Mercurial > hg > nginx-tests
annotate ssl_reject_handshake.t @ 1719:53a801bf4d0b
Tests: auth_basic_user_file variable tests with conf_prefix.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Wed, 30 Jun 2021 23:48:45 +0300 |
parents | 5ac6efbe5552 |
children | 2a7fc70900a5 |
rev | line source |
---|---|
1601
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for http ssl module, ssl_reject_handshake. |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 ############################################################################### |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 select STDERR; $| = 1; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDOUT; $| = 1; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 eval { require IO::Socket::SSL; }; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 plan(skip_all => 'IO::Socket::SSL not installed') if $@; |
1602
d35db22947ab
Tests: fixed ssl_reject_handshake.t with too old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1601
diff
changeset
|
27 eval { IO::Socket::SSL->can_client_sni() or die; }; |
d35db22947ab
Tests: fixed ssl_reject_handshake.t with too old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1601
diff
changeset
|
28 plan(skip_all => 'IO::Socket::SSL with OpenSSL SNI support required') if $@; |
1601
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 |
1602
d35db22947ab
Tests: fixed ssl_reject_handshake.t with too old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1601
diff
changeset
|
30 my $t = Test::Nginx->new()->has(qw/http http_ssl sni/)->has_daemon('openssl'); |
1601
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 $t->write_file_expand('nginx.conf', <<'EOF'); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 %%TEST_GLOBALS%% |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 daemon off; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 events { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 http { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 %%TEST_GLOBALS_HTTP%% |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 add_header X-Name $ssl_server_name; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 server { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 listen 127.0.0.1:8080 ssl; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 server_name localhost; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 ssl_reject_handshake on; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 server { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 listen 127.0.0.1:8081; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 server_name ssl; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 ssl on; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 ssl_reject_handshake on; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 server { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 listen 127.0.0.1:8080 ssl; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 listen 127.0.0.1:8081 ssl; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 server_name virtual; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 ssl_certificate localhost.crt; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 ssl_certificate_key localhost.key; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 server { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 listen 127.0.0.1:8082 ssl; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 server_name localhost; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 ssl_certificate localhost.crt; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 ssl_certificate_key localhost.key; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 server { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 listen 127.0.0.1:8082 ssl; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 server_name virtual1; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 server { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 listen 127.0.0.1:8082 ssl; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 server_name virtual2; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 ssl_reject_handshake on; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 EOF |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 $t->write_file('openssl.conf', <<EOF); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 [ req ] |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 default_bits = 2048 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 encrypt_key = no |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 distinguished_name = req_distinguished_name |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 [ req_distinguished_name ] |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 EOF |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 my $d = $t->testdir(); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 foreach my $name ('localhost') { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 system('openssl req -x509 -new ' |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 . "-config $d/openssl.conf -subj /CN=$name/ " |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 . "-out $d/$name.crt -keyout $d/$name.key " |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 . ">>$d/openssl.out 2>&1") == 0 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 or die "Can't create certificate for $name: $!\n"; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 $t->write_file('index.html', ''); |
1693
5ac6efbe5552
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1602
diff
changeset
|
112 |
5ac6efbe5552
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1602
diff
changeset
|
113 # suppress deprecation warning |
5ac6efbe5552
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1602
diff
changeset
|
114 |
5ac6efbe5552
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1602
diff
changeset
|
115 open OLDERR, ">&", \*STDERR; close STDERR; |
5ac6efbe5552
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1602
diff
changeset
|
116 $t->run()->plan(9); |
5ac6efbe5552
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1602
diff
changeset
|
117 open STDERR, ">&", \*OLDERR; |
1601
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 ############################################################################### |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 # default virtual server rejected |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 like(get('default', 8080), qr/unrecognized name/, 'default rejected'); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 like(get(undef, 8080), qr/unrecognized name/, 'absent sni rejected'); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 like(get('virtual', 8080), qr/virtual/, 'virtual accepted'); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 # default virtual server rejected - ssl on |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 like(get('default', 8081), qr/unrecognized name/, 'default rejected - ssl on'); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 like(get('virtual', 8081), qr/virtual/, 'virtual accepted - ssl on'); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
131 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
132 # non-default server "virtual2" rejected |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
133 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 like(get('default', 8082), qr/default/, 'default accepted'); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 like(get(undef, 8082), qr/200 OK(?!.*X-Name)/is, 'absent sni accepted'); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
136 like(get('virtual1', 8082), qr/virtual1/, 'virtual 1 accepted'); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
137 like(get('virtual2', 8082), qr/unrecognized name/, 'virtual 2 rejected'); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
138 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 ############################################################################### |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
140 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
141 sub get { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
142 my ($host, $port) = @_; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
143 my $s = get_ssl_socket($host, $port) or return $@; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
144 $host = 'localhost' if !defined $host; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
145 my $r = http(<<EOF, socket => $s); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
146 GET / HTTP/1.0 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 Host: $host |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
148 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
149 EOF |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
150 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
151 $s->close(); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
152 return $r; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
153 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
154 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
155 sub get_ssl_socket { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
156 my ($host, $port) = @_; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
157 my $s; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
158 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
159 eval { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
160 local $SIG{ALRM} = sub { die "timeout\n" }; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
161 local $SIG{PIPE} = sub { die "sigpipe\n" }; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
162 alarm(8); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
163 $s = IO::Socket::SSL->new( |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
164 Proto => 'tcp', |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
165 PeerAddr => '127.0.0.1', |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
166 PeerPort => port($port), |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
167 SSL_hostname => $host, |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
168 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
169 SSL_error_trap => sub { die $_[1] }, |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
170 ); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
171 alarm(0); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
172 }; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
173 alarm(0); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
174 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
175 if ($@) { |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
176 log_in("died: $@"); |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
177 return undef; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
178 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
179 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
180 return $s; |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
181 } |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
182 |
376cbc2c2b20
Tests: ssl_reject_handshake tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
183 ############################################################################### |