Mercurial > hg > nginx-tests
annotate proxy_ssl_certificate.t @ 1972:f3573393f36f
Tests: guarded ssl_stapling.t for old OpenSSL versions.
Stapling requires the certificate status TLS extension. It is implemented
in OpenSSL 0.9.8h and available if TLS extensions support is explicitly
configured, and by default since 0.9.8j.
To properly test if stapling is available, OpenSSL version is checked,
and SNI availability is checked to ensure TLS extensions support is
compiled in.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 06 May 2024 00:04:22 +0300 |
parents | dbce8fb5f5f8 |
children | b5036a0f9ae0 |
rev | line source |
---|---|
497
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
643
02bb93aebaa5
Tests: minor cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
568
diff
changeset
|
6 # Tests for http proxy module with proxy certificate to ssl backend. |
497
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 # The proxy_ssl_certificate and proxy_ssl_password_file directives. |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 ############################################################################### |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use warnings; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 use strict; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 use Test::More; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 BEGIN { use FindBin; chdir($FindBin::Bin); } |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use lib 'lib'; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 use Test::Nginx; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 ############################################################################### |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDERR; $| = 1; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 select STDOUT; $| = 1; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 my $t = Test::Nginx->new()->has(qw/http http_ssl proxy/) |
568
907e89fba9c3
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
497
diff
changeset
|
27 ->has_daemon('openssl')->plan(5); |
497
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 |
568
907e89fba9c3
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
497
diff
changeset
|
29 $t->write_file_expand('nginx.conf', <<'EOF'); |
497
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 %%TEST_GLOBALS%% |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 daemon off; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 events { |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 } |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 http { |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 %%TEST_GLOBALS_HTTP%% |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
42 listen 127.0.0.1:8080; |
497
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 server_name localhost; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 proxy_ssl_session_reuse off; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 location /verify { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
48 proxy_pass https://127.0.0.1:8081/; |
497
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 proxy_ssl_certificate 1.example.com.crt; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 proxy_ssl_certificate_key 1.example.com.key; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 } |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 location /fail { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
54 proxy_pass https://127.0.0.1:8081/; |
497
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 proxy_ssl_certificate 2.example.com.crt; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 proxy_ssl_certificate_key 2.example.com.key; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 } |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 location /encrypted { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
60 proxy_pass https://127.0.0.1:8082/; |
497
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 proxy_ssl_certificate 3.example.com.crt; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 proxy_ssl_certificate_key 3.example.com.key; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 proxy_ssl_password_file password; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 } |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 } |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
68 listen 127.0.0.1:8081 ssl; |
497
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 server_name localhost; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 ssl_certificate 2.example.com.crt; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 ssl_certificate_key 2.example.com.key; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 ssl_verify_client optional_no_ca; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 ssl_trusted_certificate 1.example.com.crt; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 location / { |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 add_header X-Verify $ssl_client_verify; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 add_header X-Name $ssl_client_s_dn; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 } |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 } |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
84 listen 127.0.0.1:8082 ssl; |
497
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 server_name localhost; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 ssl_certificate 1.example.com.crt; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 ssl_certificate_key 1.example.com.key; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 ssl_verify_client optional_no_ca; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 ssl_trusted_certificate 3.example.com.crt; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 location / { |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 add_header X-Verify $ssl_client_verify; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 } |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 } |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 } |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 EOF |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 $t->write_file('openssl.conf', <<EOF); |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 [ req ] |
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1260
diff
changeset
|
103 default_bits = 2048 |
497
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 encrypt_key = no |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 distinguished_name = req_distinguished_name |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 [ req_distinguished_name ] |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 EOF |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 my $d = $t->testdir(); |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 foreach my $name ('1.example.com', '2.example.com') { |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 system('openssl req -x509 -new ' |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
113 . "-config $d/openssl.conf -subj /CN=$name/ " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
114 . "-out $d/$name.crt -keyout $d/$name.key " |
497
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 . ">>$d/openssl.out 2>&1") == 0 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 or die "Can't create certificate for $name: $!\n"; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 } |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 foreach my $name ('3.example.com') { |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
120 system("openssl genrsa -out $d/$name.key -passout pass:$name " |
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1260
diff
changeset
|
121 . "-aes128 2048 >>$d/openssl.out 2>&1") == 0 |
497
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 or die "Can't create private key: $!\n"; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 system('openssl req -x509 -new ' |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
124 . "-config $d/openssl.conf -subj /CN=$name/ " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
125 . "-out $d/$name.crt " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1140
diff
changeset
|
126 . "-key $d/$name.key -passin pass:$name" |
497
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 . ">>$d/openssl.out 2>&1") == 0 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 or die "Can't create certificate for $name: $!\n"; |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 } |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 |
1260
eadd24ccfda1
Tests: postponed startup in certain ssl certificate tests on win32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1220
diff
changeset
|
131 sleep 1 if $^O eq 'MSWin32'; |
eadd24ccfda1
Tests: postponed startup in certain ssl certificate tests on win32.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1220
diff
changeset
|
132 |
497
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
133 $t->write_file('password', '3.example.com'); |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 $t->write_file('index.html', ''); |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
136 $t->run(); |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
137 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
138 ############################################################################### |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
140 like(http_get('/verify'), qr/X-Verify: SUCCESS/ms, 'verify certificate'); |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
141 like(http_get('/fail'), qr/X-Verify: FAILED/ms, 'fail certificate'); |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
142 like(http_get('/encrypted'), qr/X-Verify: SUCCESS/ms, 'with encrypted key'); |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
143 |
1069
1b11a12be179
Tests: pass both issuer/subject variable formats where appropriate.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1039
diff
changeset
|
144 like(http_get('/verify'), qr!X-Name: /?CN=1.example!, 'valid certificate'); |
1b11a12be179
Tests: pass both issuer/subject variable formats where appropriate.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1039
diff
changeset
|
145 unlike(http_get('/fail'), qr!X-Name: /?CN=1.example!, 'invalid certificate'); |
497
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
146 |
d4330871bfb0
Tests: proxy_ssl_certificate, proxy_ssl_password_file tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 ############################################################################### |