Mercurial > hg > nginx-tests
comparison ssl_verify_client.t @ 1277:1d7c87dba788
Tests: added test for SSL session remove (ticket #1464).
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Wed, 31 Jan 2018 14:05:58 +0300 |
| parents | eadd24ccfda1 |
| children | e8eef0ebc548 |
comparison
equal
deleted
inserted
replaced
| 1276:490691c45b3f | 1277:1d7c87dba788 |
|---|---|
| 38 Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die; | 38 Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die; |
| 39 }; | 39 }; |
| 40 plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@; | 40 plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@; |
| 41 | 41 |
| 42 my $t = Test::Nginx->new()->has(qw/http http_ssl sni/) | 42 my $t = Test::Nginx->new()->has(qw/http http_ssl sni/) |
| 43 ->has_daemon('openssl')->plan(10); | 43 ->has_daemon('openssl')->plan(11); |
| 44 | 44 |
| 45 $t->write_file_expand('nginx.conf', <<'EOF'); | 45 $t->write_file_expand('nginx.conf', <<'EOF'); |
| 46 | 46 |
| 47 %%TEST_GLOBALS%% | 47 %%TEST_GLOBALS%% |
| 48 | 48 |
| 54 http { | 54 http { |
| 55 %%TEST_GLOBALS_HTTP%% | 55 %%TEST_GLOBALS_HTTP%% |
| 56 | 56 |
| 57 add_header X-Verify x$ssl_client_verify:${ssl_client_cert}x; | 57 add_header X-Verify x$ssl_client_verify:${ssl_client_cert}x; |
| 58 | 58 |
| 59 ssl_certificate_key 1.example.com.key; | |
| 60 ssl_certificate 1.example.com.crt; | |
| 61 | |
| 62 server { | 59 server { |
| 63 listen 127.0.0.1:8080; | 60 listen 127.0.0.1:8080; |
| 64 server_name localhost; | 61 server_name localhost; |
| 65 | 62 |
| 63 ssl_certificate_key 1.example.com.key; | |
| 64 ssl_certificate 1.example.com.crt; | |
| 65 | |
| 66 ssl_verify_client on; | 66 ssl_verify_client on; |
| 67 ssl_client_certificate 2.example.com.crt; | 67 ssl_client_certificate 2.example.com.crt; |
| 68 } | 68 } |
| 69 | 69 |
| 70 server { | 70 server { |
| 71 listen 127.0.0.1:8081 ssl; | 71 listen 127.0.0.1:8081 ssl; |
| 72 server_name on; | 72 server_name on; |
| 73 | 73 |
| 74 ssl_certificate_key 1.example.com.key; | |
| 75 ssl_certificate 1.example.com.crt; | |
| 76 | |
| 74 ssl_verify_client on; | 77 ssl_verify_client on; |
| 75 ssl_client_certificate 2.example.com.crt; | 78 ssl_client_certificate 2.example.com.crt; |
| 76 } | 79 } |
| 77 | 80 |
| 78 server { | 81 server { |
| 79 listen 127.0.0.1:8081 ssl; | 82 listen 127.0.0.1:8081 ssl; |
| 80 server_name optional; | 83 server_name optional; |
| 81 | 84 |
| 85 ssl_certificate_key 1.example.com.key; | |
| 86 ssl_certificate 1.example.com.crt; | |
| 87 | |
| 82 ssl_verify_client optional; | 88 ssl_verify_client optional; |
| 83 ssl_client_certificate 2.example.com.crt; | 89 ssl_client_certificate 2.example.com.crt; |
| 84 ssl_trusted_certificate 3.example.com.crt; | 90 ssl_trusted_certificate 3.example.com.crt; |
| 85 } | 91 } |
| 86 | 92 |
| 87 server { | 93 server { |
| 88 listen 127.0.0.1:8081 ssl; | 94 listen 127.0.0.1:8081 ssl; |
| 89 server_name optional_no_ca; | 95 server_name optional_no_ca; |
| 90 | 96 |
| 97 ssl_certificate_key 1.example.com.key; | |
| 98 ssl_certificate 1.example.com.crt; | |
| 99 | |
| 91 ssl_verify_client optional_no_ca; | 100 ssl_verify_client optional_no_ca; |
| 92 ssl_client_certificate 2.example.com.crt; | 101 ssl_client_certificate 2.example.com.crt; |
| 102 } | |
| 103 | |
| 104 server { | |
| 105 listen 127.0.0.1:8081; | |
| 106 server_name no_context; | |
| 107 | |
| 108 ssl_verify_client on; | |
| 93 } | 109 } |
| 94 } | 110 } |
| 95 | 111 |
| 96 EOF | 112 EOF |
| 97 | 113 |
| 121 | 137 |
| 122 ############################################################################### | 138 ############################################################################### |
| 123 | 139 |
| 124 like(http_get('/t'), qr/x:x/, 'plain connection'); | 140 like(http_get('/t'), qr/x:x/, 'plain connection'); |
| 125 like(get('on'), qr/400 Bad Request/, 'no cert'); | 141 like(get('on'), qr/400 Bad Request/, 'no cert'); |
| 142 | |
| 143 TODO: { | |
| 144 todo_skip 'leaves coredump', unless $t->has_version('1.13.9'); | |
| 145 | |
| 146 like(get('no_context'), qr/400 Bad Request/, 'no server cert'); | |
| 147 | |
| 148 } | |
| 149 | |
| 126 like(get('optional'), qr/NONE:x/, 'no optional cert'); | 150 like(get('optional'), qr/NONE:x/, 'no optional cert'); |
| 127 like(get('optional', '1.example.com'), qr/400 Bad/, 'bad optional cert'); | 151 like(get('optional', '1.example.com'), qr/400 Bad/, 'bad optional cert'); |
| 128 like(get('optional_no_ca', '1.example.com'), qr/FAILED.*BEGIN/, | 152 like(get('optional_no_ca', '1.example.com'), qr/FAILED.*BEGIN/, |
| 129 'bad optional_no_ca cert'); | 153 'bad optional_no_ca cert'); |
| 130 | 154 |