kandaurov <pluknet@nginx.com> parents: 1132 diff changeset	207 $t->run();
1324 918bf90466e0 Tests: hide startup warnings about deprecated ssl. Sergey Kandaurov <pluknet@nginx.com> parents: 1276 diff changeset	208 open STDERR, ">&", \*OLDERR;
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	209
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	210 ###############################################################################
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	211
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	212 my $ctx;
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	213
1478 f9718a0773b9 Tests: skip TLS 1.3 session reuse tests with older Perl modules. Sergey Kandaurov <pluknet@nginx.com> parents: 1449 diff changeset	214 SKIP: {
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	215 skip 'no TLS 1.3 sessions', 6 if get('/protocol', 8085) =~ /TLSv1.3/
1478 f9718a0773b9 Tests: skip TLS 1.3 session reuse tests with older Perl modules. Sergey Kandaurov <pluknet@nginx.com> parents: 1449 diff changeset	216 && ($Net::SSLeay::VERSION < 1.88 \|\| $IO::Socket::SSL::VERSION < 2.061);
f9718a0773b9 Tests: skip TLS 1.3 session reuse tests with older Perl modules. Sergey Kandaurov <pluknet@nginx.com> parents: 1449 diff changeset	217
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	218 $ctx = get_ssl_context();
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	219
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	220 like(get('/', 8085, $ctx), qr/^body \.$/m, 'cache shared');
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	221 like(get('/', 8085, $ctx), qr/^body r$/m, 'cache shared reused');
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	222
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	223 $ctx = get_ssl_context();
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	224
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	225 like(get('/', 8081, $ctx), qr/^body \.$/m, 'cache builtin');
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	226 like(get('/', 8081, $ctx), qr/^body r$/m, 'cache builtin reused');
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	227
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	228 $ctx = get_ssl_context();
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	229
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	230 like(get('/', 8082, $ctx), qr/^body \.$/m, 'cache builtin size');
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	231 like(get('/', 8082, $ctx), qr/^body r$/m, 'cache builtin size reused');
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	232
1478 f9718a0773b9 Tests: skip TLS 1.3 session reuse tests with older Perl modules. Sergey Kandaurov <pluknet@nginx.com> parents: 1449 diff changeset	233 }
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	234
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	235 $ctx = get_ssl_context();
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	236
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	237 like(get('/', 8083, $ctx), qr/^body \.$/m, 'cache none');
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	238 like(get('/', 8083, $ctx), qr/^body \.$/m, 'cache none not reused');
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	239
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	240 $ctx = get_ssl_context();
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	241
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	242 like(get('/', 8084, $ctx), qr/^body \.$/m, 'cache off');
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	243 like(get('/', 8084, $ctx), qr/^body \.$/m, 'cache off not reused');
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	244
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	245 # ssl certificate inheritance
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	246
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	247 my $s = get_ssl_socket(8081);
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	248 like($s->dump_peer_certificate(), qr/CN=localhost/, 'CN');
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	249
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	250 $s->close();
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	251
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	252 $s = get_ssl_socket(8085);
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	253 like($s->dump_peer_certificate(), qr/CN=inner/, 'CN inner');
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	254
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	255 $s->close();
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	256
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	257 # session timeout
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	258
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	259 select undef, undef, undef, 2.1;
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	260
1067 4606a2ec3d7c Tests: ssl.t cleanup, no functional changes. Sergey Kandaurov <pluknet@nginx.com> parents: 974 diff changeset	261 like(get('/', 8081), qr/^body \.$/m, 'session timeout');
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	262
97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	263 # embedded variables
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	264
1067 4606a2ec3d7c Tests: ssl.t cleanup, no functional changes. Sergey Kandaurov <pluknet@nginx.com> parents: 974 diff changeset	265 like(get('/id', 8085), qr/^body \w{64}$/m, 'session id');
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	266 unlike(http_get('/id'), qr/body \w/, 'session id no ssl');
1067 4606a2ec3d7c Tests: ssl.t cleanup, no functional changes. Sergey Kandaurov <pluknet@nginx.com> parents: 974 diff changeset	267 like(get('/cipher', 8085), qr/^body [\w-]+$/m, 'cipher');
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	268
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	269 SKIP: {
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	270 skip 'BoringSSL', 1 if $t->has_module('BoringSSL');
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	271
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	272 like(get('/ciphers', 8085), qr/^body [:\w-]+$/m, 'ciphers');
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	273
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	274 }
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	275
1067 4606a2ec3d7c Tests: ssl.t cleanup, no functional changes. Sergey Kandaurov <pluknet@nginx.com> parents: 974 diff changeset	276 like(get('/client_verify', 8085), qr/^body NONE$/m, 'client verify');
4606a2ec3d7c Tests: ssl.t cleanup, no functional changes. Sergey Kandaurov <pluknet@nginx.com> parents: 974 diff changeset	277 like(get('/protocol', 8085), qr/^body (TLS\|SSL)v(\d\|\.)+$/m, 'protocol');
1382 cb1346b553aa Tests: simple https tests merged back. Sergey Kandaurov <pluknet@nginx.com> parents: 1325 diff changeset	278 like(cert('/issuer', 8085), qr!^body CN=issuer:/CN=issuer$!m, 'issuer');
cb1346b553aa Tests: simple https tests merged back. Sergey Kandaurov <pluknet@nginx.com> parents: 1325 diff changeset	279 like(cert('/subject', 8085), qr!^body CN=subject:/CN=subject$!m, 'subject');
cb1346b553aa Tests: simple https tests merged back. Sergey Kandaurov <pluknet@nginx.com> parents: 1325 diff changeset	280 like(cert('/time', 8085), qr/^body [:\s\w]+![:\s\w]+![23]$/m, 'time');
1139 e7e968e3eb74 Tests: split ssl.t to run relevant tests on stable versions again. Sergey Kandaurov <pluknet@nginx.com> parents: 1132 diff changeset	281
1325 f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	282 # c->read->ready handling bug in ngx_ssl_recv(), triggered with chunked body
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	283
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	284 like(get_body('/body', '0123456789', 20, 5), qr/X-Body: (0123456789){100}/,
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	285 'request body chunked');
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	286
1552 3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	287 # pipelined requests
3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	288
3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	289 $s = get_ssl_socket(8085);
3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	290 my $req = <<EOF;
3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	291 GET / HTTP/1.1
3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	292 Host: localhost
3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	293
3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	294 EOF
3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	295
3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	296 $req x= 1000;
3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	297
3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	298 my $r = http($req, socket => $s) \|\| "";
3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	299 is(() = $r =~ /(200 OK)/g, 1000, 'pipelined requests');
3b6b2667ece9 Tests: added https test with pipelined requests. Sergey Kandaurov <pluknet@nginx.com> parents: 1514 diff changeset	300
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	301 ###############################################################################
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	302
1067 4606a2ec3d7c Tests: ssl.t cleanup, no functional changes. Sergey Kandaurov <pluknet@nginx.com> parents: 974 diff changeset	303 sub get {
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	304 my ($uri, $port, $ctx) = @_;
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	305 my $s = get_ssl_socket($port, $ctx) or return;
1132 3d312b6a1a19 Tests: avoid $ssl_session_reused tests failure with OpenSSL 1.1.0. Sergey Kandaurov <pluknet@nginx.com> parents: 1116 diff changeset	306 my $r = http_get($uri, socket => $s);
3d312b6a1a19 Tests: avoid $ssl_session_reused tests failure with OpenSSL 1.1.0. Sergey Kandaurov <pluknet@nginx.com> parents: 1116 diff changeset	307 $s->close();
3d312b6a1a19 Tests: avoid $ssl_session_reused tests failure with OpenSSL 1.1.0. Sergey Kandaurov <pluknet@nginx.com> parents: 1116 diff changeset	308 return $r;
1067 4606a2ec3d7c Tests: ssl.t cleanup, no functional changes. Sergey Kandaurov <pluknet@nginx.com> parents: 974 diff changeset	309 }
4606a2ec3d7c Tests: ssl.t cleanup, no functional changes. Sergey Kandaurov <pluknet@nginx.com> parents: 974 diff changeset	310
1325 f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	311 sub get_body {
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	312 my ($uri, $body, $len, $n) = @_;
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	313 my $s = get_ssl_socket(8085) or return;
1325 f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	314 http("GET /body HTTP/1.1" . CRLF
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	315 . "Host: localhost" . CRLF
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	316 . "Connection: close" . CRLF
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	317 . "Transfer-Encoding: chunked" . CRLF . CRLF,
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	318 socket => $s, start => 1);
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	319 my $chs = unpack("H", pack("C", length($body) $len));
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	320 http($chs . CRLF . $body x $len . CRLF, socket => $s, start => 1)
1325 f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	321 for 1 .. $n;
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	322 my $r = http("0" . CRLF . CRLF, socket => $s);
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	323 $s->close();
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	324 return $r;
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	325 }
f80176242a7e Tests: c->read->ready handling in ngx_ssl_recv(), fixed in 1.5.8. Sergey Kandaurov <pluknet@nginx.com> parents: 1324 diff changeset	326
1068 d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	327 sub cert {
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	328 my ($uri, $port) = @_;
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	329 my $s = get_ssl_socket($port, undef,
1068 d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	330 SSL_cert_file => "$d/subject.crt",
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	331 SSL_key_file => "$d/subject.key") or return;
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	332 http_get($uri, socket => $s);
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	333 }
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	334
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	335 sub get_ssl_context {
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	336 return IO::Socket::SSL::SSL_Context->new(
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	337 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	338 SSL_session_cache_size => 100
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	339 );
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	340 }
c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	341
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	342 sub get_ssl_socket {
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	343 my ($port, $ctx, %extra) = @_;
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	344 my $s;
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	345
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	346 eval {
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	347 local $SIG{ALRM} = sub { die "timeout\n" };
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	348 local $SIG{PIPE} = sub { die "sigpipe\n" };
1421 4e48bf51714f Tests: aligned various generic read timeouts to http_end(). Sergey Kandaurov <pluknet@nginx.com> parents: 1407 diff changeset	349 alarm(8);
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	350 $s = IO::Socket::SSL->new(
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	351 Proto => 'tcp',
664 97660514e518 Tests: more http ssl tests. Andrey Zelenkov <zelenkov@nginx.com> parents: 503 diff changeset	352 PeerAddr => '127.0.0.1',
1514 c6f27bcdd9d9 Tests: revised ssl.t. Sergey Kandaurov <pluknet@nginx.com> parents: 1488 diff changeset	353 PeerPort => port($port),
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	354 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	355 SSL_reuse_ctx => $ctx,
1068 d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	356 SSL_error_trap => sub { die $_[1] },
d0ec761774a5 Tests: client certificate issuer/subject variables. Sergey Kandaurov <pluknet@nginx.com> parents: 1067 diff changeset	357 %extra
370 74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	358 );
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	359 alarm(0);
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	360 };
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	361 alarm(0);
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	362
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	363 if ($@) {
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	364 log_in("died: $@");
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	365 return undef;
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	366 }
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	367
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	368 return $s;
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	369 }
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	370
74cfe56c7b83 Tests: simple https tests. Sergey Kandaurov <pluknet@nginx.com> parents: diff changeset	371 ###############################################################################

Mercurial > hg > nginx-tests

annotate ssl.t @ 1606:e4e0695552ed