Mercurial > hg > nginx-tests
annotate ssl_curve.t @ 1999:15f538440a77 default tip
Tests: adjusted proxy_cache_use_stale.t cache validity.
At least the "s-w-r - updating stale" test sometimes fails on slow
hosts due to "stale-while-revalidate=4" being not enough, so the request
returns with the EXPIRED cache status instead of STALE.
Fix is to use larger "stale-while-revalidate=" times where it is not
significant.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Fri, 09 Aug 2024 18:37:25 +0300 |
parents | 2a0a6035a1af |
children |
rev | line source |
---|---|
1749 | 1 #!/usr/bin/perl |
2 | |
3 # (C) Sergey Kandaurov | |
4 # (C) Nginx, Inc. | |
5 | |
6 # Tests for http ssl module, $ssl_curve variable. | |
7 | |
8 ############################################################################### | |
9 | |
10 use warnings; | |
11 use strict; | |
12 | |
13 use Test::More; | |
14 | |
15 BEGIN { use FindBin; chdir($FindBin::Bin); } | |
16 | |
17 use lib 'lib'; | |
18 use Test::Nginx; | |
19 | |
20 ############################################################################### | |
21 | |
22 select STDERR; $| = 1; | |
23 select STDOUT; $| = 1; | |
24 | |
1860
58951cf933e1
Tests: added has_feature() test for SSL libraries.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
25 my $t = Test::Nginx->new() |
1935
6bafe9419126
Tests: allowed ssl_curve.t to run on BoringSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1866
diff
changeset
|
26 ->has(qw/http http_ssl rewrite socket_ssl/) |
1749 | 27 ->has_daemon('openssl'); |
28 | |
29 $t->write_file_expand('nginx.conf', <<'EOF'); | |
30 | |
31 %%TEST_GLOBALS%% | |
32 | |
33 daemon off; | |
34 | |
35 events { | |
36 } | |
37 | |
38 http { | |
39 %%TEST_GLOBALS_HTTP%% | |
40 | |
41 ssl_certificate_key localhost.key; | |
42 ssl_certificate localhost.crt; | |
43 | |
44 ssl_ecdh_curve prime256v1; | |
45 | |
46 server { | |
47 listen 127.0.0.1:8443 ssl; | |
48 server_name localhost; | |
49 | |
50 return 200 "$ssl_curve $ssl_curves"; | |
51 } | |
52 } | |
53 | |
54 EOF | |
55 | |
56 $t->write_file('openssl.conf', <<EOF); | |
57 [ req ] | |
58 default_bits = 2048 | |
59 encrypt_key = no | |
60 distinguished_name = req_distinguished_name | |
61 [ req_distinguished_name ] | |
62 EOF | |
63 | |
64 my $d = $t->testdir(); | |
65 | |
66 foreach my $name ('localhost') { | |
67 system('openssl req -x509 -new ' | |
68 . "-config $d/openssl.conf -subj /CN=$name/ " | |
69 . "-out $d/$name.crt -keyout $d/$name.key " | |
70 . ">>$d/openssl.out 2>&1") == 0 | |
71 or die "Can't create certificate for $name: $!\n"; | |
72 } | |
73 | |
1937
2a0a6035a1af
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1935
diff
changeset
|
74 $t->run()->plan(1); |
1749 | 75 |
76 ############################################################################### | |
77 | |
1935
6bafe9419126
Tests: allowed ssl_curve.t to run on BoringSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1866
diff
changeset
|
78 local $TODO = 'OpenSSL too old' |
6bafe9419126
Tests: allowed ssl_curve.t to run on BoringSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1866
diff
changeset
|
79 unless $t->has_feature('openssl:3.0.0') |
6bafe9419126
Tests: allowed ssl_curve.t to run on BoringSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1866
diff
changeset
|
80 or $t->has_module('BoringSSL'); |
6bafe9419126
Tests: allowed ssl_curve.t to run on BoringSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1866
diff
changeset
|
81 |
1866
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1860
diff
changeset
|
82 like(http_get('/curve', SSL => 1), qr/^prime256v1 /m, 'ssl curve'); |
1749 | 83 |
84 ############################################################################### |