Mercurial > hg > nginx-tests
changeset 1313:cc2f17cd9677
Tests: very basic grpc ssl verify and passphrase tests added.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Fri, 30 Mar 2018 15:28:22 +0300 |
parents | 6f95c0ed2335 |
children | b6d941ff65f4 |
files | grpc_ssl.t |
diffstat | 1 files changed, 24 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/grpc_ssl.t Thu Mar 29 18:38:39 2018 +0300 +++ b/grpc_ssl.t Fri Mar 30 15:28:22 2018 +0300 @@ -53,6 +53,9 @@ ssl_certificate_key localhost.key; ssl_certificate localhost.crt; + ssl_verify_client optional; + ssl_client_certificate client.crt; + http2_max_field_size 128k; http2_max_header_size 128k; http2_body_preread_size 128k; @@ -73,6 +76,13 @@ location / { grpc_pass grpcs://127.0.0.1:8081; + grpc_ssl_name localhost; + grpc_ssl_verify on; + grpc_ssl_trusted_certificate localhost.crt; + + grpc_ssl_certificate client.crt; + grpc_ssl_certificate_key client.key; + grpc_ssl_password_file password; if ($arg_if) { # nothing @@ -109,6 +119,20 @@ or die "Can't create certificate for $name: $!\n"; } +foreach my $name ('client') { + system("openssl genrsa -out $d/$name.key -passout pass:$name " + . "-aes128 1024 >>$d/openssl.out 2>&1") == 0 + or die "Can't create private key: $!\n"; + system('openssl req -x509 -new ' + . "-config $d/openssl.conf -subj /CN=$name/ " + . "-out $d/$name.crt " + . "-key $d/$name.key -passin pass:$name" + . ">>$d/openssl.out 2>&1") == 0 + or die "Can't create certificate for $name: $!\n"; +} + +$t->write_file('password', 'client'); + $t->try_run('no grpc')->plan(33); ###############################################################################