Mercurial > hg > nginx-tests
annotate ssl_conf_command.t @ 1606:e4e0695552ed
Tests: fixed stream_proxy_ssl_conf_command.t.
The stream_proxy_ssl_conf_command.t test used stream return module
to return the response. Since this ignores actual request, but the
perl test code used http_get(). This might result in the request being
sent after the response is returned and the connection closed by the server,
resulting in RST being generated and no response seen by the client at all.
Fix is to use "stream(...)->read()" instead of http_get(), so
no request is sent at all, eliminating possibility of RST being
generated.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Tue, 10 Nov 2020 05:03:29 +0300 |
| parents | 8d2d37a4b48e |
| children | f6795e2e6a4b |
| rev | line source |
|---|---|
|
1603
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for http ssl module, ssl_conf_command. |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 ############################################################################### |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 select STDERR; $| = 1; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDOUT; $| = 1; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 eval { |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 require Net::SSLeay; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 Net::SSLeay::load_error_strings(); |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 Net::SSLeay::SSLeay_add_ssl_algorithms(); |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 Net::SSLeay::randomize(); |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 }; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 plan(skip_all => 'Net::SSLeay not installed') if $@; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 my $t = Test::Nginx->new()->has(qw/http http_ssl/) |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 ->has_daemon('openssl'); |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 $t->write_file_expand('nginx.conf', <<'EOF'); |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 %%TEST_GLOBALS%% |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 daemon off; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 events { |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 } |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 http { |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 %%TEST_GLOBALS_HTTP%% |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 server { |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 listen 127.0.0.1:8443 ssl; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 server_name localhost; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 ssl_protocols TLSv1.2; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 ssl_session_tickets off; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 ssl_conf_command Options SessionTicket; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 ssl_prefer_server_ciphers on; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 ssl_conf_command Options -ServerPreference; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 ssl_certificate localhost.crt; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 ssl_certificate_key localhost.key; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 ssl_conf_command Certificate override.crt; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 ssl_conf_command PrivateKey override.key; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 } |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 } |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 EOF |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 $t->write_file('openssl.conf', <<EOF); |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 [ req ] |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 default_bits = 2048 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 encrypt_key = no |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 distinguished_name = req_distinguished_name |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 [ req_distinguished_name ] |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 EOF |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 my $d = $t->testdir(); |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 foreach my $name ('localhost', 'override') { |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 system('openssl req -x509 -new ' |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 . "-config $d/openssl.conf -subj /CN=$name/ " |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 . "-out $d/$name.crt -keyout $d/$name.key " |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 . ">>$d/openssl.out 2>&1") == 0 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 or die "Can't create certificate for $name: $!\n"; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 } |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 $t->try_run('no ssl_conf_command')->plan(3); |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 ############################################################################### |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!"); |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 my ($s, $ssl) = get_ssl_socket(); |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 like(Net::SSLeay::dump_peer_certificate($ssl), qr/CN=override/, 'Certificate'); |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 my $ses = Net::SSLeay::get_session($ssl); |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 ($s, $ssl) = get_ssl_socket(ses => $ses); |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 ok(Net::SSLeay::session_reused($ssl), 'SessionTicket'); |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 ($s, $ssl) = get_ssl_socket(ciphers => |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384'); |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 is(Net::SSLeay::get_cipher($ssl), |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 'ECDHE-RSA-AES128-GCM-SHA256', 'ServerPreference'); |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 ############################################################################### |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 sub get_ssl_socket { |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 my (%extra) = @_; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 my $s = IO::Socket::INET->new('127.0.0.1:' . port(8443)); |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!"); |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 Net::SSLeay::set_session($ssl, $extra{ses}) if $extra{ses}; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 Net::SSLeay::set_cipher_list($ssl, $extra{ciphers}) if $extra{ciphers}; |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 Net::SSLeay::set_fd($ssl, fileno($s)); |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 Net::SSLeay::connect($ssl) or die("ssl connect"); |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 return ($s, $ssl); |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 } |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 |
|
8d2d37a4b48e
Tests: ssl_conf_command tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 ############################################################################### |