Mercurial > hg > nginx-tests
comparison ssl.t @ 1866:a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
The http SSL tests which previously used IO::Socket::SSL were converted
to use improved IO::Socket::SSL infrastructure in Test::Nginx.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Thu, 18 May 2023 18:07:19 +0300 |
| parents | cdcd75657e52 |
| children | 0b5ec15c62ed |
comparison
equal
deleted
inserted
replaced
| 1865:0e1865aa9b33 | 1866:a797d7428fa5 |
|---|---|
| 12 use strict; | 12 use strict; |
| 13 | 13 |
| 14 use Test::More; | 14 use Test::More; |
| 15 | 15 |
| 16 use Socket qw/ CRLF /; | 16 use Socket qw/ CRLF /; |
| 17 use IO::Select; | |
| 17 | 18 |
| 18 BEGIN { use FindBin; chdir($FindBin::Bin); } | 19 BEGIN { use FindBin; chdir($FindBin::Bin); } |
| 19 | 20 |
| 20 use lib 'lib'; | 21 use lib 'lib'; |
| 21 use Test::Nginx; | 22 use Test::Nginx; |
| 276 sub test_tls13 { | 277 sub test_tls13 { |
| 277 return get('/protocol', 8085) =~ /TLSv1.3/; | 278 return get('/protocol', 8085) =~ /TLSv1.3/; |
| 278 } | 279 } |
| 279 | 280 |
| 280 sub get { | 281 sub get { |
| 281 my ($uri, $port, $ctx) = @_; | 282 my ($uri, $port, $ctx, %extra) = @_; |
| 282 my $s = get_ssl_socket($port, $ctx) or return; | 283 my $s = get_ssl_socket($port, $ctx, %extra) or return; |
| 283 my $r = http_get($uri, socket => $s); | 284 return http_get($uri, socket => $s); |
| 284 $s->close(); | |
| 285 return $r; | |
| 286 } | 285 } |
| 287 | 286 |
| 288 sub get_body { | 287 sub get_body { |
| 289 my ($uri, $body, $len, $n) = @_; | 288 my ($uri, $body, $len, $n) = @_; |
| 290 my $s = get_ssl_socket(8085) or return; | 289 my $s = get_ssl_socket(8085) or return; |
| 295 socket => $s, start => 1); | 294 socket => $s, start => 1); |
| 296 my $chs = unpack("H*", pack("C", length($body) * $len)); | 295 my $chs = unpack("H*", pack("C", length($body) * $len)); |
| 297 http($chs . CRLF . $body x $len . CRLF, socket => $s, start => 1) | 296 http($chs . CRLF . $body x $len . CRLF, socket => $s, start => 1) |
| 298 for 1 .. $n; | 297 for 1 .. $n; |
| 299 my $r = http("0" . CRLF . CRLF, socket => $s); | 298 my $r = http("0" . CRLF . CRLF, socket => $s); |
| 300 $s->close(); | |
| 301 return $r; | 299 return $r; |
| 302 } | 300 } |
| 303 | 301 |
| 304 sub cert { | 302 sub cert { |
| 305 my ($uri, $port) = @_; | 303 my ($uri, $port) = @_; |
| 306 my $s = get_ssl_socket($port, undef, | 304 return get( |
| 305 $uri, $port, undef, | |
| 307 SSL_cert_file => "$d/subject.crt", | 306 SSL_cert_file => "$d/subject.crt", |
| 308 SSL_key_file => "$d/subject.key") or return; | 307 SSL_key_file => "$d/subject.key" |
| 309 http_get($uri, socket => $s); | 308 ); |
| 310 } | 309 } |
| 311 | 310 |
| 312 sub get_ssl_context { | 311 sub get_ssl_context { |
| 313 return IO::Socket::SSL::SSL_Context->new( | 312 return IO::Socket::SSL::SSL_Context->new( |
| 314 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), | 313 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
| 316 ); | 315 ); |
| 317 } | 316 } |
| 318 | 317 |
| 319 sub get_ssl_socket { | 318 sub get_ssl_socket { |
| 320 my ($port, $ctx, %extra) = @_; | 319 my ($port, $ctx, %extra) = @_; |
| 321 my $s; | 320 return http( |
| 322 | 321 '', PeerAddr => '127.0.0.1:' . port($port), start => 1, |
| 323 eval { | 322 SSL => 1, |
| 324 local $SIG{ALRM} = sub { die "timeout\n" }; | 323 SSL_reuse_ctx => $ctx, |
| 325 local $SIG{PIPE} = sub { die "sigpipe\n" }; | 324 %extra |
| 326 alarm(8); | 325 ); |
| 327 $s = IO::Socket::SSL->new( | |
| 328 Proto => 'tcp', | |
| 329 PeerAddr => '127.0.0.1', | |
| 330 PeerPort => port($port), | |
| 331 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), | |
| 332 SSL_reuse_ctx => $ctx, | |
| 333 SSL_error_trap => sub { die $_[1] }, | |
| 334 %extra | |
| 335 ); | |
| 336 alarm(0); | |
| 337 }; | |
| 338 alarm(0); | |
| 339 | |
| 340 if ($@) { | |
| 341 log_in("died: $@"); | |
| 342 return undef; | |
| 343 } | |
| 344 | |
| 345 return $s; | |
| 346 } | 326 } |
| 347 | 327 |
| 348 sub get_ssl_shutdown { | 328 sub get_ssl_shutdown { |
| 349 my ($port) = @_; | 329 my ($port) = @_; |
| 350 | 330 |
| 351 my $s = IO::Socket::INET->new('127.0.0.1:' . port($port)); | 331 my $s = http( |
| 352 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!"); | 332 'GET /' . CRLF . 'extra', |
| 353 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!"); | 333 PeerAddr => '127.0.0.1:' . port($port), start => 1, |
| 354 Net::SSLeay::set_fd($ssl, fileno($s)); | 334 SSL => 1 |
| 355 Net::SSLeay::connect($ssl) or die("ssl connect"); | 335 ); |
| 356 Net::SSLeay::write($ssl, 'GET /' . CRLF . 'extra'); | 336 |
| 357 Net::SSLeay::read($ssl); | 337 $s->blocking(0); |
| 358 Net::SSLeay::set_shutdown($ssl, 1); | 338 while (IO::Select->new($s)->can_read(8)) { |
| 359 Net::SSLeay::shutdown($ssl); | 339 my $n = $s->sysread(my $buf, 16384); |
| 360 } | 340 next if !defined $n && $!{EWOULDBLOCK}; |
| 361 | 341 last; |
| 362 ############################################################################### | 342 } |
| 343 $s->blocking(1); | |
| 344 | |
| 345 return $s->stop_SSL(); | |
| 346 } | |
| 347 | |
| 348 ############################################################################### |