Tests: fixed stream_proxy_ssl_conf_command.t on win32.
The backend is adjusted to always emit "subject DN" of the client certificate,
same as in proxy_ssl_conf_command.t. This eliminates occasional test failures
seen due to SSL verification errors for the reason outlined in eadd24ccfda1,
while avoiding to insert an extra startup delay.
diff --git a/stream_proxy_ssl_conf_command.t b/stream_proxy_ssl_conf_command.t
index 3ecf2a2..542d9a2 100644
--- a/stream_proxy_ssl_conf_command.t
+++ b/stream_proxy_ssl_conf_command.t
@@ -16,14 +16,13 @@
use lib 'lib';
use Test::Nginx;
-use Test::Nginx::Stream qw/ stream /;
###############################################################################
select STDERR; $| = 1;
select STDOUT; $| = 1;
-my $t = Test::Nginx->new()->has(qw/stream stream_ssl stream_return/)
+my $t = Test::Nginx->new()->has(qw/stream stream_ssl http http_ssl/)
->has_daemon('openssl');
$t->{_configure_args} =~ /OpenSSL ([\d\.]+)/;
@@ -52,14 +51,20 @@
proxy_ssl_conf_command Certificate override.crt;
proxy_ssl_conf_command PrivateKey override.key;
}
+}
+
+http {
+ %%TEST_GLOBALS_HTTP%%
server {
listen 127.0.0.1:8081 ssl;
- return $ssl_client_s_dn;
+ server_name localhost;
ssl_certificate localhost.crt;
ssl_certificate_key localhost.key;
ssl_verify_client optional_no_ca;
+
+ add_header X-Cert $ssl_client_s_dn always;
}
}
@@ -88,7 +93,6 @@
###############################################################################
-like(stream('127.0.0.1:' . port(8080))->read(), qr/CN=override/,
- 'Certificate');
+like(http_get('/'), qr/CN=override/, 'proxy_ssl_conf_command');
###############################################################################