comparison ssl_verify_client.t @ 1277:1d7c87dba788

Tests: added test for SSL session remove (ticket #1464).
author Sergey Kandaurov <pluknet@nginx.com>
date Wed, 31 Jan 2018 14:05:58 +0300
parents eadd24ccfda1
children e8eef0ebc548
comparison
equal deleted inserted replaced
1276:490691c45b3f 1277:1d7c87dba788
38 Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die; 38 Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die;
39 }; 39 };
40 plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@; 40 plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@;
41 41
42 my $t = Test::Nginx->new()->has(qw/http http_ssl sni/) 42 my $t = Test::Nginx->new()->has(qw/http http_ssl sni/)
43 ->has_daemon('openssl')->plan(10); 43 ->has_daemon('openssl')->plan(11);
44 44
45 $t->write_file_expand('nginx.conf', <<'EOF'); 45 $t->write_file_expand('nginx.conf', <<'EOF');
46 46
47 %%TEST_GLOBALS%% 47 %%TEST_GLOBALS%%
48 48
54 http { 54 http {
55 %%TEST_GLOBALS_HTTP%% 55 %%TEST_GLOBALS_HTTP%%
56 56
57 add_header X-Verify x$ssl_client_verify:${ssl_client_cert}x; 57 add_header X-Verify x$ssl_client_verify:${ssl_client_cert}x;
58 58
59 ssl_certificate_key 1.example.com.key;
60 ssl_certificate 1.example.com.crt;
61
62 server { 59 server {
63 listen 127.0.0.1:8080; 60 listen 127.0.0.1:8080;
64 server_name localhost; 61 server_name localhost;
65 62
63 ssl_certificate_key 1.example.com.key;
64 ssl_certificate 1.example.com.crt;
65
66 ssl_verify_client on; 66 ssl_verify_client on;
67 ssl_client_certificate 2.example.com.crt; 67 ssl_client_certificate 2.example.com.crt;
68 } 68 }
69 69
70 server { 70 server {
71 listen 127.0.0.1:8081 ssl; 71 listen 127.0.0.1:8081 ssl;
72 server_name on; 72 server_name on;
73 73
74 ssl_certificate_key 1.example.com.key;
75 ssl_certificate 1.example.com.crt;
76
74 ssl_verify_client on; 77 ssl_verify_client on;
75 ssl_client_certificate 2.example.com.crt; 78 ssl_client_certificate 2.example.com.crt;
76 } 79 }
77 80
78 server { 81 server {
79 listen 127.0.0.1:8081 ssl; 82 listen 127.0.0.1:8081 ssl;
80 server_name optional; 83 server_name optional;
81 84
85 ssl_certificate_key 1.example.com.key;
86 ssl_certificate 1.example.com.crt;
87
82 ssl_verify_client optional; 88 ssl_verify_client optional;
83 ssl_client_certificate 2.example.com.crt; 89 ssl_client_certificate 2.example.com.crt;
84 ssl_trusted_certificate 3.example.com.crt; 90 ssl_trusted_certificate 3.example.com.crt;
85 } 91 }
86 92
87 server { 93 server {
88 listen 127.0.0.1:8081 ssl; 94 listen 127.0.0.1:8081 ssl;
89 server_name optional_no_ca; 95 server_name optional_no_ca;
90 96
97 ssl_certificate_key 1.example.com.key;
98 ssl_certificate 1.example.com.crt;
99
91 ssl_verify_client optional_no_ca; 100 ssl_verify_client optional_no_ca;
92 ssl_client_certificate 2.example.com.crt; 101 ssl_client_certificate 2.example.com.crt;
102 }
103
104 server {
105 listen 127.0.0.1:8081;
106 server_name no_context;
107
108 ssl_verify_client on;
93 } 109 }
94 } 110 }
95 111
96 EOF 112 EOF
97 113
121 137
122 ############################################################################### 138 ###############################################################################
123 139
124 like(http_get('/t'), qr/x:x/, 'plain connection'); 140 like(http_get('/t'), qr/x:x/, 'plain connection');
125 like(get('on'), qr/400 Bad Request/, 'no cert'); 141 like(get('on'), qr/400 Bad Request/, 'no cert');
142
143 TODO: {
144 todo_skip 'leaves coredump', unless $t->has_version('1.13.9');
145
146 like(get('no_context'), qr/400 Bad Request/, 'no server cert');
147
148 }
149
126 like(get('optional'), qr/NONE:x/, 'no optional cert'); 150 like(get('optional'), qr/NONE:x/, 'no optional cert');
127 like(get('optional', '1.example.com'), qr/400 Bad/, 'bad optional cert'); 151 like(get('optional', '1.example.com'), qr/400 Bad/, 'bad optional cert');
128 like(get('optional_no_ca', '1.example.com'), qr/FAILED.*BEGIN/, 152 like(get('optional_no_ca', '1.example.com'), qr/FAILED.*BEGIN/,
129 'bad optional_no_ca cert'); 153 'bad optional_no_ca cert');
130 154