Mercurial > hg > nginx-tests

annotate stream_ssl_verify_client.t @ 1976:4e79bd25642f default tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: added test for headers without a colon.
author Maxim Dounin <mdounin@mdounin.ru>
date Sat, 11 May 2024 18:56:23 +0300
parents b72a8c4a1bef
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1104
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
1 #!/usr/bin/perl
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
2
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
3 # (C) Sergey Kandaurov
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
4 # (C) Andrey Zelenkov
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
5 # (C) Nginx, Inc.
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
6
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
7 # Tests for stream ssl module, ssl_verify_client.
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
8
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
9 ###############################################################################
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
10
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
11 use warnings;
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
12 use strict;
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
13
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
14 use Test::More;
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
15
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
16 BEGIN { use FindBin; chdir($FindBin::Bin); }
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
17
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
18 use lib 'lib';
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
19 use Test::Nginx;
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
20 use Test::Nginx::Stream qw/ stream /;
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
21
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
22 ###############################################################################
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
23
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
24 select STDERR; $| = 1;
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
25 select STDOUT; $| = 1;
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
26
1863
dbb7561a9441 Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1843
diff changeset
27 my $t = Test::Nginx->new()->has(qw/stream stream_ssl stream_return socket_ssl/)
1104
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
28 ->has_daemon('openssl');
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
29
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
30 $t->write_file_expand('nginx.conf', <<'EOF');
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
31
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
32 %%TEST_GLOBALS%%
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
33
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
34 daemon off;
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
35
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
36 events {
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
37 }
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
38
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
39 stream {
1609
f3ba4c74de31 Tests: added TEST_GLOBALS_STREAM variable support.
Andrei Belov <defan@nginx.com>
parents: 1488
diff changeset
40 %%TEST_GLOBALS_STREAM%%
f3ba4c74de31 Tests: added TEST_GLOBALS_STREAM variable support.
Andrei Belov <defan@nginx.com>
parents: 1488
diff changeset
41
1114
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
42 log_format status $status;
1104
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
43
1114
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
44 ssl_certificate_key 1.example.com.key;
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
45 ssl_certificate 1.example.com.crt;
1104
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
46
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
47 server {
1114
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
48 listen 127.0.0.1:8080;
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
49 return $ssl_client_verify:$ssl_client_cert;
1104
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
50
1114
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
51 ssl_verify_client on;
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
52 ssl_client_certificate 2.example.com.crt;
1104
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
53 }
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
54
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
55 server {
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
56 listen 127.0.0.1:8081 ssl;
1114
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
57 return $ssl_client_verify:$ssl_client_cert;
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
58
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
59 ssl_verify_client on;
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
60 ssl_client_certificate 2.example.com.crt;
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
61
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
62 access_log %%TESTDIR%%/status.log status;
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
63 }
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
64
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
65 server {
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
66 listen 127.0.0.1:8082 ssl;
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
67 return $ssl_client_verify:$ssl_client_cert;
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
68
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
69 ssl_verify_client optional;
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
70 ssl_client_certificate 2.example.com.crt;
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
71 ssl_trusted_certificate 3.example.com.crt;
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
72 }
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
73
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
74 server {
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
75 listen 127.0.0.1:8083 ssl;
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
76 return $ssl_client_verify:$ssl_client_cert;
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
77
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
78 ssl_verify_client optional_no_ca;
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
79 ssl_client_certificate 2.example.com.crt;
1104
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
80 }
1843
818e6d8c43b5 Tests: LibreSSL does not send CA lists with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1621
diff changeset
81
818e6d8c43b5 Tests: LibreSSL does not send CA lists with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1621
diff changeset
82 server {
818e6d8c43b5 Tests: LibreSSL does not send CA lists with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1621
diff changeset
83 listen 127.0.0.1:8084 ssl;
818e6d8c43b5 Tests: LibreSSL does not send CA lists with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1621
diff changeset
84 return $ssl_protocol;
818e6d8c43b5 Tests: LibreSSL does not send CA lists with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1621
diff changeset
85 }
1104
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
86 }
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
87
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
88 EOF
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
89
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
90 $t->write_file('openssl.conf', <<EOF);
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
91 [ req ]
1488
dbce8fb5f5f8 Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1251
diff changeset
92 default_bits = 2048
1104
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
93 encrypt_key = no
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
94 distinguished_name = req_distinguished_name
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
95 [ req_distinguished_name ]
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
96 EOF
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
97
1114
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
98 my $d = $t->testdir();
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
99
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
100 foreach my $name ('1.example.com', '2.example.com', '3.example.com') {
1104
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
101 system('openssl req -x509 -new '
1220
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
102 . "-config $d/openssl.conf -subj /CN=$name/ "
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
103 . "-out $d/$name.crt -keyout $d/$name.key "
1104
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
104 . ">>$d/openssl.out 2>&1") == 0
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
105 or die "Can't create certificate for $name: $!\n";
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
106 }
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
107
1251
766bcbb632ee Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1235
diff changeset
108 $t->run()->plan(10);
1104
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
109
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
110 ###############################################################################
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
111
1235
3fc6817cd84a Tests: explicit peer port in stream tests now required.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 1220
diff changeset
112 is(stream('127.0.0.1:' . port(8080))->read(), ':', 'plain connection');
1114
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
113
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
114 is(get(8081), '', 'no cert');
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
115 is(get(8082, '1.example.com'), '', 'bad optional cert');
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
116 is(get(8082), 'NONE:', 'no optional cert');
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
117 like(get(8083, '1.example.com'), qr/FAILED.*BEGIN/, 'bad optional_no_ca cert');
1104
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
118
1114
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
119 like(get(8081, '2.example.com'), qr/SUCCESS.*BEGIN/, 'good cert');
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
120 like(get(8082, '2.example.com'), qr/SUCCESS.*BEGIN/, 'good cert optional');
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
121 like(get(8082, '3.example.com'), qr/SUCCESS.*BEGIN/, 'good cert trusted');
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
122
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
123 SKIP: {
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
124 skip 'Net::SSLeay version >= 1.36 required', 1 if $Net::SSLeay::VERSION < 1.36;
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
125
1843
818e6d8c43b5 Tests: LibreSSL does not send CA lists with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1621
diff changeset
126 TODO: {
818e6d8c43b5 Tests: LibreSSL does not send CA lists with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1621
diff changeset
127 local $TODO = 'broken TLSv1.3 CA list in LibreSSL'
818e6d8c43b5 Tests: LibreSSL does not send CA lists with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1621
diff changeset
128 if $t->has_module('LibreSSL') && test_tls13();
1968
b72a8c4a1bef Tests: CA list handling with Net::SSLeay with LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1863
diff changeset
129 local $TODO = 'no TLSv1.3 CA list in Net::SSLeay (LibreSSL)'
b72a8c4a1bef Tests: CA list handling with Net::SSLeay with LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1863
diff changeset
130 if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13();
1843
818e6d8c43b5 Tests: LibreSSL does not send CA lists with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1621
diff changeset
131
1114
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
132 my $ca = join ' ', get(8082, '3.example.com');
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
133 is($ca, '/CN=2.example.com', 'no trusted sent');
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
134
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
135 }
1843
818e6d8c43b5 Tests: LibreSSL does not send CA lists with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1621
diff changeset
136 }
1114
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
137
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
138 $t->stop();
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
139
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
140 is($t->read_file('status.log'), "500\n200\n", 'log');
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
141
1104
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
142 ###############################################################################
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
143
1843
818e6d8c43b5 Tests: LibreSSL does not send CA lists with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1621
diff changeset
144 sub test_tls13 {
818e6d8c43b5 Tests: LibreSSL does not send CA lists with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1621
diff changeset
145 get(8084) =~ /TLSv1.3/;
818e6d8c43b5 Tests: LibreSSL does not send CA lists with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1621
diff changeset
146 }
818e6d8c43b5 Tests: LibreSSL does not send CA lists with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1621
diff changeset
147
1114
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
148 sub get {
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
149 my ($port, $cert) = @_;
1104
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
150
1863
dbb7561a9441 Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1843
diff changeset
151 my $s = stream(
dbb7561a9441 Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1843
diff changeset
152 PeerAddr => '127.0.0.1:' . port($port),
dbb7561a9441 Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1843
diff changeset
153 SSL => 1,
dbb7561a9441 Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1843
diff changeset
154 $cert ? (
dbb7561a9441 Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1843
diff changeset
155 SSL_cert_file => "$d/$cert.crt",
dbb7561a9441 Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1843
diff changeset
156 SSL_key_file => "$d/$cert.key"
dbb7561a9441 Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1843
diff changeset
157 ) : ()
dbb7561a9441 Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1843
diff changeset
158 );
1114
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
159
1863
dbb7561a9441 Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1843
diff changeset
160 return $s->read() unless wantarray();
1114
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
161
1863
dbb7561a9441 Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1843
diff changeset
162 # Note: this uses IO::Socket::SSL::_get_ssl_object() internal method.
dbb7561a9441 Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1843
diff changeset
163 # While not exactly correct, it looks like there is no other way to
dbb7561a9441 Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1843
diff changeset
164 # obtain CA list with IO::Socket::SSL, and this seems to be good
dbb7561a9441 Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1843
diff changeset
165 # enough for tests.
dbb7561a9441 Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1843
diff changeset
166
dbb7561a9441 Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1843
diff changeset
167 my $ssl = $s->socket()->_get_ssl_object();
1114
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
168 my $list = Net::SSLeay::get_client_CA_list($ssl);
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
169 my @names;
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
170 for my $i (0 .. Net::SSLeay::sk_X509_NAME_num($list) - 1) {
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
171 my $name = Net::SSLeay::sk_X509_NAME_value($list, $i);
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
172 push @names, Net::SSLeay::X509_NAME_oneline($name);
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
173 }
c5df4742ad40 Tests: more http/stream ssl_verify_client tests borrowed from mail.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1104
diff changeset
174 return @names;
1104
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
175 }
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
176
b3d5a2f8a00b Tests: stream ssl_verify_client tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff changeset
177 ###############################################################################