Mercurial > hg > nginx-tests
annotate ssl.t @ 391:915ef26ac6eb
Tests: fix proxy_unfinished.t failures with big buffers.
With newer systems it becomes common to use huge socket buffers, and
the "no proxy temp" test may unexpectedly fail because disk buffering will
not be used. To reduce this possibility, the "listen ... sndbuf=32k" was
added.
Additionally, regular expression was changed to silently allow full
responses.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 15 Apr 2014 22:04:08 +0400 |
parents | de2f7e86866e |
children | 847ea345becb |
rev | line source |
---|---|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for http ssl module. |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 ############################################################################### |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 select STDERR; $| = 1; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDOUT; $| = 1; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 eval { |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 require IO::Socket::SSL; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 }; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 plan(skip_all => 'IO::Socket::SSL not installed') if $@; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite/) |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 ->has_daemon('openssl'); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 plan(skip_all => 'new syntax: "$ssl_session_reused"') |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 unless $t->has_version('1.5.11'); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 $t->plan(4)->write_file_expand('nginx.conf', <<'EOF'); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 %%TEST_GLOBALS%% |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 daemon off; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 events { |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 http { |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 %%TEST_GLOBALS_HTTP%% |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 server { |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 listen 127.0.0.1:8443 ssl; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 listen 127.0.0.1:8080; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 server_name localhost; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 ssl_certificate_key localhost.key; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 ssl_certificate localhost.crt; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 ssl_session_cache shared:SSL:10m; |
378
de2f7e86866e
Tests: disabled session tickets.
Sergey Kandaurov <pluknet@nginx.com>
parents:
370
diff
changeset
|
56 ssl_session_tickets off; |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 location /reuse { |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 return 200 "body $ssl_session_reused"; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 location /id { |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 return 200 "body $ssl_session_id"; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 EOF |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 $t->write_file('openssl.conf', <<EOF); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 [ req ] |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 default_bits = 2048 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 encrypt_key = no |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 distinguished_name = req_distinguished_name |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 [ req_distinguished_name ] |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 EOF |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 my $d = $t->testdir(); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 foreach my $name ('localhost') { |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 system('openssl req -x509 -new ' |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 . "-config '$d/openssl.conf' -subj '/CN=$name/' " |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 . "-out '$d/$name.crt' -keyout '$d/$name.key' " |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 . ">>$d/openssl.out 2>&1") == 0 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 or die "Can't create certificate for $name: $!\n"; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 my $ctx = new IO::Socket::SSL::SSL_Context( |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 SSL_session_cache_size => 100); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 $t->run(); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 ############################################################################### |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 like(http_get('/reuse', socket => get_ssl_socket($ctx)), qr/^body \.$/m, |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 'initial session'); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 like(http_get('/reuse', socket => get_ssl_socket($ctx)), qr/^body r$/m, |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 'session reused'); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 my ($sid) = http_get('/id', socket => get_ssl_socket($ctx)) =~ /^body (\w+)$/m; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 is(length $sid, 64, 'session id'); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 unlike(http_get('/id'), qr/body \w/, 'session id no ssl'); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 ############################################################################### |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 sub get_ssl_socket { |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 my ($ctx) = @_; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 my $s; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 eval { |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 local $SIG{ALRM} = sub { die "timeout\n" }; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 local $SIG{PIPE} = sub { die "sigpipe\n" }; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 alarm(2); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 $s = IO::Socket::SSL->new( |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 Proto => 'tcp', |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 PeerAddr => '127.0.0.1:8443', |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 SSL_reuse_ctx => $ctx, |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 SSL_error_trap => sub { die $_[1] } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 ); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 alarm(0); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 }; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 alarm(0); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 if ($@) { |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 log_in("died: $@"); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 return undef; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
131 return $s; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
132 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
133 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 ############################################################################### |