Mercurial > hg > nginx-tests
comparison stream_ssl_variables.t @ 967:eb111c5f7556
Tests: stream ssl tests with variables.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 05 Jul 2016 20:33:54 +0300 |
parents | |
children | 882267679006 |
comparison
equal
deleted
inserted
replaced
966:3ac72d59430b | 967:eb111c5f7556 |
---|---|
1 #!/usr/bin/perl | |
2 | |
3 # (C) Sergey Kandaurov | |
4 # (C) Nginx, Inc. | |
5 | |
6 # Tests for stream ssl module with variables. | |
7 | |
8 ############################################################################### | |
9 | |
10 use warnings; | |
11 use strict; | |
12 | |
13 use Test::More; | |
14 | |
15 use Socket; | |
16 | |
17 BEGIN { use FindBin; chdir($FindBin::Bin); } | |
18 | |
19 use lib 'lib'; | |
20 use Test::Nginx; | |
21 use Test::Nginx::Stream qw/ stream /; | |
22 | |
23 ############################################################################### | |
24 | |
25 select STDERR; $| = 1; | |
26 select STDOUT; $| = 1; | |
27 | |
28 eval { | |
29 require Net::SSLeay; | |
30 Net::SSLeay::load_error_strings(); | |
31 Net::SSLeay::SSLeay_add_ssl_algorithms(); | |
32 Net::SSLeay::randomize(); | |
33 }; | |
34 plan(skip_all => 'Net::SSLeay not installed') if $@; | |
35 | |
36 eval { | |
37 my $ctx = Net::SSLeay::CTX_new() or die; | |
38 my $ssl = Net::SSLeay::new($ctx) or die; | |
39 Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die; | |
40 }; | |
41 plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@; | |
42 | |
43 my $t = Test::Nginx->new()->has(qw/stream stream_ssl stream_return/) | |
44 ->has_daemon('openssl'); | |
45 | |
46 $t->write_file_expand('nginx.conf', <<'EOF'); | |
47 | |
48 %%TEST_GLOBALS%% | |
49 | |
50 daemon off; | |
51 | |
52 events { | |
53 } | |
54 | |
55 stream { | |
56 ssl_certificate_key localhost.key; | |
57 ssl_certificate localhost.crt; | |
58 | |
59 server { | |
60 listen 127.0.0.1:%%PORT_0%%; | |
61 listen 127.0.0.1:%%PORT_1%% ssl; | |
62 return $ssl_session_reused:$ssl_session_id:$ssl_cipher:$ssl_protocol; | |
63 | |
64 ssl_session_cache builtin; | |
65 } | |
66 | |
67 server { | |
68 listen 127.0.0.1:%%PORT_2%% ssl; | |
69 return $ssl_server_name; | |
70 } | |
71 } | |
72 | |
73 EOF | |
74 | |
75 $t->write_file('openssl.conf', <<EOF); | |
76 [ req ] | |
77 default_bits = 2048 | |
78 encrypt_key = no | |
79 distinguished_name = req_distinguished_name | |
80 [ req_distinguished_name ] | |
81 EOF | |
82 | |
83 my $d = $t->testdir(); | |
84 | |
85 foreach my $name ('localhost') { | |
86 system('openssl req -x509 -new ' | |
87 . "-config '$d/openssl.conf' -subj '/CN=$name/' " | |
88 . "-out '$d/$name.crt' -keyout '$d/$name.key' " | |
89 . ">>$d/openssl.out 2>&1") == 0 | |
90 or die "Can't create certificate for $name: $!\n"; | |
91 } | |
92 | |
93 $t->try_run('no stream return')->plan(5); | |
94 | |
95 ############################################################################### | |
96 | |
97 my ($s, $ssl); | |
98 | |
99 is(stream()->read(), ':::', 'no ssl'); | |
100 | |
101 ($s, $ssl) = get_ssl_socket(port(1)); | |
102 like(Net::SSLeay::read($ssl), qr/^\.:(\w{64})?:[\w-]+:(TLS|SSL)v(\d|\.)+$/, | |
103 'ssl variables'); | |
104 | |
105 my $ses = Net::SSLeay::get_session($ssl); | |
106 ($s, $ssl) = get_ssl_socket(port(1), $ses); | |
107 like(Net::SSLeay::read($ssl), qr/^r:\w{64}:[\w-]+:(TLS|SSL)v(\d|\.)+$/, | |
108 'ssl variables - session reused'); | |
109 | |
110 ($s, $ssl) = get_ssl_socket(port(2), undef, 'example.com'); | |
111 is(Net::SSLeay::ssl_read_all($ssl), 'example.com', 'ssl server name'); | |
112 | |
113 ($s, $ssl) = get_ssl_socket(port(2)); | |
114 is(Net::SSLeay::ssl_read_all($ssl), '', 'ssl server name empty'); | |
115 | |
116 ############################################################################### | |
117 | |
118 sub get_ssl_socket { | |
119 my ($port, $ses, $name) = @_; | |
120 my $s; | |
121 | |
122 my $dest_ip = inet_aton('127.0.0.1'); | |
123 my $dest_serv_params = sockaddr_in($port, $dest_ip); | |
124 | |
125 socket($s, &AF_INET, &SOCK_STREAM, 0) or die "socket: $!"; | |
126 connect($s, $dest_serv_params) or die "connect: $!"; | |
127 | |
128 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!"); | |
129 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!"); | |
130 Net::SSLeay::set_tlsext_host_name($ssl, $name) if defined $name; | |
131 Net::SSLeay::set_session($ssl, $ses) if defined $ses; | |
132 Net::SSLeay::set_fd($ssl, fileno($s)); | |
133 Net::SSLeay::connect($ssl) or die("ssl connect"); | |
134 return ($s, $ssl); | |
135 } | |
136 | |
137 ############################################################################### |