Mercurial > hg > nginx-tests

annotate ssl.t @ 391:915ef26ac6eb

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: fix proxy_unfinished.t failures with big buffers. With newer systems it becomes common to use huge socket buffers, and the "no proxy temp" test may unexpectedly fail because disk buffering will not be used. To reduce this possibility, the "listen ... sndbuf=32k" was added. Additionally, regular expression was changed to silently allow full responses.
author Maxim Dounin <mdounin@mdounin.ru>
date Tue, 15 Apr 2014 22:04:08 +0400
parents de2f7e86866e
children 847ea345becb
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
370
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
1 #!/usr/bin/perl
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
2
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
3 # (C) Sergey Kandaurov
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
4 # (C) Nginx, Inc.
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
5
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
6 # Tests for http ssl module.
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
7
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
8 ###############################################################################
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
9
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
10 use warnings;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
11 use strict;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
12
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
13 use Test::More;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
14
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
15 BEGIN { use FindBin; chdir($FindBin::Bin); }
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
16
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
17 use lib 'lib';
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
18 use Test::Nginx;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
19
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
20 ###############################################################################
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
21
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
22 select STDERR; $| = 1;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
23 select STDOUT; $| = 1;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
24
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
25 eval {
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
26 require IO::Socket::SSL;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
27 };
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
28 plan(skip_all => 'IO::Socket::SSL not installed') if $@;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
29
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
30 my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite/)
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
31 ->has_daemon('openssl');
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
32
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
33 plan(skip_all => 'new syntax: "$ssl_session_reused"')
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
34 unless $t->has_version('1.5.11');
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
35
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
36 $t->plan(4)->write_file_expand('nginx.conf', <<'EOF');
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
37
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
38 %%TEST_GLOBALS%%
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
39
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
40 daemon off;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
41
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
42 events {
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
43 }
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
44
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
45 http {
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
46 %%TEST_GLOBALS_HTTP%%
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
47
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
48 server {
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
49 listen 127.0.0.1:8443 ssl;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
50 listen 127.0.0.1:8080;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
51 server_name localhost;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
52
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
53 ssl_certificate_key localhost.key;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
54 ssl_certificate localhost.crt;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
55 ssl_session_cache shared:SSL:10m;
378
de2f7e86866e Tests: disabled session tickets.
Sergey Kandaurov <pluknet@nginx.com>
parents: 370
diff changeset
56 ssl_session_tickets off;
370
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
57
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
58 location /reuse {
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
59 return 200 "body $ssl_session_reused";
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
60 }
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
61 location /id {
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
62 return 200 "body $ssl_session_id";
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
63 }
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
64 }
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
65 }
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
66
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
67 EOF
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
68
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
69 $t->write_file('openssl.conf', <<EOF);
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
70 [ req ]
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
71 default_bits = 2048
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
72 encrypt_key = no
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
73 distinguished_name = req_distinguished_name
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
74 [ req_distinguished_name ]
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
75 EOF
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
76
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
77 my $d = $t->testdir();
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
78
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
79 foreach my $name ('localhost') {
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
80 system('openssl req -x509 -new '
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
81 . "-config '$d/openssl.conf' -subj '/CN=$name/' "
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
82 . "-out '$d/$name.crt' -keyout '$d/$name.key' "
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
83 . ">>$d/openssl.out 2>&1") == 0
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
84 or die "Can't create certificate for $name: $!\n";
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
85 }
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
86
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
87 my $ctx = new IO::Socket::SSL::SSL_Context(
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
88 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
89 SSL_session_cache_size => 100);
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
90
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
91 $t->run();
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
92
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
93 ###############################################################################
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
94
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
95 like(http_get('/reuse', socket => get_ssl_socket($ctx)), qr/^body \.$/m,
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
96 'initial session');
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
97 like(http_get('/reuse', socket => get_ssl_socket($ctx)), qr/^body r$/m,
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
98 'session reused');
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
99
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
100 my ($sid) = http_get('/id', socket => get_ssl_socket($ctx)) =~ /^body (\w+)$/m;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
101 is(length $sid, 64, 'session id');
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
102
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
103 unlike(http_get('/id'), qr/body \w/, 'session id no ssl');
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
104
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
105 ###############################################################################
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
106
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
107 sub get_ssl_socket {
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
108 my ($ctx) = @_;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
109 my $s;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
110
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
111 eval {
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
112 local $SIG{ALRM} = sub { die "timeout\n" };
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
113 local $SIG{PIPE} = sub { die "sigpipe\n" };
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
114 alarm(2);
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
115 $s = IO::Socket::SSL->new(
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
116 Proto => 'tcp',
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
117 PeerAddr => '127.0.0.1:8443',
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
118 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
119 SSL_reuse_ctx => $ctx,
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
120 SSL_error_trap => sub { die $_[1] }
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
121 );
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
122 alarm(0);
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
123 };
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
124 alarm(0);
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
125
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
126 if ($@) {
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
127 log_in("died: $@");
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
128 return undef;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
129 }
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
130
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
131 return $s;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
132 }
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
133
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
134 ###############################################################################