Mercurial > hg > nginx-tests
annotate ssl_engine_keys.t @ 1963:5656138f2e46
Tests: improved has_daemon() to drop "which" stderr.
On some platforms (notably OpenBSD) "which" prints an error if the command
is not found. It is now dropped to produce less clutter during testing.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Sun, 05 May 2024 23:56:16 +0300 |
parents | 7f09d144d15c |
children |
rev | line source |
---|---|
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for http ssl module, loading "engine:..." keys. |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 ############################################################################### |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 select STDERR; $| = 1; |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDOUT; $| = 1; |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 plan(skip_all => 'win32') if $^O eq 'MSWin32'; |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 plan(skip_all => 'may not work, leaves coredump') |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 unless $ENV{TEST_NGINX_UNSAFE}; |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 |
914
3ac4036b139d
Tests: fixed proxy prerequisites.
Sergey Kandaurov <pluknet@nginx.com>
parents:
568
diff
changeset
|
30 my $t = Test::Nginx->new()->has(qw/http proxy http_ssl/)->has_daemon('openssl') |
1747
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
31 ->has_daemon('softhsm2-util')->has_daemon('pkcs11-tool')->plan(2); |
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 $t->write_file_expand('nginx.conf', <<'EOF'); |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 %%TEST_GLOBALS%% |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 daemon off; |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 events { |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 } |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 http { |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 %%TEST_GLOBALS_HTTP%% |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
46 listen 127.0.0.1:8081 ssl; |
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
47 listen 127.0.0.1:8080; |
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 server_name localhost; |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 |
1328
a682c219af45
Tests: updated ssl_engine_keys.t test.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1220
diff
changeset
|
50 ssl_certificate localhost.crt; |
1747
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
51 ssl_certificate_key engine:pkcs11:id_00; |
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 location / { |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 # index index.html by default |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 } |
1446
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
56 |
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 location /proxy { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
58 proxy_pass https://127.0.0.1:8081/; |
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 } |
1446
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
60 |
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
61 location /var { |
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
62 proxy_pass https://127.0.0.1:8082/; |
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
63 proxy_ssl_name localhost; |
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
64 proxy_ssl_server_name on; |
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
65 } |
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
66 } |
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
67 |
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
68 server { |
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
69 listen 127.0.0.1:8082 ssl; |
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
70 server_name localhost; |
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
71 |
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
72 ssl_certificate $ssl_server_name.crt; |
1747
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
73 ssl_certificate_key engine:pkcs11:id_00; |
1446
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
74 |
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
75 location / { |
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
76 # index index.html by default |
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
77 } |
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 } |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 } |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 EOF |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 # Create a SoftHSM token with a secret key, and configure OpenSSL |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 # to access it using the pkcs11 engine, see detailed example |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 # posted by Dmitrii Pichulin here: |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 # |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 # http://mailman.nginx.org/pipermail/nginx-devel/2014-October/006151.html |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 # |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 # Note that library paths may differ on different systems, |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 # and may need to be adjusted. |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 $t->write_file('openssl.conf', <<EOF); |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 openssl_conf = openssl_def |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 [openssl_def] |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 engines = engine_section |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 [engine_section] |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 pkcs11 = pkcs11_section |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 [pkcs11_section] |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 engine_id = pkcs11 |
1328
a682c219af45
Tests: updated ssl_engine_keys.t test.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1220
diff
changeset
|
103 dynamic_path = /usr/local/lib/engines/pkcs11.so |
1747
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
104 MODULE_PATH = /usr/local/lib/softhsm/libsofthsm2.so |
1328
a682c219af45
Tests: updated ssl_engine_keys.t test.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1220
diff
changeset
|
105 init = 1 |
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 PIN = 1234 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 [ req ] |
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1446
diff
changeset
|
109 default_bits = 2048 |
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 encrypt_key = no |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 distinguished_name = req_distinguished_name |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 [ req_distinguished_name ] |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 EOF |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 my $d = $t->testdir(); |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 |
1747
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
117 $t->write_file('softhsm2.conf', <<EOF); |
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
118 directories.tokendir = $d/tokens/ |
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
119 objectstore.backend = file |
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 EOF |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 |
1747
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
122 mkdir($d . '/tokens'); |
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
123 |
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
124 $ENV{SOFTHSM2_CONF} = "$d/softhsm2.conf"; |
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 $ENV{OPENSSL_CONF} = "$d/openssl.conf"; |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 foreach my $name ('localhost') { |
1747
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
128 system('softhsm2-util --init-token --slot 0 --label NginxZero ' |
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 . '--pin 1234 --so-pin 1234 ' |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 . ">>$d/openssl.out 2>&1"); |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
131 |
1747
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
132 system('pkcs11-tool --module=/usr/local/lib/softhsm/libsofthsm2.so ' |
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1446
diff
changeset
|
133 . '-p 1234 -l -k -d 0 -a nx_key_0 --key-type rsa:2048 ' |
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 . ">>$d/openssl.out 2>&1"); |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 |
1747
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
136 system('openssl req -x509 -new ' |
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
137 . "-subj /CN=$name/ -out $d/$name.crt -text " |
7f09d144d15c
Tests: updated ssl_engine_keys.t test to use SoftHSM v2.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1535
diff
changeset
|
138 . "-engine pkcs11 -keyform engine -key id_00 " |
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 . ">>$d/openssl.out 2>&1") == 0 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
140 or die "Can't create certificate for $name: $!\n"; |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
141 } |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
142 |
1535
144c6ce732e4
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
143 $t->run(); |
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
144 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
145 $t->write_file('index.html', ''); |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
146 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 ############################################################################### |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
148 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
149 like(http_get('/proxy'), qr/200 OK/, 'ssl engine keys'); |
1446
44973a23b031
Tests: loading "engine:..." keys with certificate variable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1328
diff
changeset
|
150 like(http_get('/var'), qr/200 OK/, 'ssl_certificate with variable'); |
516
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
151 |
2bc470a58621
Tests: test for loading "engine:..." keys.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
152 ############################################################################### |