Mercurial > hg > nginx-tests
comparison h3_server_name.t @ 1882:3619dcc8ba6d
Tests: HTTP/3 tests with server_name captures.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Fri, 13 Jan 2023 17:12:20 +0400 |
parents | |
children | cd66d6f50ec1 |
comparison
equal
deleted
inserted
replaced
1881:33432a6877f7 | 1882:3619dcc8ba6d |
---|---|
1 #!/usr/bin/perl | |
2 | |
3 # (C) Sergey Kandaurov | |
4 # (C) Nginx, Inc. | |
5 | |
6 # Tests for HTTP/3 protocol, SNI TLS extension and regex in server_name. | |
7 | |
8 ############################################################################### | |
9 | |
10 use warnings; | |
11 use strict; | |
12 | |
13 use Test::More; | |
14 | |
15 BEGIN { use FindBin; chdir($FindBin::Bin); } | |
16 | |
17 use lib 'lib'; | |
18 use Test::Nginx; | |
19 use Test::Nginx::HTTP2; | |
20 use Test::Nginx::HTTP3; | |
21 | |
22 ############################################################################### | |
23 | |
24 select STDERR; $| = 1; | |
25 select STDOUT; $| = 1; | |
26 | |
27 eval { require IO::Socket::SSL; die if $IO::Socket::SSL::VERSION < 1.56; }; | |
28 plan(skip_all => 'IO::Socket::SSL version >= 1.56 required') if $@; | |
29 | |
30 eval { IO::Socket::SSL->can_client_sni() or die; }; | |
31 plan(skip_all => 'IO::Socket::SSL with OpenSSL SNI support required') if $@; | |
32 | |
33 eval { IO::Socket::SSL->can_alpn() or die; }; | |
34 plan(skip_all => 'IO::Socket::SSL with OpenSSL ALPN support required') if $@; | |
35 | |
36 eval { require Crypt::Misc; die if $Crypt::Misc::VERSION < 0.067; }; | |
37 plan(skip_all => 'CryptX version >= 0.067 required') if $@; | |
38 | |
39 my $t = Test::Nginx->new()->has(qw/http http_ssl http_v2 http_v3 rewrite/) | |
40 ->has_daemon('openssl')->plan(6); | |
41 | |
42 $t->write_file_expand('nginx.conf', <<'EOF'); | |
43 | |
44 %%TEST_GLOBALS%% | |
45 | |
46 daemon off; | |
47 | |
48 events { | |
49 } | |
50 | |
51 http { | |
52 %%TEST_GLOBALS_HTTP%% | |
53 | |
54 ssl_certificate_key localhost.key; | |
55 ssl_certificate localhost.crt; | |
56 | |
57 server { | |
58 listen 127.0.0.1:8080 ssl http2; | |
59 listen 127.0.0.1:%%PORT_8980_UDP%% quic; | |
60 server_name ~^(?P<name>.+)\.example\.com$; | |
61 | |
62 location / { | |
63 return 200 $name; | |
64 } | |
65 } | |
66 } | |
67 | |
68 EOF | |
69 | |
70 $t->write_file('openssl.conf', <<EOF); | |
71 [ req ] | |
72 default_bits = 2048 | |
73 encrypt_key = no | |
74 distinguished_name = req_distinguished_name | |
75 [ req_distinguished_name ] | |
76 EOF | |
77 | |
78 my $d = $t->testdir(); | |
79 | |
80 foreach my $name ('localhost') { | |
81 system('openssl req -x509 -new ' | |
82 . "-config $d/openssl.conf -subj /CN=$name/ " | |
83 . "-out $d/$name.crt -keyout $d/$name.key " | |
84 . ">>$d/openssl.out 2>&1") == 0 | |
85 or die "Can't create certificate for $name: $!\n"; | |
86 } | |
87 | |
88 $t->run(); | |
89 | |
90 ############################################################################### | |
91 | |
92 # ssl_servername_regex wasn't inherited from QUIC connection, | |
93 # other protocols are provided for convenience | |
94 | |
95 is(get1('test.example.com'), 'test', 'http1 - sni match'); | |
96 is(get1('test.example.com', 'localhost'), 'test', 'http1 - sni not found'); | |
97 | |
98 is(get2('test.example.com'), 'test', 'http2 - sni match'); | |
99 is(get2('test.example.com', 'localhost'), 'test', 'http2 - sni not found'); | |
100 | |
101 is(get3('test.example.com'), 'test', 'http3 - sni match'); | |
102 is(get3('test.example.com', 'localhost'), 'test', 'http3 - sni not found'); | |
103 | |
104 ############################################################################### | |
105 | |
106 sub get1 { | |
107 my ($host, $sni) = @_; | |
108 my $s = get_ssl_socket(sni => $sni || $host, alpn => ['http/1.1']); | |
109 http(<<EOF, socket => $s) =~ /.*?\x0d\x0a?\x0d\x0a?(.*)/ms; | |
110 GET / HTTP/1.1 | |
111 Host: $host | |
112 Connection: close | |
113 | |
114 EOF | |
115 return $1; | |
116 } | |
117 | |
118 sub get2 { | |
119 my ($host, $sni) = @_; | |
120 my $sock = get_ssl_socket(sni => $sni || $host, alpn => ['h2']); | |
121 my $s = Test::Nginx::HTTP2->new(undef, socket => $sock); | |
122 my $sid = $s->new_stream({ host => $host }); | |
123 my $frames = $s->read(all => [{ sid => $sid, fin => 1 }]); | |
124 | |
125 my ($frame) = grep { $_->{type} eq "DATA" } @$frames; | |
126 return $frame->{data}; | |
127 } | |
128 | |
129 sub get3 { | |
130 my ($host, $sni) = @_; | |
131 my $s = Test::Nginx::HTTP3->new(8980, sni => $sni || $host); | |
132 my $sid = $s->new_stream({ host => $host }); | |
133 my $frames = $s->read(all => [{ sid => $sid, fin => 1 }]); | |
134 | |
135 my ($frame) = grep { $_->{type} eq "DATA" } @$frames; | |
136 return $frame->{data}; | |
137 } | |
138 | |
139 sub get_ssl_socket { | |
140 my (%extra) = @_; | |
141 my $s; | |
142 | |
143 eval { | |
144 local $SIG{ALRM} = sub { die "timeout\n" }; | |
145 local $SIG{PIPE} = sub { die "sigpipe\n" }; | |
146 alarm(8); | |
147 $s = IO::Socket::SSL->new( | |
148 Proto => 'tcp', | |
149 PeerAddr => '127.0.0.1', | |
150 PeerPort => port(8080), | |
151 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), | |
152 SSL_hostname => $extra{sni}, | |
153 SSL_alpn_protocols => $extra{alpn}, | |
154 SSL_error_trap => sub { die $_[1] } | |
155 ); | |
156 alarm(0); | |
157 }; | |
158 alarm(0); | |
159 | |
160 if ($@) { | |
161 log_in("died: $@"); | |
162 return undef; | |
163 } | |
164 | |
165 return $s; | |
166 } | |
167 | |
168 ############################################################################### |