Mercurial > hg > nginx-tests

comparison proxy_ssl_certificate_empty.t @ 1799:29f4d48b5b31

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: proxy_ssl_certificate inheritance test with empty value.
author Sergey Kandaurov <pluknet@nginx.com>
date Thu, 13 Oct 2022 20:29:39 +0400
parents
children 2a0a6035a1af
comparison
equal deleted inserted replaced
1798:7102245abedf 1799:29f4d48b5b31
1 #!/usr/bin/perl
2
3 # (C) Sergey Kandaurov
4 # (C) Nginx, Inc.
5
6 # Tests for http proxy module with proxy certificate to ssl backend.
7 # The proxy_ssl_certificate directive empty value cancels inheritance.
8
9 ###############################################################################
10
11 use warnings;
12 use strict;
13
14 use Test::More;
15
16 BEGIN { use FindBin; chdir($FindBin::Bin); }
17
18 use lib 'lib';
19 use Test::Nginx;
20
21 ###############################################################################
22
23 select STDERR; $| = 1;
24 select STDOUT; $| = 1;
25
26 my $t = Test::Nginx->new()->has(qw/http http_ssl proxy/)
27 ->has_daemon('openssl');
28
29 $t->write_file_expand('nginx.conf', <<'EOF');
30
31 %%TEST_GLOBALS%%
32
33 daemon off;
34
35 events {
36 }
37
38 http {
39 %%TEST_GLOBALS_HTTP%%
40
41 server {
42 listen 127.0.0.1:8080;
43 server_name localhost;
44
45 proxy_ssl_session_reuse off;
46
47 proxy_ssl_certificate 1.example.com.crt;
48 proxy_ssl_certificate_key 1.example.com.key;
49
50 location /verify {
51 proxy_pass https://127.0.0.1:8081/;
52 }
53
54 location /cancel {
55 proxy_pass https://127.0.0.1:8081/;
56 proxy_ssl_certificate "";
57 proxy_ssl_certificate_key "";
58 }
59 }
60
61 server {
62 listen 127.0.0.1:8081 ssl;
63 server_name localhost;
64
65 ssl_certificate 2.example.com.crt;
66 ssl_certificate_key 2.example.com.key;
67
68 ssl_verify_client optional;
69 ssl_client_certificate 1.example.com.crt;
70
71 location / {
72 add_header X-Verify $ssl_client_verify;
73 }
74 }
75 }
76
77 EOF
78
79 $t->write_file('openssl.conf', <<EOF);
80 [ req ]
81 default_bits = 2048
82 encrypt_key = no
83 distinguished_name = req_distinguished_name
84 [ req_distinguished_name ]
85 EOF
86
87 my $d = $t->testdir();
88
89 foreach my $name ('1.example.com', '2.example.com') {
90 system('openssl req -x509 -new '
91 . "-config $d/openssl.conf -subj /CN=$name/ "
92 . "-out $d/$name.crt -keyout $d/$name.key "
93 . ">>$d/openssl.out 2>&1") == 0
94 or die "Can't create certificate for $name: $!\n";
95 }
96
97 sleep 1 if $^O eq 'MSWin32';
98
99 $t->write_file('index.html', '');
100
101 $t->try_run('no empty value support')->plan(2);
102
103 ###############################################################################
104
105 like(http_get('/verify'), qr/X-Verify: SUCCESS/ms, 'verify certificate');
106 like(http_get('/cancel'), qr/X-Verify: NONE/ms, 'cancel certificate');
107
108 ###############################################################################