Mercurial > hg > nginx-tests
comparison ssl_verify_client.t @ 1578:f55d25e08b3e
Tests: added "ssl_verify_client off" tests (ticket #2008).
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Tue, 30 Jun 2020 12:11:00 +0300 |
| parents | f5a3b70c0f2f |
| children | fd440d324700 |
comparison
equal
deleted
inserted
replaced
| 1577:804a7409bc63 | 1578:f55d25e08b3e |
|---|---|
| 38 Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die; | 38 Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die; |
| 39 }; | 39 }; |
| 40 plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@; | 40 plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@; |
| 41 | 41 |
| 42 my $t = Test::Nginx->new()->has(qw/http http_ssl sni/) | 42 my $t = Test::Nginx->new()->has(qw/http http_ssl sni/) |
| 43 ->has_daemon('openssl')->plan(11); | 43 ->has_daemon('openssl')->plan(13); |
| 44 | 44 |
| 45 $t->write_file_expand('nginx.conf', <<'EOF'); | 45 $t->write_file_expand('nginx.conf', <<'EOF'); |
| 46 | 46 |
| 47 %%TEST_GLOBALS%% | 47 %%TEST_GLOBALS%% |
| 48 | 48 |
| 87 | 87 |
| 88 ssl_certificate_key 1.example.com.key; | 88 ssl_certificate_key 1.example.com.key; |
| 89 ssl_certificate 1.example.com.crt; | 89 ssl_certificate 1.example.com.crt; |
| 90 | 90 |
| 91 ssl_verify_client optional; | 91 ssl_verify_client optional; |
| 92 ssl_client_certificate 2.example.com.crt; | |
| 93 ssl_trusted_certificate 3.example.com.crt; | |
| 94 } | |
| 95 | |
| 96 server { | |
| 97 listen 127.0.0.1:8081 ssl; | |
| 98 server_name off; | |
| 99 | |
| 100 ssl_certificate_key 1.example.com.key; | |
| 101 ssl_certificate 1.example.com.crt; | |
| 102 | |
| 103 ssl_verify_client off; | |
| 92 ssl_client_certificate 2.example.com.crt; | 104 ssl_client_certificate 2.example.com.crt; |
| 93 ssl_trusted_certificate 3.example.com.crt; | 105 ssl_trusted_certificate 3.example.com.crt; |
| 94 } | 106 } |
| 95 | 107 |
| 96 server { | 108 server { |
| 145 like(get('no.context'), qr/400 Bad Request/, 'no server cert'); | 157 like(get('no.context'), qr/400 Bad Request/, 'no server cert'); |
| 146 like(get('optional'), qr/NONE:x/, 'no optional cert'); | 158 like(get('optional'), qr/NONE:x/, 'no optional cert'); |
| 147 like(get('optional', '1.example.com'), qr/400 Bad/, 'bad optional cert'); | 159 like(get('optional', '1.example.com'), qr/400 Bad/, 'bad optional cert'); |
| 148 like(get('optional.no.ca', '1.example.com'), qr/FAILED.*BEGIN/, | 160 like(get('optional.no.ca', '1.example.com'), qr/FAILED.*BEGIN/, |
| 149 'bad optional_no_ca cert'); | 161 'bad optional_no_ca cert'); |
| 162 like(get('off', '2.example.com'), qr/NONE/, 'off cert'); | |
| 163 like(get('off', '3.example.com'), qr/NONE/, 'off cert trusted'); | |
| 150 | 164 |
| 151 like(get('localhost', '2.example.com'), qr/SUCCESS.*BEGIN/, 'good cert'); | 165 like(get('localhost', '2.example.com'), qr/SUCCESS.*BEGIN/, 'good cert'); |
| 152 like(get('optional', '2.example.com'), qr/SUCCESS.*BEGI/, 'good cert optional'); | 166 like(get('optional', '2.example.com'), qr/SUCCESS.*BEGI/, 'good cert optional'); |
| 153 like(get('optional', '3.example.com'), qr/SUCCESS.*BEGIN/, 'good cert trusted'); | 167 like(get('optional', '3.example.com'), qr/SUCCESS.*BEGIN/, 'good cert trusted'); |
| 154 | 168 |