Mercurial > hg > nginx-tests
comparison ssl.t @ 370:74cfe56c7b83
Tests: simple https tests.
Includes tests for $ssl_session_reused and $ssl_session_id variables.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Wed, 12 Feb 2014 13:02:50 +0400 |
parents | |
children | de2f7e86866e |
comparison
equal
deleted
inserted
replaced
369:4ac3588485f5 | 370:74cfe56c7b83 |
---|---|
1 #!/usr/bin/perl | |
2 | |
3 # (C) Sergey Kandaurov | |
4 # (C) Nginx, Inc. | |
5 | |
6 # Tests for http ssl module. | |
7 | |
8 ############################################################################### | |
9 | |
10 use warnings; | |
11 use strict; | |
12 | |
13 use Test::More; | |
14 | |
15 BEGIN { use FindBin; chdir($FindBin::Bin); } | |
16 | |
17 use lib 'lib'; | |
18 use Test::Nginx; | |
19 | |
20 ############################################################################### | |
21 | |
22 select STDERR; $| = 1; | |
23 select STDOUT; $| = 1; | |
24 | |
25 eval { | |
26 require IO::Socket::SSL; | |
27 }; | |
28 plan(skip_all => 'IO::Socket::SSL not installed') if $@; | |
29 | |
30 my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite/) | |
31 ->has_daemon('openssl'); | |
32 | |
33 plan(skip_all => 'new syntax: "$ssl_session_reused"') | |
34 unless $t->has_version('1.5.11'); | |
35 | |
36 $t->plan(4)->write_file_expand('nginx.conf', <<'EOF'); | |
37 | |
38 %%TEST_GLOBALS%% | |
39 | |
40 daemon off; | |
41 | |
42 events { | |
43 } | |
44 | |
45 http { | |
46 %%TEST_GLOBALS_HTTP%% | |
47 | |
48 server { | |
49 listen 127.0.0.1:8443 ssl; | |
50 listen 127.0.0.1:8080; | |
51 server_name localhost; | |
52 | |
53 ssl_certificate_key localhost.key; | |
54 ssl_certificate localhost.crt; | |
55 ssl_session_cache shared:SSL:10m; | |
56 | |
57 location /reuse { | |
58 return 200 "body $ssl_session_reused"; | |
59 } | |
60 location /id { | |
61 return 200 "body $ssl_session_id"; | |
62 } | |
63 } | |
64 } | |
65 | |
66 EOF | |
67 | |
68 $t->write_file('openssl.conf', <<EOF); | |
69 [ req ] | |
70 default_bits = 2048 | |
71 encrypt_key = no | |
72 distinguished_name = req_distinguished_name | |
73 [ req_distinguished_name ] | |
74 EOF | |
75 | |
76 my $d = $t->testdir(); | |
77 | |
78 foreach my $name ('localhost') { | |
79 system('openssl req -x509 -new ' | |
80 . "-config '$d/openssl.conf' -subj '/CN=$name/' " | |
81 . "-out '$d/$name.crt' -keyout '$d/$name.key' " | |
82 . ">>$d/openssl.out 2>&1") == 0 | |
83 or die "Can't create certificate for $name: $!\n"; | |
84 } | |
85 | |
86 my $ctx = new IO::Socket::SSL::SSL_Context( | |
87 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), | |
88 SSL_session_cache_size => 100); | |
89 | |
90 $t->run(); | |
91 | |
92 ############################################################################### | |
93 | |
94 like(http_get('/reuse', socket => get_ssl_socket($ctx)), qr/^body \.$/m, | |
95 'initial session'); | |
96 like(http_get('/reuse', socket => get_ssl_socket($ctx)), qr/^body r$/m, | |
97 'session reused'); | |
98 | |
99 my ($sid) = http_get('/id', socket => get_ssl_socket($ctx)) =~ /^body (\w+)$/m; | |
100 is(length $sid, 64, 'session id'); | |
101 | |
102 unlike(http_get('/id'), qr/body \w/, 'session id no ssl'); | |
103 | |
104 ############################################################################### | |
105 | |
106 sub get_ssl_socket { | |
107 my ($ctx) = @_; | |
108 my $s; | |
109 | |
110 eval { | |
111 local $SIG{ALRM} = sub { die "timeout\n" }; | |
112 local $SIG{PIPE} = sub { die "sigpipe\n" }; | |
113 alarm(2); | |
114 $s = IO::Socket::SSL->new( | |
115 Proto => 'tcp', | |
116 PeerAddr => '127.0.0.1:8443', | |
117 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), | |
118 SSL_reuse_ctx => $ctx, | |
119 SSL_error_trap => sub { die $_[1] } | |
120 ); | |
121 alarm(0); | |
122 }; | |
123 alarm(0); | |
124 | |
125 if ($@) { | |
126 log_in("died: $@"); | |
127 return undef; | |
128 } | |
129 | |
130 return $s; | |
131 } | |
132 | |
133 ############################################################################### |