Mercurial > hg > nginx-tests
annotate ssl.t @ 1118:6c27d5cab1d7
Tests: keep stream_ssl_preread.t TODO for older mainline releases.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Mon, 30 Jan 2017 13:32:00 +0300 |
parents | 8ef51dbb5d69 |
children | 3d312b6a1a19 |
rev | line source |
---|---|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
4 # (C) Andrey Zelenkov |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 # (C) Nginx, Inc. |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 # Tests for http ssl module. |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 ############################################################################### |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use warnings; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 use strict; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 use Test::More; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 BEGIN { use FindBin; chdir($FindBin::Bin); } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use lib 'lib'; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 use Test::Nginx; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 ############################################################################### |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDERR; $| = 1; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 select STDOUT; $| = 1; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 |
430
a82b02635614
Tests: skip ssl tests with ancient IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
397
diff
changeset
|
26 eval { require IO::Socket::SSL; }; |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 plan(skip_all => 'IO::Socket::SSL not installed') if $@; |
430
a82b02635614
Tests: skip ssl tests with ancient IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
397
diff
changeset
|
28 eval { IO::Socket::SSL::SSL_VERIFY_NONE(); }; |
a82b02635614
Tests: skip ssl tests with ancient IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
397
diff
changeset
|
29 plan(skip_all => 'IO::Socket::SSL too old') if $@; |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite/) |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 ->has_daemon('openssl'); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
34 $t->write_file_expand('nginx.conf', <<'EOF'); |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 %%TEST_GLOBALS%% |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 daemon off; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 events { |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 http { |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 %%TEST_GLOBALS_HTTP%% |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
46 ssl_certificate_key localhost.key; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
47 ssl_certificate localhost.crt; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
48 ssl_session_tickets off; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
49 |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
51 listen 127.0.0.1:8085 ssl; |
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
52 listen 127.0.0.1:8080; |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 server_name localhost; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
55 ssl_certificate_key inner.key; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
56 ssl_certificate inner.crt; |
503
071e8941e3bf
Tests: reduce shared memory zone sizes.
Maxim Dounin <mdounin@mdounin.ru>
parents:
430
diff
changeset
|
57 ssl_session_cache shared:SSL:1m; |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
58 ssl_verify_client optional_no_ca; |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 location /reuse { |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 return 200 "body $ssl_session_reused"; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 location /id { |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 return 200 "body $ssl_session_id"; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 } |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
66 location /cipher { |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
67 return 200 "body $ssl_cipher"; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
68 } |
1093
2b0ef67ab032
Tests: added test for $ssl_ciphers variable (ticket #870).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1068
diff
changeset
|
69 location /ciphers { |
2b0ef67ab032
Tests: added test for $ssl_ciphers variable (ticket #870).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1068
diff
changeset
|
70 return 200 "body $ssl_ciphers"; |
2b0ef67ab032
Tests: added test for $ssl_ciphers variable (ticket #870).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1068
diff
changeset
|
71 } |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
72 location /client_verify { |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
73 return 200 "body $ssl_client_verify"; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
74 } |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
75 location /protocol { |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
76 return 200 "body $ssl_protocol"; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
77 } |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
78 location /issuer { |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
79 return 200 "body $ssl_client_i_dn:$ssl_client_i_dn_legacy"; |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
80 } |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
81 location /subject { |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
82 return 200 "body $ssl_client_s_dn:$ssl_client_s_dn_legacy"; |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
83 } |
1094
dd8f126afa32
Tests: client certificate time variables tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1093
diff
changeset
|
84 location /time { |
dd8f126afa32
Tests: client certificate time variables tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1093
diff
changeset
|
85 return 200 "body $ssl_client_v_start!$ssl_client_v_end!$ssl_client_v_remain"; |
dd8f126afa32
Tests: client certificate time variables tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1093
diff
changeset
|
86 } |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
87 } |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
88 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
89 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
90 listen 127.0.0.1:8081; |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
91 server_name localhost; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
92 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
93 # Special case for enabled "ssl" directive. |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
94 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
95 ssl on; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
96 ssl_session_cache builtin; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
97 ssl_session_timeout 1; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
98 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
99 location / { |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
100 return 200 "body $ssl_session_reused"; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
101 } |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
102 } |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
103 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
104 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
105 listen 127.0.0.1:8082 ssl; |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
106 server_name localhost; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
107 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
108 ssl_session_cache builtin:1000; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
109 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
110 location / { |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
111 return 200 "body $ssl_session_reused"; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
112 } |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
113 } |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
114 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
115 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
116 listen 127.0.0.1:8083 ssl; |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
117 server_name localhost; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
118 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
119 ssl_session_cache none; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
120 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
121 location / { |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
122 return 200 "body $ssl_session_reused"; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
123 } |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
124 } |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
125 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
126 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
127 listen 127.0.0.1:8084 ssl; |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
128 server_name localhost; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
129 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
130 ssl_session_cache off; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
131 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
132 location / { |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
133 return 200 "body $ssl_session_reused"; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
134 } |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
136 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
137 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
138 EOF |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
140 $t->write_file('openssl.conf', <<EOF); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
141 [ req ] |
1116
8ef51dbb5d69
Tests: reduced OpenSSL default key length to 1024.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1100
diff
changeset
|
142 default_bits = 1024 |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
143 encrypt_key = no |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
144 distinguished_name = req_distinguished_name |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
145 [ req_distinguished_name ] |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
146 EOF |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
148 my $d = $t->testdir(); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
149 |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
150 $t->write_file('ca.conf', <<EOF); |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
151 [ ca ] |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
152 default_ca = myca |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
153 |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
154 [ myca ] |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
155 new_certs_dir = $d |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
156 database = $d/certindex |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
157 default_md = sha1 |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
158 policy = myca_policy |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
159 serial = $d/certserial |
1094
dd8f126afa32
Tests: client certificate time variables tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1093
diff
changeset
|
160 default_days = 3 |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
161 |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
162 [ myca_policy ] |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
163 commonName = supplied |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
164 EOF |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
165 |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
166 $t->write_file('certserial', '1000'); |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
167 $t->write_file('certindex', ''); |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
168 |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
169 system('openssl req -x509 -new ' |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
170 . "-config '$d/openssl.conf' -subj '/CN=issuer/' " |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
171 . "-out '$d/issuer.crt' -keyout '$d/issuer.key' " |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
172 . ">>$d/openssl.out 2>&1") == 0 |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
173 or die "Can't create certificate for issuer: $!\n"; |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
174 |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
175 system("openssl req -new " |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
176 . "-config '$d/openssl.conf' -subj '/CN=subject/' " |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
177 . "-out '$d/subject.csr' -keyout '$d/subject.key' " |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
178 . ">>$d/openssl.out 2>&1") == 0 |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
179 or die "Can't create certificate for subject: $!\n"; |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
180 |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
181 system("openssl ca -batch -config '$d/ca.conf' " |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
182 . "-keyfile '$d/issuer.key' -cert '$d/issuer.crt' " |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
183 . "-subj '/CN=subject/' -in '$d/subject.csr' -out '$d/subject.crt' " |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
184 . ">>$d/openssl.out 2>&1") == 0 |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
185 or die "Can't sign certificate for subject: $!\n"; |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
186 |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
187 foreach my $name ('localhost', 'inner') { |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
188 system('openssl req -x509 -new ' |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
189 . "-config '$d/openssl.conf' -subj '/CN=$name/' " |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
190 . "-out '$d/$name.crt' -keyout '$d/$name.key' " |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
191 . ">>$d/openssl.out 2>&1") == 0 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
192 or die "Can't create certificate for $name: $!\n"; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
193 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
194 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
195 my $ctx = new IO::Socket::SSL::SSL_Context( |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
196 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
197 SSL_session_cache_size => 100); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
198 |
1094
dd8f126afa32
Tests: client certificate time variables tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1093
diff
changeset
|
199 $t->try_run('no ssl_ciphers')->plan(22); |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
200 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
201 ############################################################################### |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
202 |
1067
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
203 like(get('/reuse', 8085), qr/^body \.$/m, 'shared initial session'); |
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
204 like(get('/reuse', 8085), qr/^body r$/m, 'shared session reused'); |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
205 |
1067
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
206 like(get('/', 8081), qr/^body \.$/m, 'builtin initial session'); |
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
207 like(get('/', 8081), qr/^body r$/m, 'builtin session reused'); |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
208 |
1067
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
209 like(get('/', 8082), qr/^body \.$/m, 'builtin size initial session'); |
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
210 like(get('/', 8082), qr/^body r$/m, 'builtin size session reused'); |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
211 |
1067
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
212 like(get('/', 8083), qr/^body \.$/m, 'reused none initial session'); |
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
213 like(get('/', 8083), qr/^body \.$/m, 'session not reused 1'); |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
214 |
1067
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
215 like(get('/', 8084), qr/^body \.$/m, 'reused off initial session'); |
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
216 like(get('/', 8084), qr/^body \.$/m, 'session not reused 2'); |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
217 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
218 # ssl certificate inheritance |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
219 |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
220 my $s = get_ssl_socket($ctx, port(8081)); |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
221 like($s->dump_peer_certificate(), qr/CN=localhost/, 'CN'); |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
222 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
223 $s->close(); |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
224 |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
225 $s = get_ssl_socket($ctx, port(8085)); |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
226 like($s->dump_peer_certificate(), qr/CN=inner/, 'CN inner'); |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
227 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
228 $s->close(); |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
229 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
230 # session timeout |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
231 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
232 select undef, undef, undef, 2.1; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
233 |
1067
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
234 like(get('/', 8081), qr/^body \.$/m, 'session timeout'); |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
235 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
236 # embedded variables |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
237 |
1067
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
238 like(get('/id', 8085), qr/^body \w{64}$/m, 'session id'); |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
239 unlike(http_get('/id'), qr/body \w/, 'session id no ssl'); |
1067
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
240 like(get('/cipher', 8085), qr/^body [\w-]+$/m, 'cipher'); |
1093
2b0ef67ab032
Tests: added test for $ssl_ciphers variable (ticket #870).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1068
diff
changeset
|
241 |
1100
52553ea2171c
Tests: fixed ssl.t when run in parallel.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1094
diff
changeset
|
242 $s = get_ssl_socket(undef, port(8085)); |
1093
2b0ef67ab032
Tests: added test for $ssl_ciphers variable (ticket #870).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1068
diff
changeset
|
243 like(http_get('/ciphers', socket => $s), qr/^body [:\w-]+$/m, 'ciphers'); |
2b0ef67ab032
Tests: added test for $ssl_ciphers variable (ticket #870).
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1068
diff
changeset
|
244 |
1067
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
245 like(get('/client_verify', 8085), qr/^body NONE$/m, 'client verify'); |
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
246 like(get('/protocol', 8085), qr/^body (TLS|SSL)v(\d|\.)+$/m, 'protocol'); |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
247 like(cert('/issuer', 8085), qr!^body CN=issuer:/CN=issuer$!m, 'issuer'); |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
248 like(cert('/subject', 8085), qr!^body CN=subject:/CN=subject$!m, 'subject'); |
1094
dd8f126afa32
Tests: client certificate time variables tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1093
diff
changeset
|
249 like(cert('/time', 8085), qr/^body [:\s\w]+![:\s\w]+![23]$/m, 'time'); |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
250 |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
251 ############################################################################### |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
252 |
1067
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
253 sub get { |
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
254 my ($uri, $port) = @_; |
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
255 my $s = get_ssl_socket($ctx, port($port)) or return; |
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
256 http_get($uri, socket => $s); |
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
257 } |
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
258 |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
259 sub cert { |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
260 my ($uri, $port) = @_; |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
261 my $s = get_ssl_socket(undef, port($port), |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
262 SSL_cert_file => "$d/subject.crt", |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
263 SSL_key_file => "$d/subject.key") or return; |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
264 http_get($uri, socket => $s); |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
265 } |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
266 |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
267 sub get_ssl_socket { |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
268 my ($ctx, $port, %extra) = @_; |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
269 my $s; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
270 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
271 eval { |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
272 local $SIG{ALRM} = sub { die "timeout\n" }; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
273 local $SIG{PIPE} = sub { die "sigpipe\n" }; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
274 alarm(2); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
275 $s = IO::Socket::SSL->new( |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
276 Proto => 'tcp', |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
277 PeerAddr => '127.0.0.1', |
952
e9064d691790
Tests: converted tests to run in parallel.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
664
diff
changeset
|
278 PeerPort => $port, |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
279 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
280 SSL_reuse_ctx => $ctx, |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
281 SSL_error_trap => sub { die $_[1] }, |
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
282 %extra |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
283 ); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
284 alarm(0); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
285 }; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
286 alarm(0); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
287 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
288 if ($@) { |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
289 log_in("died: $@"); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
290 return undef; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
291 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
292 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
293 return $s; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
294 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
295 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
296 ############################################################################### |