Mercurial > hg > nginx-tests
annotate uwsgi_ssl_verify.t @ 1949:6e4a480ab370
Tests: fixed h3_keepalive.t spurious failures.
Previously, reload was initiated immediately after starting a stream,
and appropriate packets might end up being received by the new worker
process, breaking the test. Fix is to wait a while before initiating
reload.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Fri, 23 Feb 2024 02:04:40 +0300 |
parents | 1b9f21836f57 |
children |
rev | line source |
---|---|
1688
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Maxim Dounin |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Sergey Kandaurov |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 # (C) Nginx, Inc. |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 # Tests for uwsgi backend with SSL, backend certificate verification. |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 ############################################################################### |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use warnings; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 use strict; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 use Test::More; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 BEGIN { use FindBin; chdir($FindBin::Bin); } |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use lib 'lib'; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 use Test::Nginx; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 ############################################################################### |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDERR; $| = 1; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 select STDOUT; $| = 1; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 my $t = Test::Nginx->new()->has(qw/http http_ssl uwsgi/) |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 ->has_daemon('uwsgi')->has_daemon('openssl')->plan(6) |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 ->write_file_expand('nginx.conf', <<'EOF'); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 %%TEST_GLOBALS%% |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 daemon off; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 events { |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 } |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 http { |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 %%TEST_GLOBALS_HTTP%% |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 server { |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 listen 127.0.0.1:8080; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 server_name localhost; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 location /verify { |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 uwsgi_pass suwsgi://127.0.0.1:8081; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 uwsgi_ssl_name example.com; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 uwsgi_ssl_verify on; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 uwsgi_ssl_trusted_certificate 1.example.com.crt; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 } |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 location /wildcard { |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 uwsgi_pass suwsgi://127.0.0.1:8081; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 uwsgi_ssl_name foo.example.com; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 uwsgi_ssl_verify on; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 uwsgi_ssl_trusted_certificate 1.example.com.crt; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 } |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 location /fail { |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 uwsgi_pass suwsgi://127.0.0.1:8081; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 uwsgi_ssl_name no.match.example.com; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 uwsgi_ssl_verify on; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 uwsgi_ssl_trusted_certificate 1.example.com.crt; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 } |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 location /cn { |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 uwsgi_pass suwsgi://127.0.0.1:8082; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 uwsgi_ssl_name 2.example.com; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 uwsgi_ssl_verify on; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 uwsgi_ssl_trusted_certificate 2.example.com.crt; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 } |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 location /cn/fail { |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 uwsgi_pass suwsgi://127.0.0.1:8082; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 uwsgi_ssl_name bad.example.com; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 uwsgi_ssl_verify on; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 uwsgi_ssl_trusted_certificate 2.example.com.crt; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 } |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 location /untrusted { |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 uwsgi_pass suwsgi://127.0.0.1:8082; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 uwsgi_ssl_verify on; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 uwsgi_ssl_trusted_certificate 1.example.com.crt; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 uwsgi_ssl_session_reuse off; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 } |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 } |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 } |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 EOF |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 $t->write_file('openssl.1.example.com.conf', <<EOF); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 [ req ] |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 prompt = no |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 default_bits = 2048 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 encrypt_key = no |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 distinguished_name = req_distinguished_name |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 x509_extensions = v3_req |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 [ req_distinguished_name ] |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 commonName=no.match.example.com |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 [ v3_req ] |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 subjectAltName = DNS:example.com,DNS:*.example.com |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 EOF |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 $t->write_file('openssl.2.example.com.conf', <<EOF); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 [ req ] |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 prompt = no |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 default_bits = 2048 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 encrypt_key = no |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 distinguished_name = req_distinguished_name |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 [ req_distinguished_name ] |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 commonName=2.example.com |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 EOF |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 my $d = $t->testdir(); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 my $crt1 = "$d/1.example.com.crt"; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 my $crt2 = "$d/2.example.com.crt"; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 my $key1 = "$d/1.example.com.key"; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 my $key2 = "$d/2.example.com.key"; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 foreach my $name ('1.example.com', '2.example.com') { |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 system('openssl req -x509 -new ' |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 . "-config $d/openssl.$name.conf " |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 . "-out $d/$name.crt -keyout $d/$name.key " |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 . ">>$d/openssl.out 2>&1") == 0 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 or die "Can't create certificate for $name: $!\n"; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 } |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 $t->write_file('uwsgi_test_app.py', <<END); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
131 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
132 def application(env, start_response): |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
133 start_response('200 OK', [('Content-Type','text/plain')]) |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 return b"SEE-THIS" |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
136 END |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
137 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
138 my $uwsgihelp = `uwsgi -h`; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 my @uwsgiopts = (); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
140 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
141 if ($uwsgihelp !~ /--wsgi-file/) { |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
142 # uwsgi has no python support, maybe plugin load is necessary |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
143 push @uwsgiopts, '--plugin', 'python'; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
144 push @uwsgiopts, '--plugin', 'python3'; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
145 } |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
146 |
1923
1b9f21836f57
Tests: enabled TLSv1 in uwsgi SSL tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1688
diff
changeset
|
147 if ($uwsgihelp =~ /--ssl-enable-tlsv1/) { |
1b9f21836f57
Tests: enabled TLSv1 in uwsgi SSL tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1688
diff
changeset
|
148 # uwsgi disables TLSv1 by default since 2.0.17.1 |
1b9f21836f57
Tests: enabled TLSv1 in uwsgi SSL tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1688
diff
changeset
|
149 push @uwsgiopts, '--ssl-enable-tlsv1'; |
1b9f21836f57
Tests: enabled TLSv1 in uwsgi SSL tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1688
diff
changeset
|
150 } |
1b9f21836f57
Tests: enabled TLSv1 in uwsgi SSL tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1688
diff
changeset
|
151 |
1688
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
152 open OLDERR, ">&", \*STDERR; close STDERR; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
153 $t->run_daemon('uwsgi', @uwsgiopts, |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
154 '--ssl-socket', '127.0.0.1:' . port(8081) . ",$crt1,$key1", |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
155 '--wsgi-file', $d . '/uwsgi_test_app.py', |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
156 '--logto', $d . '/uwsgi_log'); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
157 $t->run_daemon('uwsgi', @uwsgiopts, |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
158 '--ssl-socket', '127.0.0.1:' . port(8082) . ",$crt2,$key2", |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
159 '--wsgi-file', $d . '/uwsgi_test_app.py', |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
160 '--logto', $d . '/uwsgi_log'); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
161 open STDERR, ">&", \*OLDERR; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
162 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
163 $t->run(); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
164 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
165 $t->waitforsocket('127.0.0.1:' . port(8081)) |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
166 or die "Can't start uwsgi"; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
167 $t->waitforsocket('127.0.0.1:' . port(8082)) |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
168 or die "Can't start uwsgi"; |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
169 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
170 ############################################################################### |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
171 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
172 # subjectAltName |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
173 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
174 like(http_get('/verify'), qr/200 OK/ms, 'verify'); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
175 like(http_get('/wildcard'), qr/200 OK/ms, 'verify wildcard'); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
176 like(http_get('/fail'), qr/502 Bad/ms, 'verify fail'); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
177 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
178 # commonName |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
179 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
180 like(http_get('/cn'), qr/200 OK/ms, 'verify cn'); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
181 like(http_get('/cn/fail'), qr/502 Bad/ms, 'verify cn fail'); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
182 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
183 # untrusted |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
184 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
185 like(http_get('/untrusted'), qr/502 Bad/ms, 'untrusted'); |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
186 |
31ea330ac360
Tests: more uwsgi tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
187 ############################################################################### |