Mercurial > hg > nginx-tests
diff lib/Test/Nginx.pm @ 1865:0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Relevant infrastructure is provided in Test::Nginx http() functions.
This also ensures that SSL handshake and various read and write operations
are guarded with timeouts.
The ssl_sni_reneg.t test uses IO::Socket::SSL::_get_ssl_object() to access
the Net::SSLeay object directly and trigger renegotation. While
not exactly correct, this seems to be good enough for tests.
Similarly, IO::Socket::SSL::_get_ssl_object() is used in ssl_stapling.t,
since SSL_ocsp_staple_callback is called with the socket instead of the
Net::SSLeay object.
Similarly, IO::Socket::SSL::_get_ssl_object() is used in ssl_verify_client.t,
since there seems to be no way to obtain CA list with IO::Socket::SSL.
Notable change to http() request interface is that http_end() now closes
the socket. This is to make sure that SSL connections are properly
closed and SSL sessions are not removed from the IO::Socket::SSL session
cache. This affected access_log.t, which was modified accordingly.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 18 May 2023 18:07:17 +0300 |
parents | 58951cf933e1 |
children | 8b74936ff2ac |
line wrap: on
line diff
--- a/lib/Test/Nginx.pm +++ b/lib/Test/Nginx.pm @@ -838,13 +838,15 @@ sub http($;%) { my $s = http_start($request, %extra); return $s if $extra{start} or !defined $s; - return http_end($s); + return http_end($s, %extra); } sub http_start($;%) { my ($request, %extra) = @_; my $s; + my $port = $extra{SSL} ? 8443 : 8080; + eval { local $SIG{ALRM} = sub { die "timeout\n" }; local $SIG{PIPE} = sub { die "sigpipe\n" }; @@ -852,10 +854,25 @@ sub http_start($;%) { $s = $extra{socket} || IO::Socket::INET->new( Proto => 'tcp', - PeerAddr => '127.0.0.1:' . port(8080) + PeerAddr => '127.0.0.1:' . port($port), + %extra ) or die "Can't connect to nginx: $!\n"; + if ($extra{SSL}) { + require IO::Socket::SSL; + IO::Socket::SSL->start_SSL( + $s, + SSL_verify_mode => + IO::Socket::SSL::SSL_VERIFY_NONE(), + %extra + ) + or die $IO::Socket::SSL::SSL_ERROR . "\n"; + + log_in("ssl cipher: " . $s->get_cipher()); + log_in("ssl cert: " . $s->peer_certificate('issuer')); + } + log_out($request); $s->print($request); @@ -890,6 +907,8 @@ sub http_end($;%) { local $/; $reply = $s->getline(); + $s->close(); + alarm(0); }; alarm(0);