Mercurial > hg > nginx-tests
annotate stream_ssl_certificate.t @ 1980:d732a96e05df
Tests: logging of certificate subjects instead of issuers.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Sat, 25 May 2024 03:44:55 +0300 |
parents | b5036a0f9ae0 |
children | a095b971fbcc |
rev | line source |
---|---|
1443
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for stream ssl module with dynamic certificates. |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
1863
dbb7561a9441
Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
19 use Test::Nginx::Stream qw/ stream /; |
1443
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 ############################################################################### |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDERR; $| = 1; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 select STDOUT; $| = 1; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 |
1860
58951cf933e1
Tests: added has_feature() test for SSL libraries.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1851
diff
changeset
|
26 my $t = Test::Nginx->new() |
58951cf933e1
Tests: added has_feature() test for SSL libraries.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1851
diff
changeset
|
27 ->has(qw/stream stream_ssl stream_geo stream_return openssl:1.0.2/) |
1863
dbb7561a9441
Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
28 ->has(qw/socket_ssl_sni/) |
1860
58951cf933e1
Tests: added has_feature() test for SSL libraries.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1851
diff
changeset
|
29 ->has_daemon('openssl') |
58951cf933e1
Tests: added has_feature() test for SSL libraries.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1851
diff
changeset
|
30 ->write_file_expand('nginx.conf', <<'EOF'); |
1443
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 %%TEST_GLOBALS%% |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 daemon off; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 events { |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 } |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 stream { |
1609
f3ba4c74de31
Tests: added TEST_GLOBALS_STREAM variable support.
Andrei Belov <defan@nginx.com>
parents:
1535
diff
changeset
|
40 %%TEST_GLOBALS_STREAM%% |
f3ba4c74de31
Tests: added TEST_GLOBALS_STREAM variable support.
Andrei Belov <defan@nginx.com>
parents:
1535
diff
changeset
|
41 |
1443
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 geo $one { |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 default one; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 } |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 geo $two { |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 default two; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 } |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 geo $pass { |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 default pass; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 } |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 ssl_session_cache shared:SSL:1m; |
1836
74cffa9d4c43
Tests: enabled session reuse via TLS session tickets.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1637
diff
changeset
|
55 ssl_session_tickets on; |
1443
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 server { |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 listen 127.0.0.1:8080 ssl; |
1863
dbb7561a9441
Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
59 return $ssl_server_name:$ssl_session_reused:$ssl_protocol; |
1443
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 ssl_certificate $one.crt; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 ssl_certificate_key $one.key; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 } |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 server { |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 listen 127.0.0.1:8083 ssl; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 return $ssl_server_name:$ssl_session_reused; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 # found in key |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 ssl_certificate pass.crt; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 ssl_certificate_key $pass.key; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 ssl_password_file password_file; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 } |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 server { |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 listen 127.0.0.1:8081 ssl; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 return $ssl_server_name:$ssl_session_reused; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 ssl_certificate $one.crt; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 ssl_certificate_key $one.key; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 } |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 server { |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 listen 127.0.0.1:8082 ssl; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 return $ssl_server_name:$ssl_session_reused; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 ssl_certificate $two.crt; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 ssl_certificate_key $two.key; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 } |
1445
889283abadf8
Tests: added basic ssl tests with dynamic certificate not found.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1443
diff
changeset
|
90 |
889283abadf8
Tests: added basic ssl tests with dynamic certificate not found.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1443
diff
changeset
|
91 server { |
889283abadf8
Tests: added basic ssl tests with dynamic certificate not found.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1443
diff
changeset
|
92 listen 127.0.0.1:8084 ssl; |
889283abadf8
Tests: added basic ssl tests with dynamic certificate not found.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1443
diff
changeset
|
93 return $ssl_server_name:$ssl_session_reused; |
889283abadf8
Tests: added basic ssl tests with dynamic certificate not found.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1443
diff
changeset
|
94 |
889283abadf8
Tests: added basic ssl tests with dynamic certificate not found.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1443
diff
changeset
|
95 ssl_certificate $ssl_server_name.crt; |
889283abadf8
Tests: added basic ssl tests with dynamic certificate not found.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1443
diff
changeset
|
96 ssl_certificate_key $ssl_server_name.key; |
889283abadf8
Tests: added basic ssl tests with dynamic certificate not found.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1443
diff
changeset
|
97 } |
1443
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 } |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 EOF |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 $t->write_file('openssl.conf', <<EOF); |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 [ req ] |
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1445
diff
changeset
|
104 default_bits = 2048 |
1443
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 encrypt_key = no |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 distinguished_name = req_distinguished_name |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 [ req_distinguished_name ] |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 EOF |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 my $d = $t->testdir(); |
1974
b5036a0f9ae0
Tests: improved compatibility when using recent "openssl" app.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1966
diff
changeset
|
111 my $tr = `openssl genrsa -help 2>&1` =~ /-traditional/ ? '-traditional' : ''; |
1443
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 foreach my $name ('one', 'two') { |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 system('openssl req -x509 -new ' |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 . "-config $d/openssl.conf -subj /CN=$name/ " |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 . "-out $d/$name.crt -keyout $d/$name.key " |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 . ">>$d/openssl.out 2>&1") == 0 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 or die "Can't create certificate for $name: $!\n"; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 } |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 foreach my $name ('pass') { |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 system("openssl genrsa -out $d/$name.key -passout pass:pass " |
1974
b5036a0f9ae0
Tests: improved compatibility when using recent "openssl" app.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1966
diff
changeset
|
123 . "-aes128 $tr 2048 >>$d/openssl.out 2>&1") == 0 |
1443
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 or die "Can't create $name key: $!\n"; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 system("openssl req -x509 -new -config $d/openssl.conf " |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 . "-subj /CN=$name/ -out $d/$name.crt -key $d/$name.key " |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 . "-passin pass:pass >>$d/openssl.out 2>&1") == 0 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 or die "Can't create $name certificate: $!\n"; |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 } |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
131 $t->write_file('password_file', 'pass'); |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
132 $t->write_file('index.html', ''); |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
133 |
1535
144c6ce732e4
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
134 $t->run()->plan(7); |
1443
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
136 ############################################################################### |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
137 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
138 like(cert('default', 8080), qr/CN=one/, 'default certificate'); |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 like(get('default', 8080), qr/default/, 'default context'); |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
140 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
141 like(get('password', 8083), qr/password/, 'ssl_password_file'); |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
142 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
143 # session reuse |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
144 |
1863
dbb7561a9441
Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
145 my $s = session('default', 8080); |
1443
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
146 |
1863
dbb7561a9441
Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
147 TODO: { |
dbb7561a9441
Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
148 local $TODO = 'no TLSv1.3 sessions, old Net::SSLeay' |
dbb7561a9441
Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
149 if $Net::SSLeay::VERSION < 1.88 && test_tls13(); |
dbb7561a9441
Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
150 local $TODO = 'no TLSv1.3 sessions, old IO::Socket::SSL' |
dbb7561a9441
Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
151 if $IO::Socket::SSL::VERSION < 2.061 && test_tls13(); |
1966
c924ae8d7104
Tests: session reuse handling with Net::SSLeay with LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1868
diff
changeset
|
152 local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)' |
c924ae8d7104
Tests: session reuse handling with Net::SSLeay with LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1868
diff
changeset
|
153 if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13(); |
1863
dbb7561a9441
Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
154 |
dbb7561a9441
Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
155 like(get('default', 8080, $s), qr/default:r/, 'session reused'); |
1851
0351dee227a8
Tests: unbreak tests with dynamic certificates on stable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1836
diff
changeset
|
156 |
0351dee227a8
Tests: unbreak tests with dynamic certificates on stable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1836
diff
changeset
|
157 TODO: { |
0351dee227a8
Tests: unbreak tests with dynamic certificates on stable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1836
diff
changeset
|
158 # ticket key name mismatch prevents session resumption |
0351dee227a8
Tests: unbreak tests with dynamic certificates on stable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1836
diff
changeset
|
159 local $TODO = 'not yet' unless $t->has_version('1.23.2'); |
1868
d570dbcad925
Tests: unbreak tests with IO::Socket:SSL lacking SSL_session_key.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1863
diff
changeset
|
160 local $TODO = 'no SSL_session_key, old IO::Socket::SSL' |
d570dbcad925
Tests: unbreak tests with IO::Socket:SSL lacking SSL_session_key.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1863
diff
changeset
|
161 if $IO::Socket::SSL::VERSION < 1.965; |
1851
0351dee227a8
Tests: unbreak tests with dynamic certificates on stable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1836
diff
changeset
|
162 |
1863
dbb7561a9441
Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
163 like(get('default', 8081, $s), qr/default:r/, 'session id context match'); |
1851
0351dee227a8
Tests: unbreak tests with dynamic certificates on stable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1836
diff
changeset
|
164 |
0351dee227a8
Tests: unbreak tests with dynamic certificates on stable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1836
diff
changeset
|
165 } |
1863
dbb7561a9441
Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
166 } |
1851
0351dee227a8
Tests: unbreak tests with dynamic certificates on stable.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1836
diff
changeset
|
167 |
1863
dbb7561a9441
Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
168 like(get('default', 8082, $s), qr/default:\./, 'session id context distinct'); |
1443
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
169 |
1445
889283abadf8
Tests: added basic ssl tests with dynamic certificate not found.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1443
diff
changeset
|
170 # errors |
889283abadf8
Tests: added basic ssl tests with dynamic certificate not found.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1443
diff
changeset
|
171 |
1863
dbb7561a9441
Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
172 ok(!get('nx', 8084), 'no certificate'); |
1445
889283abadf8
Tests: added basic ssl tests with dynamic certificate not found.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1443
diff
changeset
|
173 |
1443
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
174 ############################################################################### |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
175 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
176 sub get { |
1863
dbb7561a9441
Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
177 my $s = get_socket(@_) || return; |
dbb7561a9441
Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
178 return $s->read(); |
1443
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
179 } |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
180 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
181 sub cert { |
1863
dbb7561a9441
Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
182 my $s = get_socket(@_) || return; |
dbb7561a9441
Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
183 return $s->socket()->dump_peer_certificate(); |
dbb7561a9441
Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
184 } |
dbb7561a9441
Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
185 |
dbb7561a9441
Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
186 sub session { |
dbb7561a9441
Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
187 my $s = get_socket(@_); |
dbb7561a9441
Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
188 $s->read(); |
dbb7561a9441
Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
189 return $s->socket(); |
1443
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
190 } |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
191 |
1863
dbb7561a9441
Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
192 sub get_socket { |
dbb7561a9441
Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
193 my ($host, $port, $ctx) = @_; |
dbb7561a9441
Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
194 return stream( |
dbb7561a9441
Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
195 PeerAddr => '127.0.0.1:' . port($port), |
dbb7561a9441
Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
196 SSL => 1, |
dbb7561a9441
Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
197 SSL_hostname => $host, |
dbb7561a9441
Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
198 SSL_session_cache_size => 100, |
dbb7561a9441
Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
199 SSL_session_key => 1, |
dbb7561a9441
Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
200 SSL_reuse_ctx => $ctx |
dbb7561a9441
Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
201 ); |
dbb7561a9441
Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
202 } |
1443
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
203 |
1863
dbb7561a9441
Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
204 sub test_tls13 { |
dbb7561a9441
Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
205 return get('default', 8080) =~ /TLSv1.3/; |
1443
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
206 } |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
207 |
7c217d343d1e
Tests: ssl tests with dynamic certificates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
208 ############################################################################### |