Mercurial > hg > nginx-tests
comparison ssl_conf_command.t @ 1603:8d2d37a4b48e
Tests: ssl_conf_command tests.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Fri, 23 Oct 2020 13:15:41 +0100 |
parents | |
children | f6795e2e6a4b |
comparison
equal
deleted
inserted
replaced
1602:d35db22947ab | 1603:8d2d37a4b48e |
---|---|
1 #!/usr/bin/perl | |
2 | |
3 # (C) Sergey Kandaurov | |
4 # (C) Nginx, Inc. | |
5 | |
6 # Tests for http ssl module, ssl_conf_command. | |
7 | |
8 ############################################################################### | |
9 | |
10 use warnings; | |
11 use strict; | |
12 | |
13 use Test::More; | |
14 | |
15 BEGIN { use FindBin; chdir($FindBin::Bin); } | |
16 | |
17 use lib 'lib'; | |
18 use Test::Nginx; | |
19 | |
20 ############################################################################### | |
21 | |
22 select STDERR; $| = 1; | |
23 select STDOUT; $| = 1; | |
24 | |
25 eval { | |
26 require Net::SSLeay; | |
27 Net::SSLeay::load_error_strings(); | |
28 Net::SSLeay::SSLeay_add_ssl_algorithms(); | |
29 Net::SSLeay::randomize(); | |
30 }; | |
31 plan(skip_all => 'Net::SSLeay not installed') if $@; | |
32 | |
33 my $t = Test::Nginx->new()->has(qw/http http_ssl/) | |
34 ->has_daemon('openssl'); | |
35 | |
36 $t->write_file_expand('nginx.conf', <<'EOF'); | |
37 | |
38 %%TEST_GLOBALS%% | |
39 | |
40 daemon off; | |
41 | |
42 events { | |
43 } | |
44 | |
45 http { | |
46 %%TEST_GLOBALS_HTTP%% | |
47 | |
48 server { | |
49 listen 127.0.0.1:8443 ssl; | |
50 server_name localhost; | |
51 | |
52 ssl_protocols TLSv1.2; | |
53 | |
54 ssl_session_tickets off; | |
55 ssl_conf_command Options SessionTicket; | |
56 | |
57 ssl_prefer_server_ciphers on; | |
58 ssl_conf_command Options -ServerPreference; | |
59 ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256; | |
60 | |
61 ssl_certificate localhost.crt; | |
62 ssl_certificate_key localhost.key; | |
63 ssl_conf_command Certificate override.crt; | |
64 ssl_conf_command PrivateKey override.key; | |
65 } | |
66 } | |
67 | |
68 EOF | |
69 | |
70 $t->write_file('openssl.conf', <<EOF); | |
71 [ req ] | |
72 default_bits = 2048 | |
73 encrypt_key = no | |
74 distinguished_name = req_distinguished_name | |
75 [ req_distinguished_name ] | |
76 EOF | |
77 | |
78 my $d = $t->testdir(); | |
79 | |
80 foreach my $name ('localhost', 'override') { | |
81 system('openssl req -x509 -new ' | |
82 . "-config $d/openssl.conf -subj /CN=$name/ " | |
83 . "-out $d/$name.crt -keyout $d/$name.key " | |
84 . ">>$d/openssl.out 2>&1") == 0 | |
85 or die "Can't create certificate for $name: $!\n"; | |
86 } | |
87 | |
88 $t->try_run('no ssl_conf_command')->plan(3); | |
89 | |
90 ############################################################################### | |
91 | |
92 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!"); | |
93 | |
94 my ($s, $ssl) = get_ssl_socket(); | |
95 like(Net::SSLeay::dump_peer_certificate($ssl), qr/CN=override/, 'Certificate'); | |
96 | |
97 my $ses = Net::SSLeay::get_session($ssl); | |
98 ($s, $ssl) = get_ssl_socket(ses => $ses); | |
99 ok(Net::SSLeay::session_reused($ssl), 'SessionTicket'); | |
100 | |
101 ($s, $ssl) = get_ssl_socket(ciphers => | |
102 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384'); | |
103 is(Net::SSLeay::get_cipher($ssl), | |
104 'ECDHE-RSA-AES128-GCM-SHA256', 'ServerPreference'); | |
105 | |
106 ############################################################################### | |
107 | |
108 sub get_ssl_socket { | |
109 my (%extra) = @_; | |
110 | |
111 my $s = IO::Socket::INET->new('127.0.0.1:' . port(8443)); | |
112 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!"); | |
113 Net::SSLeay::set_session($ssl, $extra{ses}) if $extra{ses}; | |
114 Net::SSLeay::set_cipher_list($ssl, $extra{ciphers}) if $extra{ciphers}; | |
115 Net::SSLeay::set_fd($ssl, fileno($s)); | |
116 Net::SSLeay::connect($ssl) or die("ssl connect"); | |
117 return ($s, $ssl); | |
118 } | |
119 | |
120 ############################################################################### |