Mercurial > hg > nginx-tests

comparison stream_ssl.t @ 1833:fd9d077fee02

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: separate SSL session reuse tests in stream. Instead of being mixed with generic SSL tests, session reuse variants are now tested in a separate file.
author Maxim Dounin <mdounin@mdounin.ru>
date Thu, 23 Mar 2023 19:49:55 +0300
parents 1f125771f1a1
children dbb7561a9441
comparison
equal deleted inserted replaced
1832:2e541778e5d8 1833:fd9d077fee02
35 35
36 plan(skip_all => 'win32') if $^O eq 'MSWin32'; 36 plan(skip_all => 'win32') if $^O eq 'MSWin32';
37 37
38 my $t = Test::Nginx->new()->has(qw/stream stream_ssl/)->has_daemon('openssl'); 38 my $t = Test::Nginx->new()->has(qw/stream stream_ssl/)->has_daemon('openssl');
39 39
40 $t->plan(7)->write_file_expand('nginx.conf', <<'EOF'); 40 $t->plan(5)->write_file_expand('nginx.conf', <<'EOF');
41 41
42 %%TEST_GLOBALS%% 42 %%TEST_GLOBALS%%
43 43
44 daemon off; 44 daemon off;
45 45
49 stream { 49 stream {
50 %%TEST_GLOBALS_STREAM%% 50 %%TEST_GLOBALS_STREAM%%
51 51
52 ssl_certificate_key localhost.key; 52 ssl_certificate_key localhost.key;
53 ssl_certificate localhost.crt; 53 ssl_certificate localhost.crt;
54 ssl_session_tickets off;
55 54
56 # inherited by server "inherits" 55 # inherited by server "inherits"
57 ssl_password_file password_stream; 56 ssl_password_file password_stream;
58 57
59 server { 58 server {
60 listen 127.0.0.1:8080 ssl; 59 listen 127.0.0.1:8443 ssl;
61 proxy_pass 127.0.0.1:8081; 60 proxy_pass 127.0.0.1:8081;
62 61
63 ssl_session_cache builtin;
64 ssl_password_file password; 62 ssl_password_file password;
65 } 63 }
66 64
67 server { 65 server {
68 listen 127.0.0.1:8082 ssl; 66 listen 127.0.0.1:8444 ssl;
69 proxy_pass 127.0.0.1:8081; 67 proxy_pass 127.0.0.1:8081;
70 68
71 ssl_session_cache off;
72 ssl_password_file password_many; 69 ssl_password_file password_many;
73 } 70 }
74 71
75 server { 72 server {
76 listen 127.0.0.1:8083 ssl; 73 listen 127.0.0.1:8445 ssl;
77 proxy_pass 127.0.0.1:8081; 74 proxy_pass 127.0.0.1:8081;
78 75
79 ssl_session_cache builtin:1000;
80 ssl_password_file password_fifo; 76 ssl_password_file password_fifo;
81 } 77 }
82 78
83 server { 79 server {
84 listen 127.0.0.1:8084 ssl; 80 listen 127.0.0.1:8446 ssl;
85 proxy_pass 127.0.0.1:8081; 81 proxy_pass 127.0.0.1:8081;
86 82
87 ssl_session_cache shared:SSL:1m;
88 ssl_certificate_key inherits.key; 83 ssl_certificate_key inherits.key;
89 ssl_certificate inherits.crt; 84 ssl_certificate inherits.crt;
90 } 85 }
91 } 86 }
92 87
113 . "-key $d/$name.key -passin pass:$name" 108 . "-key $d/$name.key -passin pass:$name"
114 . ">>$d/openssl.out 2>&1") == 0 109 . ">>$d/openssl.out 2>&1") == 0
115 or die "Can't create certificate for $name: $!\n"; 110 or die "Can't create certificate for $name: $!\n";
116 } 111 }
117 112
118
119 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!"); 113 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!");
120 114
121 $t->write_file('password', 'localhost'); 115 $t->write_file('password', 'localhost');
122 $t->write_file('password_many', "wrong$CRLF" . "localhost$CRLF"); 116 $t->write_file('password_many', "wrong$CRLF" . "localhost$CRLF");
123 $t->write_file('password_stream', 'inherits'); 117 $t->write_file('password_stream', 'inherits');
136 130
137 $t->waitforsocket('127.0.0.1:' . port(8081)); 131 $t->waitforsocket('127.0.0.1:' . port(8081));
138 132
139 ############################################################################### 133 ###############################################################################
140 134
141 my ($s, $ssl, $ses); 135 my ($s, $ssl);
142 136
143 ($s, $ssl) = get_ssl_socket(port(8080)); 137 ($s, $ssl) = get_ssl_socket(8443);
144 Net::SSLeay::write($ssl, "GET / HTTP/1.0$CRLF$CRLF"); 138 Net::SSLeay::write($ssl, "GET / HTTP/1.0$CRLF$CRLF");
145 like(Net::SSLeay::read($ssl), qr/200 OK/, 'ssl'); 139 like(Net::SSLeay::read($ssl), qr/200 OK/, 'ssl');
146 140
147 # ssl_session_cache 141 ($s, $ssl) = get_ssl_socket(8444);
142 Net::SSLeay::write($ssl, "GET / HTTP/1.0$CRLF$CRLF");
143 like(Net::SSLeay::read($ssl), qr/200 OK/, 'ssl password many');
148 144
149 ($s, $ssl) = get_ssl_socket(port(8080)); 145 ($s, $ssl) = get_ssl_socket(8445);
150 Net::SSLeay::write($ssl, "GET / HTTP/1.0$CRLF$CRLF"); 146 Net::SSLeay::write($ssl, "GET / HTTP/1.0$CRLF$CRLF");
151 Net::SSLeay::read($ssl); 147 like(Net::SSLeay::read($ssl), qr/200 OK/, 'ssl password fifo');
152 $ses = Net::SSLeay::get_session($ssl);
153
154 ($s, $ssl) = get_ssl_socket(port(8080), $ses);
155 is(Net::SSLeay::session_reused($ssl), 1, 'builtin session reused');
156
157 ($s, $ssl) = get_ssl_socket(port(8082));
158 Net::SSLeay::write($ssl, "GET / HTTP/1.0$CRLF$CRLF");
159 Net::SSLeay::read($ssl);
160 $ses = Net::SSLeay::get_session($ssl);
161
162 ($s, $ssl) = get_ssl_socket(port(8082), $ses);
163 isnt(Net::SSLeay::session_reused($ssl), 1, 'session not reused');
164
165 ($s, $ssl) = get_ssl_socket(port(8083));
166 Net::SSLeay::write($ssl, "GET / HTTP/1.0$CRLF$CRLF");
167 Net::SSLeay::read($ssl);
168 $ses = Net::SSLeay::get_session($ssl);
169
170 ($s, $ssl) = get_ssl_socket(port(8083), $ses);
171 is(Net::SSLeay::session_reused($ssl), 1, 'builtin size session reused');
172
173 ($s, $ssl) = get_ssl_socket(port(8084));
174 Net::SSLeay::write($ssl, "GET / HTTP/1.0$CRLF$CRLF");
175 Net::SSLeay::read($ssl);
176 $ses = Net::SSLeay::get_session($ssl);
177
178 ($s, $ssl) = get_ssl_socket(port(8084), $ses);
179 is(Net::SSLeay::session_reused($ssl), 1, 'shared session reused');
180 148
181 # ssl_certificate inheritance 149 # ssl_certificate inheritance
182 150
183 ($s, $ssl) = get_ssl_socket(port(8080)); 151 ($s, $ssl) = get_ssl_socket(8443);
184 like(Net::SSLeay::dump_peer_certificate($ssl), qr/CN=localhost/, 'CN'); 152 like(Net::SSLeay::dump_peer_certificate($ssl), qr/CN=localhost/, 'CN');
185 153
186 ($s, $ssl) = get_ssl_socket(port(8084)); 154 ($s, $ssl) = get_ssl_socket(8446);
187 like(Net::SSLeay::dump_peer_certificate($ssl), qr/CN=inherits/, 'CN inner'); 155 like(Net::SSLeay::dump_peer_certificate($ssl), qr/CN=inherits/, 'CN inner');
188 156
189 ############################################################################### 157 ###############################################################################
190 158
191 sub get_ssl_socket { 159 sub get_ssl_socket {
192 my ($port, $ses) = @_; 160 my ($port) = @_;
193 161
194 my $s = IO::Socket::INET->new('127.0.0.1:' . $port); 162 my $s = IO::Socket::INET->new('127.0.0.1:' . port($port));
195 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!"); 163 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!");
196 Net::SSLeay::set_session($ssl, $ses) if defined $ses;
197 Net::SSLeay::set_fd($ssl, fileno($s)); 164 Net::SSLeay::set_fd($ssl, fileno($s));
198 Net::SSLeay::connect($ssl) or die("ssl connect"); 165 Net::SSLeay::connect($ssl) or die("ssl connect");
199 return ($s, $ssl); 166 return ($s, $ssl);
200 } 167 }
201 168