Mercurial > hg > nginx-tests
annotate stream_ssl_certificate.t @ 1836:74cffa9d4c43
Tests: enabled session reuse via TLS session tickets.
This fixes tests with TLSv1.3 enabled when using BoringSSL, since
for TLSv1.3 it only supports session reuse via TLS session tickets,
and not server-side session cache.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 23 Mar 2023 19:50:02 +0300 |
parents | da52525f49d1 |
children | 0351dee227a8 |
rev | line source |
---|---|
1443
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for stream ssl module with dynamic certificates. |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 ############################################################################### |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 select STDERR; $| = 1; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDOUT; $| = 1; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 eval { |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 require Net::SSLeay; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 Net::SSLeay::load_error_strings(); |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 Net::SSLeay::SSLeay_add_ssl_algorithms(); |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 Net::SSLeay::randomize(); |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 }; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 plan(skip_all => 'Net::SSLeay not installed') if $@; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 eval { |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 my $ctx = Net::SSLeay::CTX_new() or die; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 my $ssl = Net::SSLeay::new($ctx) or die; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 }; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 my $t = Test::Nginx->new()->has(qw/stream stream_ssl stream_geo stream_return/) |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 ->has_daemon('openssl'); |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 $t->{_configure_args} =~ /OpenSSL ([\d\.]+)/; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 plan(skip_all => 'OpenSSL too old') unless defined $1 and $1 ge '1.0.2'; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 $t->write_file_expand('nginx.conf', <<'EOF'); |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 %%TEST_GLOBALS%% |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 daemon off; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 events { |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 } |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 stream { |
1609
f3ba4c74de31
Tests: added TEST_GLOBALS_STREAM variable support.
Andrei Belov <defan@nginx.com>
parents:
1535
diff
changeset
|
56 %%TEST_GLOBALS_STREAM%% |
f3ba4c74de31
Tests: added TEST_GLOBALS_STREAM variable support.
Andrei Belov <defan@nginx.com>
parents:
1535
diff
changeset
|
57 |
1443
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 geo $one { |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 default one; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 } |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 geo $two { |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 default two; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 } |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 geo $pass { |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 default pass; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 } |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 ssl_session_cache shared:SSL:1m; |
1836
74cffa9d4c43
Tests: enabled session reuse via TLS session tickets.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1637
diff
changeset
|
71 ssl_session_tickets on; |
1443
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 server { |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 listen 127.0.0.1:8080 ssl; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 return $ssl_server_name:$ssl_session_reused; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 ssl_certificate $one.crt; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 ssl_certificate_key $one.key; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 } |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 server { |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 listen 127.0.0.1:8083 ssl; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 return $ssl_server_name:$ssl_session_reused; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 # found in key |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 ssl_certificate pass.crt; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 ssl_certificate_key $pass.key; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 ssl_password_file password_file; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 } |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 server { |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 listen 127.0.0.1:8081 ssl; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 return $ssl_server_name:$ssl_session_reused; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 ssl_certificate $one.crt; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 ssl_certificate_key $one.key; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 } |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 server { |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 listen 127.0.0.1:8082 ssl; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 return $ssl_server_name:$ssl_session_reused; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 ssl_certificate $two.crt; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 ssl_certificate_key $two.key; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 } |
1445
889283abadf8
Tests: added basic ssl tests with dynamic certificate not found.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1443
diff
changeset
|
106 |
889283abadf8
Tests: added basic ssl tests with dynamic certificate not found.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1443
diff
changeset
|
107 server { |
889283abadf8
Tests: added basic ssl tests with dynamic certificate not found.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1443
diff
changeset
|
108 listen 127.0.0.1:8084 ssl; |
889283abadf8
Tests: added basic ssl tests with dynamic certificate not found.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1443
diff
changeset
|
109 return $ssl_server_name:$ssl_session_reused; |
889283abadf8
Tests: added basic ssl tests with dynamic certificate not found.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1443
diff
changeset
|
110 |
889283abadf8
Tests: added basic ssl tests with dynamic certificate not found.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1443
diff
changeset
|
111 ssl_certificate $ssl_server_name.crt; |
889283abadf8
Tests: added basic ssl tests with dynamic certificate not found.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1443
diff
changeset
|
112 ssl_certificate_key $ssl_server_name.key; |
889283abadf8
Tests: added basic ssl tests with dynamic certificate not found.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1443
diff
changeset
|
113 } |
1443
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 } |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 EOF |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 $t->write_file('openssl.conf', <<EOF); |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 [ req ] |
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1445
diff
changeset
|
120 default_bits = 2048 |
1443
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 encrypt_key = no |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 distinguished_name = req_distinguished_name |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 [ req_distinguished_name ] |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 EOF |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 my $d = $t->testdir(); |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 foreach my $name ('one', 'two') { |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 system('openssl req -x509 -new ' |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 . "-config $d/openssl.conf -subj /CN=$name/ " |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
131 . "-out $d/$name.crt -keyout $d/$name.key " |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
132 . ">>$d/openssl.out 2>&1") == 0 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
133 or die "Can't create certificate for $name: $!\n"; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 } |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
136 foreach my $name ('pass') { |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
137 system("openssl genrsa -out $d/$name.key -passout pass:pass " |
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1445
diff
changeset
|
138 . "-aes128 2048 >>$d/openssl.out 2>&1") == 0 |
1443
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 or die "Can't create $name key: $!\n"; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
140 system("openssl req -x509 -new -config $d/openssl.conf " |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
141 . "-subj /CN=$name/ -out $d/$name.crt -key $d/$name.key " |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
142 . "-passin pass:pass >>$d/openssl.out 2>&1") == 0 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
143 or die "Can't create $name certificate: $!\n"; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
144 } |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
145 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
146 $t->write_file('password_file', 'pass'); |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 $t->write_file('index.html', ''); |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
148 |
1535
144c6ce732e4
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
149 $t->run()->plan(7); |
1443
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
150 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
151 ############################################################################### |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
152 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
153 like(cert('default', 8080), qr/CN=one/, 'default certificate'); |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
154 like(get('default', 8080), qr/default/, 'default context'); |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
155 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
156 like(get('password', 8083), qr/password/, 'ssl_password_file'); |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
157 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
158 # session reuse |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
159 |
1618
cea0591b13dd
Tests: fixed TLSv1.3 session reuse in stream_ssl_certificate.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1609
diff
changeset
|
160 my ($s, $ssl) = get('default', 8080); |
1443
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
161 my $ses = Net::SSLeay::get_session($ssl); |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
162 |
1620
166461f0bd4b
Tests: added $ssl_server_name checks to stream_ssl_certificate.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1619
diff
changeset
|
163 like(get('default', 8080, $ses), qr/default:r/, 'session reused'); |
166461f0bd4b
Tests: added $ssl_server_name checks to stream_ssl_certificate.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1619
diff
changeset
|
164 like(get('default', 8081, $ses), qr/default:r/, 'session id context match'); |
166461f0bd4b
Tests: added $ssl_server_name checks to stream_ssl_certificate.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1619
diff
changeset
|
165 like(get('default', 8082, $ses), qr/default:\./, 'session id context distinct'); |
1443
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
166 |
1445
889283abadf8
Tests: added basic ssl tests with dynamic certificate not found.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1443
diff
changeset
|
167 # errors |
889283abadf8
Tests: added basic ssl tests with dynamic certificate not found.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1443
diff
changeset
|
168 |
889283abadf8
Tests: added basic ssl tests with dynamic certificate not found.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1443
diff
changeset
|
169 Net::SSLeay::ERR_clear_error(); |
889283abadf8
Tests: added basic ssl tests with dynamic certificate not found.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1443
diff
changeset
|
170 get_ssl_socket('nx', 8084); |
889283abadf8
Tests: added basic ssl tests with dynamic certificate not found.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1443
diff
changeset
|
171 ok(Net::SSLeay::ERR_peek_error(), 'no certificate'); |
889283abadf8
Tests: added basic ssl tests with dynamic certificate not found.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1443
diff
changeset
|
172 |
1443
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
173 ############################################################################### |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
174 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
175 sub get { |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
176 my ($host, $port, $ctx) = @_; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
177 my ($s, $ssl) = get_ssl_socket($host, $port, $ctx) or return; |
1637
da52525f49d1
Tests: avoid ssl_certificate.t hang on SIGPIPE.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1621
diff
changeset
|
178 |
da52525f49d1
Tests: avoid ssl_certificate.t hang on SIGPIPE.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1621
diff
changeset
|
179 local $SIG{PIPE} = 'IGNORE'; |
da52525f49d1
Tests: avoid ssl_certificate.t hang on SIGPIPE.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1621
diff
changeset
|
180 |
1443
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
181 my $r = Net::SSLeay::read($ssl); |
1619
436d0ffc2ea3
Tests: correctly shutdown ssl for reproducible session reuse tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1618
diff
changeset
|
182 Net::SSLeay::shutdown($ssl); |
1443
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
183 $s->close(); |
1618
cea0591b13dd
Tests: fixed TLSv1.3 session reuse in stream_ssl_certificate.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1609
diff
changeset
|
184 return $r unless wantarray(); |
cea0591b13dd
Tests: fixed TLSv1.3 session reuse in stream_ssl_certificate.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1609
diff
changeset
|
185 return ($s, $ssl); |
1443
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
186 } |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
187 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
188 sub cert { |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
189 my ($host, $port, $ctx) = @_; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
190 my ($s, $ssl) = get_ssl_socket($host, $port, $ctx) or return; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
191 Net::SSLeay::dump_peer_certificate($ssl); |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
192 } |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
193 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
194 sub get_ssl_socket { |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
195 my ($host, $port, $ses) = @_; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
196 |
1621
fd440d324700
Tests: simplified get_ssl_socket() functions that use Net::SSLeay.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1620
diff
changeset
|
197 my $s = IO::Socket::INET->new('127.0.0.1:' . port($port)); |
1443
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
198 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!"); |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
199 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!"); |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
200 Net::SSLeay::set_tlsext_host_name($ssl, $host); |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
201 Net::SSLeay::set_session($ssl, $ses) if defined $ses; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
202 Net::SSLeay::set_fd($ssl, fileno($s)); |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
203 Net::SSLeay::connect($ssl) or die("ssl connect"); |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
204 return ($s, $ssl); |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
205 } |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
206 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
207 ############################################################################### |