Mercurial > hg > nginx-tests
annotate stream_proxy_ssl_certificate_vars.t @ 1839:ebc6e5afe597
Tests: fixed proxy_ssl.t with LibreSSL and TLSv1.3.
LibreSSL does not support session reuse with TLSv1.3.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 23 Mar 2023 19:50:08 +0300 |
parents | 55816c5fc861 |
children | 2a0a6035a1af |
rev | line source |
---|---|
1674
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for stream proxy module with variables in ssl certificates. |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 ############################################################################### |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 select STDERR; $| = 1; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDOUT; $| = 1; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 my $t = Test::Nginx->new()->has(qw/stream stream_ssl stream_map http http_ssl/) |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 ->has_daemon('openssl'); |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 $t->write_file_expand('nginx.conf', <<'EOF'); |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 %%TEST_GLOBALS%% |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 daemon off; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 events { |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 } |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 stream { |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 %%TEST_GLOBALS_STREAM%% |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 map $server_port $cert { |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 %%PORT_8082%% 1; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 %%PORT_8083%% 2; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 %%PORT_8084%% 3; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 %%PORT_8085%% ""; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 } |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 proxy_ssl on; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 proxy_ssl_session_reuse off; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 server { |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 listen 127.0.0.1:8082; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 listen 127.0.0.1:8083; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 proxy_pass 127.0.0.1:8080; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 proxy_ssl_certificate $cert.example.com.crt; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 proxy_ssl_certificate_key $cert.example.com.key; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 } |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 server { |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 listen 127.0.0.1:8084; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 proxy_pass 127.0.0.1:8081; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 proxy_ssl_certificate $cert.example.com.crt; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 proxy_ssl_certificate_key $cert.example.com.key; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 proxy_ssl_password_file password; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 } |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 server { |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 listen 127.0.0.1:8085; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 proxy_pass 127.0.0.1:8081; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 proxy_ssl_certificate $cert; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 proxy_ssl_certificate_key $cert; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 } |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 } |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 http { |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 %%TEST_GLOBALS_HTTP%% |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 server { |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 listen 127.0.0.1:8080 ssl; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 server_name localhost; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 ssl_certificate 2.example.com.crt; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 ssl_certificate_key 2.example.com.key; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 ssl_verify_client optional_no_ca; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 ssl_trusted_certificate 1.example.com.crt; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 location / { |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 add_header X-Verify $ssl_client_verify; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 add_header X-Name $ssl_client_s_dn; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 } |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 } |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 server { |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 listen 127.0.0.1:8081 ssl; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 server_name localhost; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 ssl_certificate 1.example.com.crt; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 ssl_certificate_key 1.example.com.key; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 ssl_verify_client optional_no_ca; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 ssl_trusted_certificate 3.example.com.crt; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 location / { |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 add_header X-Verify $ssl_client_verify; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 } |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 } |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 } |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 EOF |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 $t->write_file('openssl.conf', <<EOF); |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 [ req ] |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 default_bits = 2048 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 encrypt_key = no |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 distinguished_name = req_distinguished_name |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 [ req_distinguished_name ] |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 EOF |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 my $d = $t->testdir(); |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 foreach my $name ('1.example.com', '2.example.com') { |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 system('openssl req -x509 -new ' |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 . "-config $d/openssl.conf -subj /CN=$name/ " |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 . "-out $d/$name.crt -keyout $d/$name.key " |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 . ">>$d/openssl.out 2>&1") == 0 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 or die "Can't create certificate for $name: $!\n"; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 } |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
131 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
132 foreach my $name ('3.example.com') { |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
133 system("openssl genrsa -out $d/$name.key -passout pass:$name " |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 . "-aes128 2048 >>$d/openssl.out 2>&1") == 0 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 or die "Can't create private key: $!\n"; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
136 system('openssl req -x509 -new ' |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
137 . "-config $d/openssl.conf -subj /CN=$name/ " |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
138 . "-out $d/$name.crt " |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 . "-key $d/$name.key -passin pass:$name" |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
140 . ">>$d/openssl.out 2>&1") == 0 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
141 or die "Can't create certificate for $name: $!\n"; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
142 } |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
143 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
144 sleep 1 if $^O eq 'MSWin32'; |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
145 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
146 $t->write_file('password', '3.example.com'); |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 $t->write_file('index.html', ''); |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
148 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
149 $t->try_run('no upstream ssl_certificate variables')->plan(4); |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
150 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
151 ############################################################################### |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
152 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
153 like(http_get('/', socket => IO::Socket::INET->new('127.0.0.1:' . port(8082))), |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
154 qr/X-Verify: SUCCESS/ms, 'variable - verify certificate'); |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
155 like(http_get('/', socket => IO::Socket::INET->new('127.0.0.1:' . port(8083))), |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
156 qr/X-Verify: FAILED/ms, 'variable - fail certificate'); |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
157 like(http_get('/', socket => IO::Socket::INET->new('127.0.0.1:' . port(8084))), |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
158 qr/X-Verify: SUCCESS/ms, 'variable - with encrypted key'); |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
159 like(http_get('/', socket => IO::Socket::INET->new('127.0.0.1:' . port(8085))), |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
160 qr/X-Verify: NONE/ms, 'variable - no certificate'); |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
161 |
55816c5fc861
Tests: variables support in certificates to upstream.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
162 ############################################################################### |