# HG changeset patch # User Sergey Kandaurov # Date 1685525371 -14400 # Node ID a0ee073760c579c93b1e680638a082544214905c # Parent 26252394dd588c046aeb8dcc49ba1b5443da1a02 Tests: updated HTTP/2 tests with invalid PROXY protocol. Connection close is now expected prior to sending any HTTP/2 frames from the upper layer, similar to existing behaviour over HTTPS. diff --git a/h2_proxy_protocol.t b/h2_proxy_protocol.t --- a/h2_proxy_protocol.t +++ b/h2_proxy_protocol.t @@ -25,7 +25,7 @@ use Test::Nginx::HTTP2; select STDERR; $| = 1; select STDOUT; $| = 1; -my $t = Test::Nginx->new()->has(qw/http http_v2 realip/)->plan(4) +my $t = Test::Nginx->new()->has(qw/http http_v2 realip/)->plan(3) ->write_file_expand('nginx.conf', <<'EOF'); %%TEST_GLOBALS%% @@ -69,12 +69,12 @@ is($frame->{headers}->{'x-pp'}, '192.0.2 # invalid PROXY protocol string -$proxy = 'BOGUS TCP4 192.0.2.1 192.0.2.2 1234 5678' . CRLF; -$s = Test::Nginx::HTTP2->new(port(8080), preface => $proxy, pure => 1); -$frames = $s->read(all => [{ type => 'GOAWAY' }]); +TODO: { +local $TODO = 'not yet' unless $t->has_version('1.25.1'); -($frame) = grep { $_->{type} eq "GOAWAY" } @$frames; -ok($frame, 'invalid PROXY - GOAWAY frame'); -is($frame->{code}, 1, 'invalid PROXY - error code'); +$proxy = 'BOGUS TCP4 192.0.2.1 192.0.2.2 1234 5678' . CRLF; +ok(!http($proxy), 'PROXY invalid protocol'); + +} ############################################################################### diff --git a/h2_proxy_protocol.t b/h2_ssl_proxy_protocol.t copy from h2_proxy_protocol.t copy to h2_ssl_proxy_protocol.t --- a/h2_proxy_protocol.t +++ b/h2_ssl_proxy_protocol.t @@ -25,8 +25,11 @@ use Test::Nginx::HTTP2; select STDERR; $| = 1; select STDOUT; $| = 1; -my $t = Test::Nginx->new()->has(qw/http http_v2 realip/)->plan(4) - ->write_file_expand('nginx.conf', <<'EOF'); +my $t = Test::Nginx->new() + ->has(qw/http http_ssl http_v2 realip socket_ssl_alpn/) + ->has_daemon('openssl')->plan(3); + +$t->write_file_expand('nginx.conf', <<'EOF'); %%TEST_GLOBALS%% @@ -39,9 +42,12 @@ http { %%TEST_GLOBALS_HTTP%% server { - listen 127.0.0.1:8080 proxy_protocol http2; + listen 127.0.0.1:8080 proxy_protocol http2 ssl; server_name localhost; + ssl_certificate_key localhost.key; + ssl_certificate localhost.crt; + location /pp { set_real_ip_from 127.0.0.1/32; real_ip_header proxy_protocol; @@ -53,13 +59,40 @@ http { EOF +$t->write_file('openssl.conf', <testdir(); + +foreach my $name ('localhost') { + system('openssl req -x509 -new ' + . "-config $d/openssl.conf -subj /CN=$name/ " + . "-out $d/$name.crt -keyout $d/$name.key " + . ">>$d/openssl.out 2>&1") == 0 + or die "Can't create certificate for $name: $!\n"; +} + $t->write_file('t.html', 'SEE-THIS'); + +open OLDERR, ">&", \*STDERR; close STDERR; $t->run(); +open STDERR, ">&", \*OLDERR; ############################################################################### my $proxy = 'PROXY TCP4 192.0.2.1 192.0.2.2 1234 5678' . CRLF; -my $s = Test::Nginx::HTTP2->new(port(8080), proxy => $proxy); +my $sock = http($proxy, start => 1); +http('', start => 1, socket => $sock, SSL => 1, SSL_alpn_protocols => ['h2']); + +SKIP: { +skip 'no ALPN negotiation', 2 unless $sock->alpn_selected(); + +my $s = Test::Nginx::HTTP2->new(undef, socket => $sock); my $sid = $s->new_stream({ path => '/pp' }); my $frames = $s->read(all => [{ sid => $sid, fin => 1 }]); @@ -67,14 +100,13 @@ my ($frame) = grep { $_->{type} eq "HEAD ok($frame, 'PROXY HEADERS frame'); is($frame->{headers}->{'x-pp'}, '192.0.2.1', 'PROXY remote addr'); +} + +$sock->close(); + # invalid PROXY protocol string $proxy = 'BOGUS TCP4 192.0.2.1 192.0.2.2 1234 5678' . CRLF; -$s = Test::Nginx::HTTP2->new(port(8080), preface => $proxy, pure => 1); -$frames = $s->read(all => [{ type => 'GOAWAY' }]); - -($frame) = grep { $_->{type} eq "GOAWAY" } @$frames; -ok($frame, 'invalid PROXY - GOAWAY frame'); -is($frame->{code}, 1, 'invalid PROXY - error code'); +ok(!http($proxy), 'PROXY invalid protocol'); ###############################################################################