Mercurial > hg > nginx-tests
comparison ssl_verify_client.t @ 1277:1d7c87dba788
Tests: added test for SSL session remove (ticket #1464).
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Wed, 31 Jan 2018 14:05:58 +0300 |
parents | eadd24ccfda1 |
children | e8eef0ebc548 |
comparison
equal
deleted
inserted
replaced
1276:490691c45b3f | 1277:1d7c87dba788 |
---|---|
38 Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die; | 38 Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die; |
39 }; | 39 }; |
40 plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@; | 40 plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@; |
41 | 41 |
42 my $t = Test::Nginx->new()->has(qw/http http_ssl sni/) | 42 my $t = Test::Nginx->new()->has(qw/http http_ssl sni/) |
43 ->has_daemon('openssl')->plan(10); | 43 ->has_daemon('openssl')->plan(11); |
44 | 44 |
45 $t->write_file_expand('nginx.conf', <<'EOF'); | 45 $t->write_file_expand('nginx.conf', <<'EOF'); |
46 | 46 |
47 %%TEST_GLOBALS%% | 47 %%TEST_GLOBALS%% |
48 | 48 |
54 http { | 54 http { |
55 %%TEST_GLOBALS_HTTP%% | 55 %%TEST_GLOBALS_HTTP%% |
56 | 56 |
57 add_header X-Verify x$ssl_client_verify:${ssl_client_cert}x; | 57 add_header X-Verify x$ssl_client_verify:${ssl_client_cert}x; |
58 | 58 |
59 ssl_certificate_key 1.example.com.key; | |
60 ssl_certificate 1.example.com.crt; | |
61 | |
62 server { | 59 server { |
63 listen 127.0.0.1:8080; | 60 listen 127.0.0.1:8080; |
64 server_name localhost; | 61 server_name localhost; |
65 | 62 |
63 ssl_certificate_key 1.example.com.key; | |
64 ssl_certificate 1.example.com.crt; | |
65 | |
66 ssl_verify_client on; | 66 ssl_verify_client on; |
67 ssl_client_certificate 2.example.com.crt; | 67 ssl_client_certificate 2.example.com.crt; |
68 } | 68 } |
69 | 69 |
70 server { | 70 server { |
71 listen 127.0.0.1:8081 ssl; | 71 listen 127.0.0.1:8081 ssl; |
72 server_name on; | 72 server_name on; |
73 | 73 |
74 ssl_certificate_key 1.example.com.key; | |
75 ssl_certificate 1.example.com.crt; | |
76 | |
74 ssl_verify_client on; | 77 ssl_verify_client on; |
75 ssl_client_certificate 2.example.com.crt; | 78 ssl_client_certificate 2.example.com.crt; |
76 } | 79 } |
77 | 80 |
78 server { | 81 server { |
79 listen 127.0.0.1:8081 ssl; | 82 listen 127.0.0.1:8081 ssl; |
80 server_name optional; | 83 server_name optional; |
81 | 84 |
85 ssl_certificate_key 1.example.com.key; | |
86 ssl_certificate 1.example.com.crt; | |
87 | |
82 ssl_verify_client optional; | 88 ssl_verify_client optional; |
83 ssl_client_certificate 2.example.com.crt; | 89 ssl_client_certificate 2.example.com.crt; |
84 ssl_trusted_certificate 3.example.com.crt; | 90 ssl_trusted_certificate 3.example.com.crt; |
85 } | 91 } |
86 | 92 |
87 server { | 93 server { |
88 listen 127.0.0.1:8081 ssl; | 94 listen 127.0.0.1:8081 ssl; |
89 server_name optional_no_ca; | 95 server_name optional_no_ca; |
90 | 96 |
97 ssl_certificate_key 1.example.com.key; | |
98 ssl_certificate 1.example.com.crt; | |
99 | |
91 ssl_verify_client optional_no_ca; | 100 ssl_verify_client optional_no_ca; |
92 ssl_client_certificate 2.example.com.crt; | 101 ssl_client_certificate 2.example.com.crt; |
102 } | |
103 | |
104 server { | |
105 listen 127.0.0.1:8081; | |
106 server_name no_context; | |
107 | |
108 ssl_verify_client on; | |
93 } | 109 } |
94 } | 110 } |
95 | 111 |
96 EOF | 112 EOF |
97 | 113 |
121 | 137 |
122 ############################################################################### | 138 ############################################################################### |
123 | 139 |
124 like(http_get('/t'), qr/x:x/, 'plain connection'); | 140 like(http_get('/t'), qr/x:x/, 'plain connection'); |
125 like(get('on'), qr/400 Bad Request/, 'no cert'); | 141 like(get('on'), qr/400 Bad Request/, 'no cert'); |
142 | |
143 TODO: { | |
144 todo_skip 'leaves coredump', unless $t->has_version('1.13.9'); | |
145 | |
146 like(get('no_context'), qr/400 Bad Request/, 'no server cert'); | |
147 | |
148 } | |
149 | |
126 like(get('optional'), qr/NONE:x/, 'no optional cert'); | 150 like(get('optional'), qr/NONE:x/, 'no optional cert'); |
127 like(get('optional', '1.example.com'), qr/400 Bad/, 'bad optional cert'); | 151 like(get('optional', '1.example.com'), qr/400 Bad/, 'bad optional cert'); |
128 like(get('optional_no_ca', '1.example.com'), qr/FAILED.*BEGIN/, | 152 like(get('optional_no_ca', '1.example.com'), qr/FAILED.*BEGIN/, |
129 'bad optional_no_ca cert'); | 153 'bad optional_no_ca cert'); |
130 | 154 |