Mercurial > hg > nginx-tests
comparison h2_ssl_proxy_protocol.t @ 1899:a0ee073760c5
Tests: updated HTTP/2 tests with invalid PROXY protocol.
Connection close is now expected prior to sending any HTTP/2 frames
from the upper layer, similar to existing behaviour over HTTPS.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Wed, 31 May 2023 13:29:31 +0400 |
parents | h2_proxy_protocol.t@882267679006 |
children |
comparison
equal
deleted
inserted
replaced
1898:26252394dd58 | 1899:a0ee073760c5 |
---|---|
1 #!/usr/bin/perl | |
2 | |
3 # (C) Sergey Kandaurov | |
4 # (C) Nginx, Inc. | |
5 | |
6 # Tests for HTTP/2 protocol with proxy_protocol. | |
7 | |
8 ############################################################################### | |
9 | |
10 use warnings; | |
11 use strict; | |
12 | |
13 use Test::More; | |
14 | |
15 use Socket qw/ CRLF /; | |
16 | |
17 BEGIN { use FindBin; chdir($FindBin::Bin); } | |
18 | |
19 use lib 'lib'; | |
20 use Test::Nginx; | |
21 use Test::Nginx::HTTP2; | |
22 | |
23 ############################################################################### | |
24 | |
25 select STDERR; $| = 1; | |
26 select STDOUT; $| = 1; | |
27 | |
28 my $t = Test::Nginx->new() | |
29 ->has(qw/http http_ssl http_v2 realip socket_ssl_alpn/) | |
30 ->has_daemon('openssl')->plan(3); | |
31 | |
32 $t->write_file_expand('nginx.conf', <<'EOF'); | |
33 | |
34 %%TEST_GLOBALS%% | |
35 | |
36 daemon off; | |
37 | |
38 events { | |
39 } | |
40 | |
41 http { | |
42 %%TEST_GLOBALS_HTTP%% | |
43 | |
44 server { | |
45 listen 127.0.0.1:8080 proxy_protocol http2 ssl; | |
46 server_name localhost; | |
47 | |
48 ssl_certificate_key localhost.key; | |
49 ssl_certificate localhost.crt; | |
50 | |
51 location /pp { | |
52 set_real_ip_from 127.0.0.1/32; | |
53 real_ip_header proxy_protocol; | |
54 alias %%TESTDIR%%/t.html; | |
55 add_header X-PP $remote_addr; | |
56 } | |
57 } | |
58 } | |
59 | |
60 EOF | |
61 | |
62 $t->write_file('openssl.conf', <<EOF); | |
63 [ req ] | |
64 default_bits = 2048 | |
65 encrypt_key = no | |
66 distinguished_name = req_distinguished_name | |
67 [ req_distinguished_name ] | |
68 EOF | |
69 | |
70 my $d = $t->testdir(); | |
71 | |
72 foreach my $name ('localhost') { | |
73 system('openssl req -x509 -new ' | |
74 . "-config $d/openssl.conf -subj /CN=$name/ " | |
75 . "-out $d/$name.crt -keyout $d/$name.key " | |
76 . ">>$d/openssl.out 2>&1") == 0 | |
77 or die "Can't create certificate for $name: $!\n"; | |
78 } | |
79 | |
80 $t->write_file('t.html', 'SEE-THIS'); | |
81 | |
82 open OLDERR, ">&", \*STDERR; close STDERR; | |
83 $t->run(); | |
84 open STDERR, ">&", \*OLDERR; | |
85 | |
86 ############################################################################### | |
87 | |
88 my $proxy = 'PROXY TCP4 192.0.2.1 192.0.2.2 1234 5678' . CRLF; | |
89 my $sock = http($proxy, start => 1); | |
90 http('', start => 1, socket => $sock, SSL => 1, SSL_alpn_protocols => ['h2']); | |
91 | |
92 SKIP: { | |
93 skip 'no ALPN negotiation', 2 unless $sock->alpn_selected(); | |
94 | |
95 my $s = Test::Nginx::HTTP2->new(undef, socket => $sock); | |
96 my $sid = $s->new_stream({ path => '/pp' }); | |
97 my $frames = $s->read(all => [{ sid => $sid, fin => 1 }]); | |
98 | |
99 my ($frame) = grep { $_->{type} eq "HEADERS" } @$frames; | |
100 ok($frame, 'PROXY HEADERS frame'); | |
101 is($frame->{headers}->{'x-pp'}, '192.0.2.1', 'PROXY remote addr'); | |
102 | |
103 } | |
104 | |
105 $sock->close(); | |
106 | |
107 # invalid PROXY protocol string | |
108 | |
109 $proxy = 'BOGUS TCP4 192.0.2.1 192.0.2.2 1234 5678' . CRLF; | |
110 ok(!http($proxy), 'PROXY invalid protocol'); | |
111 | |
112 ############################################################################### |