Mercurial > hg > nginx-tests
annotate stream_ssl_alpn.t @ 1866:a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
The http SSL tests which previously used IO::Socket::SSL were converted
to use improved IO::Socket::SSL infrastructure in Test::Nginx.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 18 May 2023 18:07:19 +0300 |
parents | 46351d990aee |
children | 2a0a6035a1af |
rev | line source |
---|---|
1739
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for stream ssl_alpn directive. |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 use Test::Nginx::Stream qw/ stream /; |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 ############################################################################### |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDERR; $| = 1; |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 select STDOUT; $| = 1; |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 |
1858
cdcd75657e52
Tests: added has_feature() tests for IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1744
diff
changeset
|
26 my $t = Test::Nginx->new() |
cdcd75657e52
Tests: added has_feature() tests for IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1744
diff
changeset
|
27 ->has(qw/stream stream_ssl stream_return socket_ssl_alpn/) |
cdcd75657e52
Tests: added has_feature() tests for IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1744
diff
changeset
|
28 ->has_daemon('openssl') |
cdcd75657e52
Tests: added has_feature() tests for IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1744
diff
changeset
|
29 ->write_file_expand('nginx.conf', <<'EOF'); |
1739
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 %%TEST_GLOBALS%% |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 daemon off; |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 events { |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 } |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 stream { |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 %%TEST_GLOBALS_STREAM%% |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 log_format test $status; |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 access_log %%TESTDIR%%/test.log test; |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 ssl_certificate_key localhost.key; |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 ssl_certificate localhost.crt; |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 server { |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 listen 127.0.0.1:8080 ssl; |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 return "X $ssl_alpn_protocol X"; |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 ssl_alpn first second; |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 } |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 } |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 EOF |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 $t->write_file('openssl.conf', <<EOF); |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 [ req ] |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 default_bits = 2048 |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 encrypt_key = no |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 distinguished_name = req_distinguished_name |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 [ req_distinguished_name ] |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 EOF |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 my $d = $t->testdir(); |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 foreach my $name ('localhost') { |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 system('openssl req -x509 -new ' |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 . "-config $d/openssl.conf -subj /CN=$name/ " |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 . "-out $d/$name.crt -keyout $d/$name.key " |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 . ">>$d/openssl.out 2>&1") == 0 |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 or die "Can't create certificate for $name: $!\n"; |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 } |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 $t->try_run('no ssl_alpn')->plan(6); |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 ############################################################################### |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 is(get_ssl('first'), 'X first X', 'alpn match'); |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 is(get_ssl('wrong', 'first'), 'X first X', 'alpn many'); |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 is(get_ssl('wrong', 'second'), 'X second X', 'alpn second'); |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 is(get_ssl(), 'X X', 'no alpn'); |
1743
2318ed01ce53
Tests: skip ALPN rejection tests with too old LibreSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1739
diff
changeset
|
82 |
2318ed01ce53
Tests: skip ALPN rejection tests with too old LibreSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1739
diff
changeset
|
83 SKIP: { |
1860
58951cf933e1
Tests: added has_feature() test for SSL libraries.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
84 skip 'LibreSSL too old', 2 |
58951cf933e1
Tests: added has_feature() test for SSL libraries.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
85 if $t->has_module('LibreSSL') |
58951cf933e1
Tests: added has_feature() test for SSL libraries.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
86 and not $t->has_feature('libressl:3.4.0'); |
58951cf933e1
Tests: added has_feature() test for SSL libraries.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
87 skip 'OpenSSL too old', 2 |
58951cf933e1
Tests: added has_feature() test for SSL libraries.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
88 if $t->has_module('OpenSSL') |
58951cf933e1
Tests: added has_feature() test for SSL libraries.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
89 and not $t->has_feature('openssl:1.1.0'); |
1743
2318ed01ce53
Tests: skip ALPN rejection tests with too old LibreSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1739
diff
changeset
|
90 |
1739
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 ok(!get_ssl('wrong'), 'alpn mismatch'); |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 $t->stop(); |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 like($t->read_file('test.log'), qr/500$/, 'alpn mismatch - log'); |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 |
1743
2318ed01ce53
Tests: skip ALPN rejection tests with too old LibreSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1739
diff
changeset
|
97 } |
2318ed01ce53
Tests: skip ALPN rejection tests with too old LibreSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1739
diff
changeset
|
98 |
1739
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 ############################################################################### |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 sub get_ssl { |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 my (@alpn) = @_; |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 |
1864
46351d990aee
Tests: simplified stream SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
104 my $s = stream( |
46351d990aee
Tests: simplified stream SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
105 PeerAddr => '127.0.0.1:' . port(8080), |
46351d990aee
Tests: simplified stream SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
106 SSL => 1, |
46351d990aee
Tests: simplified stream SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
107 SSL_alpn_protocols => [ @alpn ] |
46351d990aee
Tests: simplified stream SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
108 ); |
1739
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 return $s->read(); |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 } |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 |
f2fe58b4b59f
Tests: ALPN tests in the stream module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 ############################################################################### |