Mercurial > hg > nginx-tests

annotate uwsgi_ssl_verify.t @ 1976:4e79bd25642f default tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: added test for headers without a colon.
author Maxim Dounin <mdounin@mdounin.ru>
date Sat, 11 May 2024 18:56:23 +0300
parents 1b9f21836f57
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1688
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
1 #!/usr/bin/perl
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
2
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
3 # (C) Maxim Dounin
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
4 # (C) Sergey Kandaurov
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
5 # (C) Nginx, Inc.
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
6
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
7 # Tests for uwsgi backend with SSL, backend certificate verification.
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
8
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
9 ###############################################################################
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
10
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
11 use warnings;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
12 use strict;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
13
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
14 use Test::More;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
15
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
16 BEGIN { use FindBin; chdir($FindBin::Bin); }
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
17
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
18 use lib 'lib';
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
19 use Test::Nginx;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
20
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
21 ###############################################################################
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
22
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
23 select STDERR; $| = 1;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
24 select STDOUT; $| = 1;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
25
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
26 my $t = Test::Nginx->new()->has(qw/http http_ssl uwsgi/)
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
27 ->has_daemon('uwsgi')->has_daemon('openssl')->plan(6)
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
28 ->write_file_expand('nginx.conf', <<'EOF');
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
29
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
30 %%TEST_GLOBALS%%
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
31
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
32 daemon off;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
33
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
34 events {
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
35 }
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
36
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
37 http {
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
38 %%TEST_GLOBALS_HTTP%%
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
39
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
40 server {
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
41 listen 127.0.0.1:8080;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
42 server_name localhost;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
43
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
44 location /verify {
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
45 uwsgi_pass suwsgi://127.0.0.1:8081;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
46 uwsgi_ssl_name example.com;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
47 uwsgi_ssl_verify on;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
48 uwsgi_ssl_trusted_certificate 1.example.com.crt;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
49 }
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
50
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
51 location /wildcard {
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
52 uwsgi_pass suwsgi://127.0.0.1:8081;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
53 uwsgi_ssl_name foo.example.com;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
54 uwsgi_ssl_verify on;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
55 uwsgi_ssl_trusted_certificate 1.example.com.crt;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
56 }
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
57
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
58 location /fail {
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
59 uwsgi_pass suwsgi://127.0.0.1:8081;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
60 uwsgi_ssl_name no.match.example.com;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
61 uwsgi_ssl_verify on;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
62 uwsgi_ssl_trusted_certificate 1.example.com.crt;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
63 }
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
64
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
65 location /cn {
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
66 uwsgi_pass suwsgi://127.0.0.1:8082;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
67 uwsgi_ssl_name 2.example.com;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
68 uwsgi_ssl_verify on;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
69 uwsgi_ssl_trusted_certificate 2.example.com.crt;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
70 }
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
71
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
72 location /cn/fail {
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
73 uwsgi_pass suwsgi://127.0.0.1:8082;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
74 uwsgi_ssl_name bad.example.com;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
75 uwsgi_ssl_verify on;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
76 uwsgi_ssl_trusted_certificate 2.example.com.crt;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
77 }
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
78
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
79 location /untrusted {
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
80 uwsgi_pass suwsgi://127.0.0.1:8082;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
81 uwsgi_ssl_verify on;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
82 uwsgi_ssl_trusted_certificate 1.example.com.crt;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
83 uwsgi_ssl_session_reuse off;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
84 }
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
85 }
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
86 }
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
87
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
88 EOF
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
89
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
90 $t->write_file('openssl.1.example.com.conf', <<EOF);
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
91 [ req ]
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
92 prompt = no
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
93 default_bits = 2048
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
94 encrypt_key = no
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
95 distinguished_name = req_distinguished_name
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
96 x509_extensions = v3_req
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
97
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
98 [ req_distinguished_name ]
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
99 commonName=no.match.example.com
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
100
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
101 [ v3_req ]
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
102 subjectAltName = DNS:example.com,DNS:*.example.com
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
103 EOF
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
104
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
105 $t->write_file('openssl.2.example.com.conf', <<EOF);
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
106 [ req ]
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
107 prompt = no
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
108 default_bits = 2048
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
109 encrypt_key = no
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
110 distinguished_name = req_distinguished_name
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
111
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
112 [ req_distinguished_name ]
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
113 commonName=2.example.com
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
114 EOF
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
115
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
116 my $d = $t->testdir();
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
117 my $crt1 = "$d/1.example.com.crt";
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
118 my $crt2 = "$d/2.example.com.crt";
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
119 my $key1 = "$d/1.example.com.key";
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
120 my $key2 = "$d/2.example.com.key";
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
121
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
122 foreach my $name ('1.example.com', '2.example.com') {
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
123 system('openssl req -x509 -new '
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
124 . "-config $d/openssl.$name.conf "
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
125 . "-out $d/$name.crt -keyout $d/$name.key "
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
126 . ">>$d/openssl.out 2>&1") == 0
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
127 or die "Can't create certificate for $name: $!\n";
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
128 }
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
129
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
130 $t->write_file('uwsgi_test_app.py', <<END);
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
131
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
132 def application(env, start_response):
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
133 start_response('200 OK', [('Content-Type','text/plain')])
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
134 return b"SEE-THIS"
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
135
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
136 END
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
137
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
138 my $uwsgihelp = `uwsgi -h`;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
139 my @uwsgiopts = ();
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
140
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
141 if ($uwsgihelp !~ /--wsgi-file/) {
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
142 # uwsgi has no python support, maybe plugin load is necessary
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
143 push @uwsgiopts, '--plugin', 'python';
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
144 push @uwsgiopts, '--plugin', 'python3';
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
145 }
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
146
1923
1b9f21836f57 Tests: enabled TLSv1 in uwsgi SSL tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1688
diff changeset
147 if ($uwsgihelp =~ /--ssl-enable-tlsv1/) {
1b9f21836f57 Tests: enabled TLSv1 in uwsgi SSL tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1688
diff changeset
148 # uwsgi disables TLSv1 by default since 2.0.17.1
1b9f21836f57 Tests: enabled TLSv1 in uwsgi SSL tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1688
diff changeset
149 push @uwsgiopts, '--ssl-enable-tlsv1';
1b9f21836f57 Tests: enabled TLSv1 in uwsgi SSL tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1688
diff changeset
150 }
1b9f21836f57 Tests: enabled TLSv1 in uwsgi SSL tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1688
diff changeset
151
1688
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
152 open OLDERR, ">&", \*STDERR; close STDERR;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
153 $t->run_daemon('uwsgi', @uwsgiopts,
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
154 '--ssl-socket', '127.0.0.1:' . port(8081) . ",$crt1,$key1",
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
155 '--wsgi-file', $d . '/uwsgi_test_app.py',
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
156 '--logto', $d . '/uwsgi_log');
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
157 $t->run_daemon('uwsgi', @uwsgiopts,
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
158 '--ssl-socket', '127.0.0.1:' . port(8082) . ",$crt2,$key2",
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
159 '--wsgi-file', $d . '/uwsgi_test_app.py',
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
160 '--logto', $d . '/uwsgi_log');
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
161 open STDERR, ">&", \*OLDERR;
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
162
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
163 $t->run();
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
164
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
165 $t->waitforsocket('127.0.0.1:' . port(8081))
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
166 or die "Can't start uwsgi";
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
167 $t->waitforsocket('127.0.0.1:' . port(8082))
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
168 or die "Can't start uwsgi";
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
169
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
170 ###############################################################################
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
171
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
172 # subjectAltName
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
173
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
174 like(http_get('/verify'), qr/200 OK/ms, 'verify');
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
175 like(http_get('/wildcard'), qr/200 OK/ms, 'verify wildcard');
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
176 like(http_get('/fail'), qr/502 Bad/ms, 'verify fail');
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
177
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
178 # commonName
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
179
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
180 like(http_get('/cn'), qr/200 OK/ms, 'verify cn');
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
181 like(http_get('/cn/fail'), qr/502 Bad/ms, 'verify cn fail');
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
182
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
183 # untrusted
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
184
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
185 like(http_get('/untrusted'), qr/502 Bad/ms, 'untrusted');
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
186
31ea330ac360 Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
187 ###############################################################################