Mercurial > hg > nginx-tests
view stream_ssl_alpn.t @ 1858:cdcd75657e52
Tests: added has_feature() tests for IO::Socket::SSL.
The following distinct features supported:
- "socket_ssl", which requires IO::Socket::SSL and also implies
existance of the IO::Socket::SSL::SSL_VERIFY_NONE() symbol.
It is used by most of the tests.
- "socket_ssl_sni", which requires IO::Socket::SSL with the can_client_sni()
function (1.84), and SNI support available in Net::SSLeay and the OpenSSL
library being used. Used by ssl_sni.t, ssl_sni_sessions.t,
stream_ssl_preread.t. Additional Net::SSLeay testing is believed to be
unneeded and was removed.
- "socket_ssl_alpn", which requires IO::Socket::SSL with ALPN support (2.009),
and ALPN support in Net::SSLeay and the OpenSSL library being used.
Used by h2_ssl.t, h2_ssl_verify_client.t, stream_ssl_alpn.t,
stream_ssl_preread_alpn.t.
- "socket_ssl_sslversion", which requires IO::Socket::SSL with
the get_sslversion() and get_sslversion_int() methods (1.964).
Used by mail_imap_ssl.t.
- "socket_ssl_reused", which requires IO::Socket::SSL with
the get_session_reused() method (2.057). To be used in the following
patches.
This makes it possible to simplify and unify various SSL tests.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Thu, 18 May 2023 18:07:02 +0300 |
| parents | 38bd7e75fe69 |
| children | 58951cf933e1 |
line wrap: on
line source
#!/usr/bin/perl # (C) Sergey Kandaurov # (C) Nginx, Inc. # Tests for stream ssl_alpn directive. ############################################################################### use warnings; use strict; use Test::More; BEGIN { use FindBin; chdir($FindBin::Bin); } use lib 'lib'; use Test::Nginx; use Test::Nginx::Stream qw/ stream /; ############################################################################### select STDERR; $| = 1; select STDOUT; $| = 1; my $t = Test::Nginx->new() ->has(qw/stream stream_ssl stream_return socket_ssl_alpn/) ->has_daemon('openssl') ->write_file_expand('nginx.conf', <<'EOF'); %%TEST_GLOBALS%% daemon off; events { } stream { %%TEST_GLOBALS_STREAM%% log_format test $status; access_log %%TESTDIR%%/test.log test; ssl_certificate_key localhost.key; ssl_certificate localhost.crt; server { listen 127.0.0.1:8080 ssl; return "X $ssl_alpn_protocol X"; ssl_alpn first second; } } EOF $t->write_file('openssl.conf', <<EOF); [ req ] default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ] EOF my $d = $t->testdir(); foreach my $name ('localhost') { system('openssl req -x509 -new ' . "-config $d/openssl.conf -subj /CN=$name/ " . "-out $d/$name.crt -keyout $d/$name.key " . ">>$d/openssl.out 2>&1") == 0 or die "Can't create certificate for $name: $!\n"; } $t->try_run('no ssl_alpn')->plan(6); ############################################################################### is(get_ssl('first'), 'X first X', 'alpn match'); is(get_ssl('wrong', 'first'), 'X first X', 'alpn many'); is(get_ssl('wrong', 'second'), 'X second X', 'alpn second'); is(get_ssl(), 'X X', 'no alpn'); SKIP: { $t->{_configure_args} =~ /LibreSSL ([\d\.]+)/; skip 'LibreSSL too old', 2 if defined $1 and $1 lt '3.4.0'; $t->{_configure_args} =~ /OpenSSL ([\d\.]+)/; skip 'OpenSSL too old', 2 if defined $1 and $1 lt '1.1.0'; ok(!get_ssl('wrong'), 'alpn mismatch'); $t->stop(); like($t->read_file('test.log'), qr/500$/, 'alpn mismatch - log'); } ############################################################################### sub get_ssl { my (@alpn) = @_; my $s = stream('127.0.0.1:' . port(8080)); eval { local $SIG{ALRM} = sub { die "timeout\n" }; local $SIG{PIPE} = sub { die "sigpipe\n" }; alarm(8); IO::Socket::SSL->start_SSL($s->{_socket}, SSL_alpn_protocols => [ @alpn ], SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), SSL_error_trap => sub { die $_[1] } ); alarm(0); }; alarm(0); if ($@) { log_in("died: $@"); return undef; } return $s->read(); } ###############################################################################