Mercurial > hg > nginx-tests
annotate proxy_ssl_certificate_empty.t @ 1855:b3bbde3f806d
Tests: HTTP/2 tests with error_page and return.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Thu, 11 May 2023 15:29:41 +0400 |
parents | 29f4d48b5b31 |
children | 2a0a6035a1af |
rev | line source |
---|---|
1799
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for http proxy module with proxy certificate to ssl backend. |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 # The proxy_ssl_certificate directive empty value cancels inheritance. |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 ############################################################################### |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use warnings; |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 use strict; |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 use Test::More; |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 BEGIN { use FindBin; chdir($FindBin::Bin); } |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use lib 'lib'; |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 use Test::Nginx; |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 ############################################################################### |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDERR; $| = 1; |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 select STDOUT; $| = 1; |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 my $t = Test::Nginx->new()->has(qw/http http_ssl proxy/) |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 ->has_daemon('openssl'); |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 $t->write_file_expand('nginx.conf', <<'EOF'); |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 %%TEST_GLOBALS%% |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 daemon off; |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 events { |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 } |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 http { |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 %%TEST_GLOBALS_HTTP%% |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 server { |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 listen 127.0.0.1:8080; |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 server_name localhost; |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 proxy_ssl_session_reuse off; |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 proxy_ssl_certificate 1.example.com.crt; |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 proxy_ssl_certificate_key 1.example.com.key; |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 location /verify { |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 proxy_pass https://127.0.0.1:8081/; |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 } |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 location /cancel { |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 proxy_pass https://127.0.0.1:8081/; |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 proxy_ssl_certificate ""; |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 proxy_ssl_certificate_key ""; |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 } |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 } |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 server { |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 listen 127.0.0.1:8081 ssl; |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 server_name localhost; |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 ssl_certificate 2.example.com.crt; |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 ssl_certificate_key 2.example.com.key; |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 ssl_verify_client optional; |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 ssl_client_certificate 1.example.com.crt; |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 location / { |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 add_header X-Verify $ssl_client_verify; |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 } |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 } |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 } |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 EOF |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 $t->write_file('openssl.conf', <<EOF); |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 [ req ] |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 default_bits = 2048 |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 encrypt_key = no |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 distinguished_name = req_distinguished_name |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 [ req_distinguished_name ] |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 EOF |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 my $d = $t->testdir(); |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 foreach my $name ('1.example.com', '2.example.com') { |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 system('openssl req -x509 -new ' |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 . "-config $d/openssl.conf -subj /CN=$name/ " |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 . "-out $d/$name.crt -keyout $d/$name.key " |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 . ">>$d/openssl.out 2>&1") == 0 |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 or die "Can't create certificate for $name: $!\n"; |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 } |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 sleep 1 if $^O eq 'MSWin32'; |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 $t->write_file('index.html', ''); |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 $t->try_run('no empty value support')->plan(2); |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 ############################################################################### |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 like(http_get('/verify'), qr/X-Verify: SUCCESS/ms, 'verify certificate'); |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 like(http_get('/cancel'), qr/X-Verify: NONE/ms, 'cancel certificate'); |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 |
29f4d48b5b31
Tests: proxy_ssl_certificate inheritance test with empty value.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 ############################################################################### |