Mercurial > hg > nginx-tests
comparison ssl_certificates.t @ 1216:de7d3e249b35
Tests: switch from DSS to ECDSA in ssl_certificates.t.
All known supported platforms are shipped with OpenSSL version that supports
ECDSA certificates so it's safe for a switch. Besides that, as an additional
demand to switch, LibreSSL removed DSS/DSA support in 2.6.0 and nginx breaks
here with such cert which is covered under try_run() which is still there.
While here, now that DSS is no more, remove henceforth unneeded try_run().
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Thu, 07 Sep 2017 15:09:03 +0300 |
| parents | 778eae8230e4 |
| children | 0af58b78df35 |
comparison
equal
deleted
inserted
replaced
| 1215:26884729e06b | 1216:de7d3e249b35 |
|---|---|
| 39 } | 39 } |
| 40 | 40 |
| 41 http { | 41 http { |
| 42 %%TEST_GLOBALS_HTTP%% | 42 %%TEST_GLOBALS_HTTP%% |
| 43 | 43 |
| 44 ssl_dhparam dhparam.pem; | |
| 45 | |
| 46 ssl_certificate_key rsa.key; | 44 ssl_certificate_key rsa.key; |
| 47 ssl_certificate rsa.crt; | 45 ssl_certificate rsa.crt; |
| 48 | 46 |
| 49 server { | 47 server { |
| 50 listen 127.0.0.1:8080 ssl; | 48 listen 127.0.0.1:8080 ssl; |
| 51 server_name localhost; | 49 server_name localhost; |
| 52 | 50 |
| 53 ssl_certificate_key dsa.key; | 51 ssl_certificate_key ec.key; |
| 54 ssl_certificate dsa.crt; | 52 ssl_certificate ec.crt; |
| 55 | 53 |
| 56 ssl_certificate_key rsa.key; | 54 ssl_certificate_key rsa.key; |
| 57 ssl_certificate rsa.crt; | 55 ssl_certificate rsa.crt; |
| 58 | 56 |
| 59 ssl_certificate_key rsa.key; | 57 ssl_certificate_key rsa.key; |
| 71 [ req_distinguished_name ] | 69 [ req_distinguished_name ] |
| 72 EOF | 70 EOF |
| 73 | 71 |
| 74 my $d = $t->testdir(); | 72 my $d = $t->testdir(); |
| 75 | 73 |
| 76 system("openssl dhparam -dsaparam -out '$d/dhparam.pem' 1024 " | 74 system("openssl ecparam -genkey -out '$d/ec.key' -name prime256v1 " |
| 77 . ">>$d/openssl.out 2>&1") == 0 or die "Can't create DH param: $!\n"; | 75 . ">>$d/openssl.out 2>&1") == 0 or die "Can't create EC pem: $!\n"; |
| 78 system("openssl genrsa -out '$d/rsa.key' 1024 >>$d/openssl.out 2>&1") == 0 | 76 system("openssl genrsa -out '$d/rsa.key' 1024 >>$d/openssl.out 2>&1") == 0 |
| 79 or die "Can't create RSA pem: $!\n"; | 77 or die "Can't create RSA pem: $!\n"; |
| 80 system("openssl dsaparam -genkey -out '$d/dsa.key' 1024 >>$d/openssl 2>&1") == 0 | |
| 81 or die "Can't create DSA pem: $!\n"; | |
| 82 | 78 |
| 83 foreach my $name ('dsa', 'rsa') { | 79 foreach my $name ('ec', 'rsa') { |
| 84 system("openssl req -x509 -new -key '$d/$name.key' " | 80 system("openssl req -x509 -new -key '$d/$name.key' " |
| 85 . "-config '$d/openssl.conf' -subj '/CN=$name/' " | 81 . "-config '$d/openssl.conf' -subj '/CN=$name/' " |
| 86 . "-out '$d/$name.crt' -keyout '$d/$name.key' " | 82 . "-out '$d/$name.crt' -keyout '$d/$name.key' " |
| 87 . ">>$d/openssl.out 2>&1") == 0 | 83 . ">>$d/openssl.out 2>&1") == 0 |
| 88 or die "Can't create certificate for $name: $!\n"; | 84 or die "Can't create certificate for $name: $!\n"; |
| 89 } | 85 } |
| 90 | 86 |
| 91 $t->try_run('no multiple certificates')->plan(2); | 87 $t->run()->plan(2); |
| 92 | 88 |
| 93 ############################################################################### | 89 ############################################################################### |
| 94 | 90 |
| 95 like(get_cert('RSA'), qr/CN=rsa/, 'ssl cert RSA'); | 91 like(get_cert('RSA'), qr/CN=rsa/, 'ssl cert RSA'); |
| 96 like(get_cert('DSS'), qr/CN=dsa/, 'ssl cert DSA'); | 92 like(get_cert('ECDSA'), qr/CN=ec/, 'ssl cert ECDSA'); |
| 97 | 93 |
| 98 ############################################################################### | 94 ############################################################################### |
| 99 | 95 |
| 100 sub get_cert { | 96 sub get_cert { |
| 101 my ($ciphers) = @_; | 97 my ($ciphers) = @_; |