Mercurial > hg > nginx-tests
annotate stream_upstream_zone_ssl.t @ 1594:2083b4f183e7
Tests: proxy_cookie_flags tests.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Sat, 26 Sep 2020 18:09:28 +0100 |
parents | dbce8fb5f5f8 |
children | f3ba4c74de31 |
rev | line source |
---|---|
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Stream tests for upstream zone with ssl backend. |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
1195
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
19 use Test::Nginx::Stream qw/ stream /; |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 ############################################################################### |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDERR; $| = 1; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 select STDOUT; $| = 1; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 |
1195
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
26 my $t = Test::Nginx->new()->has(qw/stream stream_ssl stream_return/) |
1197
155573499f20
Tests: more ssl session tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1195
diff
changeset
|
27 ->has(qw/stream_upstream_zone/)->has_daemon('openssl')->plan(9); |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 $t->write_file_expand('nginx.conf', <<'EOF'); |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 %%TEST_GLOBALS%% |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 daemon off; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 events { |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 stream { |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 proxy_ssl on; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 proxy_ssl_session_reuse on; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 upstream u { |
982
325db3d62466
Tests: increase upstream shared memory zone sizes for large pages.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
43 zone u 1m; |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
44 server 127.0.0.1:8084; |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 upstream u2 { |
982
325db3d62466
Tests: increase upstream shared memory zone sizes for large pages.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
48 zone u2 1m; |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
49 server 127.0.0.1:8084 backup; |
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
50 server 127.0.0.1:8085 down; |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
54 listen 127.0.0.1:8080; |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 proxy_pass u; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 proxy_ssl_session_reuse off; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
60 listen 127.0.0.1:8081; |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 proxy_pass u; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
65 listen 127.0.0.1:8082; |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 proxy_pass u2; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 proxy_ssl_session_reuse off; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
71 listen 127.0.0.1:8083; |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 proxy_pass u2; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 server { |
1195
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
76 listen 127.0.0.1:8084 ssl; |
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
77 return $ssl_session_reused; |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 ssl_certificate_key localhost.key; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 ssl_certificate localhost.crt; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 ssl_session_cache builtin; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 EOF |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 $t->write_file('openssl.conf', <<EOF); |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 [ req ] |
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1381
diff
changeset
|
89 default_bits = 2048 |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 encrypt_key = no |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 distinguished_name = req_distinguished_name |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 [ req_distinguished_name ] |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 EOF |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 my $d = $t->testdir(); |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 foreach my $name ('localhost') { |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 system('openssl req -x509 -new ' |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1197
diff
changeset
|
99 . "-config $d/openssl.conf -subj /CN=$name/ " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1197
diff
changeset
|
100 . "-out $d/$name.crt -keyout $d/$name.key " |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 . ">>$d/openssl.out 2>&1") == 0 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 or die "Can't create certificate for $name: $!\n"; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 $t->run(); |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 ############################################################################### |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 |
1195
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
109 is(stream('127.0.0.1:' . port(8080))->read(), '.', 'ssl'); |
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
110 is(stream('127.0.0.1:' . port(8080))->read(), '.', 'ssl 2'); |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 |
1195
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
112 is(stream('127.0.0.1:' . port(8081))->read(), '.', 'ssl session new'); |
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
113 is(stream('127.0.0.1:' . port(8081))->read(), 'r', 'ssl session reused'); |
1197
155573499f20
Tests: more ssl session tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1195
diff
changeset
|
114 is(stream('127.0.0.1:' . port(8081))->read(), 'r', 'ssl session reused 2'); |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 |
1195
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
116 is(stream('127.0.0.1:' . port(8082))->read(), '.', 'backup ssl'); |
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
117 is(stream('127.0.0.1:' . port(8082))->read(), '.', 'backup ssl 2'); |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 |
1195
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
119 is(stream('127.0.0.1:' . port(8083))->read(), '.', 'backup ssl session new'); |
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
120 is(stream('127.0.0.1:' . port(8083))->read(), 'r', 'backup ssl session reused'); |
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 ############################################################################### |