Mercurial > hg > nginx-tests
comparison ssl.t @ 1449:eeababfd8726
Tests: moved $ssl_server_name tests in http to ssl_sni.t.
The tests need appropriate checks for ancient IO::Socket::SSL versions.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 05 Mar 2019 13:21:30 +0300 |
parents | e1c64ee44212 |
children | f9718a0773b9 |
comparison
equal
deleted
inserted
replaced
1448:c1b969fc7a23 | 1449:eeababfd8726 |
---|---|
29 plan(skip_all => 'IO::Socket::SSL not installed') if $@; | 29 plan(skip_all => 'IO::Socket::SSL not installed') if $@; |
30 eval { IO::Socket::SSL::SSL_VERIFY_NONE(); }; | 30 eval { IO::Socket::SSL::SSL_VERIFY_NONE(); }; |
31 plan(skip_all => 'IO::Socket::SSL too old') if $@; | 31 plan(skip_all => 'IO::Socket::SSL too old') if $@; |
32 | 32 |
33 my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite proxy/) | 33 my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite proxy/) |
34 ->has_daemon('openssl')->plan(25); | 34 ->has_daemon('openssl')->plan(23); |
35 | 35 |
36 $t->write_file_expand('nginx.conf', <<'EOF'); | 36 $t->write_file_expand('nginx.conf', <<'EOF'); |
37 | 37 |
38 %%TEST_GLOBALS%% | 38 %%TEST_GLOBALS%% |
39 | 39 |
59 ssl_session_cache shared:SSL:1m; | 59 ssl_session_cache shared:SSL:1m; |
60 ssl_verify_client optional_no_ca; | 60 ssl_verify_client optional_no_ca; |
61 | 61 |
62 location /reuse { | 62 location /reuse { |
63 return 200 "body $ssl_session_reused"; | 63 return 200 "body $ssl_session_reused"; |
64 } | |
65 location /sni { | |
66 return 200 "body $ssl_session_reused:$ssl_server_name"; | |
67 } | 64 } |
68 location /id { | 65 location /id { |
69 return 200 "body $ssl_session_id"; | 66 return 200 "body $ssl_session_id"; |
70 } | 67 } |
71 location /cipher { | 68 location /cipher { |
224 like(get('/', 8083), qr/^body \.$/m, 'reused none initial session'); | 221 like(get('/', 8083), qr/^body \.$/m, 'reused none initial session'); |
225 like(get('/', 8083), qr/^body \.$/m, 'session not reused 1'); | 222 like(get('/', 8083), qr/^body \.$/m, 'session not reused 1'); |
226 | 223 |
227 like(get('/', 8084), qr/^body \.$/m, 'reused off initial session'); | 224 like(get('/', 8084), qr/^body \.$/m, 'reused off initial session'); |
228 like(get('/', 8084), qr/^body \.$/m, 'session not reused 2'); | 225 like(get('/', 8084), qr/^body \.$/m, 'session not reused 2'); |
229 | |
230 # ssl_server_name | |
231 | |
232 SKIP: { | |
233 skip 'no sni', 2 unless $t->has_module('sni'); | |
234 | |
235 $ctx = new IO::Socket::SSL::SSL_Context( | |
236 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), | |
237 SSL_session_cache_size => 100); | |
238 | |
239 like(get('/sni', 8085), qr/^body \.:localhost$/m, 'ssl server name'); | |
240 | |
241 TODO: { | |
242 local $TODO = 'not yet' if $t->has_module('OpenSSL (1.1.1|3)') | |
243 && !$t->has_version('1.15.10'); | |
244 | |
245 like(get('/sni', 8085), qr/^body r:localhost$/m, 'ssl server name - reused'); | |
246 | |
247 } | |
248 | |
249 } | |
250 | 226 |
251 # ssl certificate inheritance | 227 # ssl certificate inheritance |
252 | 228 |
253 my $s = get_ssl_socket($ctx, port(8081)); | 229 my $s = get_ssl_socket($ctx, port(8081)); |
254 like($s->dump_peer_certificate(), qr/CN=localhost/, 'CN'); | 230 like($s->dump_peer_certificate(), qr/CN=localhost/, 'CN'); |
329 Proto => 'tcp', | 305 Proto => 'tcp', |
330 PeerAddr => '127.0.0.1', | 306 PeerAddr => '127.0.0.1', |
331 PeerPort => $port, | 307 PeerPort => $port, |
332 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), | 308 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
333 SSL_reuse_ctx => $ctx, | 309 SSL_reuse_ctx => $ctx, |
334 SSL_hostname => 'localhost', | |
335 SSL_error_trap => sub { die $_[1] }, | 310 SSL_error_trap => sub { die $_[1] }, |
336 %extra | 311 %extra |
337 ); | 312 ); |
338 alarm(0); | 313 alarm(0); |
339 }; | 314 }; |