Mercurial > hg > nginx-tests
annotate proxy_ssl.t @ 391:915ef26ac6eb
Tests: fix proxy_unfinished.t failures with big buffers.
With newer systems it becomes common to use huge socket buffers, and
the "no proxy temp" test may unexpectedly fail because disk buffering will
not be used. To reduce this possibility, the "listen ... sndbuf=32k" was
added.
Additionally, regular expression was changed to silently allow full
responses.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 15 Apr 2014 22:04:08 +0400 |
parents | ad164c14058a |
children | a7d04159e52b |
rev | line source |
---|---|
311
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Nginx, Inc. |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 # Tests for proxy to ssl backend. |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 ############################################################################### |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 use warnings; |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use strict; |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 use Test::More; |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 BEGIN { use FindBin; chdir($FindBin::Bin); } |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 use lib 'lib'; |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use Test::Nginx; |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 ############################################################################### |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 select STDERR; $| = 1; |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 select STDOUT; $| = 1; |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 my $t = Test::Nginx->new()->has(qw/http proxy http_ssl/)->has_daemon('openssl') |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 ->plan(4)->write_file_expand('nginx.conf', <<'EOF'); |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 %%TEST_GLOBALS%% |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 daemon off; |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 events { |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 } |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 http { |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 %%TEST_GLOBALS_HTTP%% |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 server { |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 listen 127.0.0.1:8081 ssl; |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 ssl_certificate_key localhost.key; |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 ssl_certificate localhost.crt; |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 } |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 server { |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 listen 127.0.0.1:8080; |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 server_name localhost; |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 add_header X-Foo ssl; |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 location /ssl_reuse { |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 proxy_pass https://127.0.0.1:8081/; |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 proxy_ssl_session_reuse on; |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 } |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 location /ssl { |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 proxy_pass https://127.0.0.1:8081/; |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 proxy_ssl_session_reuse off; |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 } |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 } |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 } |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 EOF |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 $t->write_file('openssl.conf', <<EOF); |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 [ req ] |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 default_bits = 2048 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 encrypt_key = no |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 distinguished_name = req_distinguished_name |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 [ req_distinguished_name ] |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 EOF |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 $t->write_file('index.html', ''); |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 my $d = $t->testdir(); |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 foreach my $name ('localhost') { |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 system('openssl req -x509 -new ' |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 . "-config '$d/openssl.conf' -subj '/CN=$name/' " |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 . "-out '$d/$name.crt' -keyout '$d/$name.key' " |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 . ">>$d/openssl.out 2>&1") == 0 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 or die "Can't create certificate for $name: $!\n"; |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 } |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 $t->run(); |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 ############################################################################### |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 like(http_get('/ssl'), qr/200 OK.*X-Foo: ssl/ms, 'ssl'); |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 like(http_get('/ssl'), qr/200 OK.*X-Foo: ssl/ms, 'ssl 2'); |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 like(http_get('/ssl_reuse'), qr/200 OK.*X-Foo: ssl/ms, 'ssl reuse session'); |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 like(http_get('/ssl_reuse'), qr/200 OK.*X-Foo: ssl/ms, 'ssl reuse session 2'); |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 ############################################################################### |