Mercurial > hg > nginx-tests
annotate ssl_curve.t @ 1951:1867428f1673
Tests: fixed h3_limit_req.t spurious failures.
In the "reset stream - cancellation" test, HTTP/3 stream is closed without
sending the request body when the request is waiting in the limit_req
module, and this results in error 444. However, when the request is received
with some minor delay due to system load, it is not delayed by limit_req,
and the stream is closed during reading the request body, which results
in error 400 instead, breaking the test.
Fix is to introduce yet another request before the "reset stream" test,
so the stream in question is always delayed by limit_req.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 14 Mar 2024 02:25:49 +0300 |
parents | 2a0a6035a1af |
children |
rev | line source |
---|---|
1749 | 1 #!/usr/bin/perl |
2 | |
3 # (C) Sergey Kandaurov | |
4 # (C) Nginx, Inc. | |
5 | |
6 # Tests for http ssl module, $ssl_curve variable. | |
7 | |
8 ############################################################################### | |
9 | |
10 use warnings; | |
11 use strict; | |
12 | |
13 use Test::More; | |
14 | |
15 BEGIN { use FindBin; chdir($FindBin::Bin); } | |
16 | |
17 use lib 'lib'; | |
18 use Test::Nginx; | |
19 | |
20 ############################################################################### | |
21 | |
22 select STDERR; $| = 1; | |
23 select STDOUT; $| = 1; | |
24 | |
1860
58951cf933e1
Tests: added has_feature() test for SSL libraries.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
25 my $t = Test::Nginx->new() |
1935
6bafe9419126
Tests: allowed ssl_curve.t to run on BoringSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1866
diff
changeset
|
26 ->has(qw/http http_ssl rewrite socket_ssl/) |
1749 | 27 ->has_daemon('openssl'); |
28 | |
29 $t->write_file_expand('nginx.conf', <<'EOF'); | |
30 | |
31 %%TEST_GLOBALS%% | |
32 | |
33 daemon off; | |
34 | |
35 events { | |
36 } | |
37 | |
38 http { | |
39 %%TEST_GLOBALS_HTTP%% | |
40 | |
41 ssl_certificate_key localhost.key; | |
42 ssl_certificate localhost.crt; | |
43 | |
44 ssl_ecdh_curve prime256v1; | |
45 | |
46 server { | |
47 listen 127.0.0.1:8443 ssl; | |
48 server_name localhost; | |
49 | |
50 return 200 "$ssl_curve $ssl_curves"; | |
51 } | |
52 } | |
53 | |
54 EOF | |
55 | |
56 $t->write_file('openssl.conf', <<EOF); | |
57 [ req ] | |
58 default_bits = 2048 | |
59 encrypt_key = no | |
60 distinguished_name = req_distinguished_name | |
61 [ req_distinguished_name ] | |
62 EOF | |
63 | |
64 my $d = $t->testdir(); | |
65 | |
66 foreach my $name ('localhost') { | |
67 system('openssl req -x509 -new ' | |
68 . "-config $d/openssl.conf -subj /CN=$name/ " | |
69 . "-out $d/$name.crt -keyout $d/$name.key " | |
70 . ">>$d/openssl.out 2>&1") == 0 | |
71 or die "Can't create certificate for $name: $!\n"; | |
72 } | |
73 | |
1937
2a0a6035a1af
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1935
diff
changeset
|
74 $t->run()->plan(1); |
1749 | 75 |
76 ############################################################################### | |
77 | |
1935
6bafe9419126
Tests: allowed ssl_curve.t to run on BoringSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1866
diff
changeset
|
78 local $TODO = 'OpenSSL too old' |
6bafe9419126
Tests: allowed ssl_curve.t to run on BoringSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1866
diff
changeset
|
79 unless $t->has_feature('openssl:3.0.0') |
6bafe9419126
Tests: allowed ssl_curve.t to run on BoringSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1866
diff
changeset
|
80 or $t->has_module('BoringSSL'); |
6bafe9419126
Tests: allowed ssl_curve.t to run on BoringSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1866
diff
changeset
|
81 |
1866
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
82 like(http_get('/curve', SSL => 1), qr/^prime256v1 /m, 'ssl curve'); |
1749 | 83 |
84 ############################################################################### |