Mercurial > hg > nginx-tests
annotate proxy_ssl.t @ 323:d48de852157c
Tests: auth_request assorted fixes.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Wed, 21 Aug 2013 19:56:00 +0400 |
parents | ad164c14058a |
children | a7d04159e52b |
rev | line source |
---|---|
311
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Nginx, Inc. |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 # Tests for proxy to ssl backend. |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 ############################################################################### |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 use warnings; |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use strict; |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 use Test::More; |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 BEGIN { use FindBin; chdir($FindBin::Bin); } |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 use lib 'lib'; |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use Test::Nginx; |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 ############################################################################### |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 select STDERR; $| = 1; |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 select STDOUT; $| = 1; |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 my $t = Test::Nginx->new()->has(qw/http proxy http_ssl/)->has_daemon('openssl') |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 ->plan(4)->write_file_expand('nginx.conf', <<'EOF'); |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 %%TEST_GLOBALS%% |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 daemon off; |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 events { |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 } |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 http { |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 %%TEST_GLOBALS_HTTP%% |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 server { |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 listen 127.0.0.1:8081 ssl; |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 ssl_certificate_key localhost.key; |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 ssl_certificate localhost.crt; |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 } |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 server { |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 listen 127.0.0.1:8080; |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 server_name localhost; |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 add_header X-Foo ssl; |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 location /ssl_reuse { |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 proxy_pass https://127.0.0.1:8081/; |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 proxy_ssl_session_reuse on; |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 } |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 location /ssl { |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 proxy_pass https://127.0.0.1:8081/; |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 proxy_ssl_session_reuse off; |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 } |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 } |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 } |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 EOF |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 $t->write_file('openssl.conf', <<EOF); |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 [ req ] |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 default_bits = 2048 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 encrypt_key = no |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 distinguished_name = req_distinguished_name |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 [ req_distinguished_name ] |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 EOF |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 $t->write_file('index.html', ''); |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 my $d = $t->testdir(); |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 foreach my $name ('localhost') { |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 system('openssl req -x509 -new ' |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 . "-config '$d/openssl.conf' -subj '/CN=$name/' " |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 . "-out '$d/$name.crt' -keyout '$d/$name.key' " |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 . ">>$d/openssl.out 2>&1") == 0 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 or die "Can't create certificate for $name: $!\n"; |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 } |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 $t->run(); |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 ############################################################################### |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 like(http_get('/ssl'), qr/200 OK.*X-Foo: ssl/ms, 'ssl'); |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 like(http_get('/ssl'), qr/200 OK.*X-Foo: ssl/ms, 'ssl 2'); |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 like(http_get('/ssl_reuse'), qr/200 OK.*X-Foo: ssl/ms, 'ssl reuse session'); |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 like(http_get('/ssl_reuse'), qr/200 OK.*X-Foo: ssl/ms, 'ssl reuse session 2'); |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 |
ad164c14058a
Tests: basic proxy tests to ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 ############################################################################### |