Sergey Kandaurov | b756134 | 2015-04-23 14:01:21 +0300 | [diff] [blame] | 1 | #!/usr/bin/perl |
| 2 | |
| 3 | # (C) Sergey Kandaurov |
| 4 | # (C) Nginx, Inc. |
| 5 | |
| 6 | # Stream tests for proxy to ssl backend. |
| 7 | |
| 8 | ############################################################################### |
| 9 | |
| 10 | use warnings; |
| 11 | use strict; |
| 12 | |
| 13 | use Test::More; |
| 14 | |
| 15 | BEGIN { use FindBin; chdir($FindBin::Bin); } |
| 16 | |
| 17 | use lib 'lib'; |
| 18 | use Test::Nginx; |
Sergey Kandaurov | eec6871 | 2017-07-19 16:21:42 +0300 | [diff] [blame] | 19 | use Test::Nginx::Stream qw/ stream /; |
Sergey Kandaurov | b756134 | 2015-04-23 14:01:21 +0300 | [diff] [blame] | 20 | |
| 21 | ############################################################################### |
| 22 | |
| 23 | select STDERR; $| = 1; |
| 24 | select STDOUT; $| = 1; |
| 25 | |
| 26 | my $t = Test::Nginx->new()->has(qw/stream stream_ssl http http_ssl/) |
Sergey Kandaurov | eec6871 | 2017-07-19 16:21:42 +0300 | [diff] [blame] | 27 | ->has(qw/stream_return/) |
Sergey Kandaurov | 0ebf2bd | 2017-07-20 14:47:59 +0300 | [diff] [blame] | 28 | ->has_daemon('openssl')->plan(6); |
Sergey Kandaurov | b756134 | 2015-04-23 14:01:21 +0300 | [diff] [blame] | 29 | |
| 30 | $t->write_file_expand('nginx.conf', <<'EOF'); |
| 31 | |
| 32 | %%TEST_GLOBALS%% |
| 33 | |
| 34 | daemon off; |
| 35 | |
| 36 | events { |
| 37 | } |
| 38 | |
| 39 | stream { |
| 40 | proxy_ssl on; |
| 41 | proxy_ssl_session_reuse on; |
Sergey Kandaurov | 96fbc06 | 2015-12-07 13:38:52 +0300 | [diff] [blame] | 42 | proxy_connect_timeout 2s; |
Sergey Kandaurov | b756134 | 2015-04-23 14:01:21 +0300 | [diff] [blame] | 43 | |
| 44 | server { |
Sergey Kandaurov | eec6871 | 2017-07-19 16:21:42 +0300 | [diff] [blame] | 45 | listen 127.0.0.1:8081; |
| 46 | proxy_pass 127.0.0.1:8083; |
Sergey Kandaurov | b756134 | 2015-04-23 14:01:21 +0300 | [diff] [blame] | 47 | proxy_ssl_session_reuse off; |
| 48 | } |
| 49 | |
| 50 | server { |
Sergey Kandaurov | eec6871 | 2017-07-19 16:21:42 +0300 | [diff] [blame] | 51 | listen 127.0.0.1:8082; |
| 52 | proxy_pass 127.0.0.1:8083; |
| 53 | } |
| 54 | |
| 55 | server { |
| 56 | listen 127.0.0.1:8083 ssl; |
| 57 | return $ssl_session_reused; |
| 58 | |
| 59 | ssl_certificate_key localhost.key; |
| 60 | ssl_certificate localhost.crt; |
| 61 | ssl_session_cache builtin; |
| 62 | } |
| 63 | |
| 64 | server { |
| 65 | listen 127.0.0.1:8080; |
| 66 | proxy_pass 127.0.0.1:8084; |
Sergey Kandaurov | b756134 | 2015-04-23 14:01:21 +0300 | [diff] [blame] | 67 | } |
| 68 | } |
| 69 | |
| 70 | http { |
| 71 | %%TEST_GLOBALS_HTTP%% |
| 72 | |
| 73 | server { |
Sergey Kandaurov | eec6871 | 2017-07-19 16:21:42 +0300 | [diff] [blame] | 74 | listen 127.0.0.1:8084 ssl; |
Sergey Kandaurov | b756134 | 2015-04-23 14:01:21 +0300 | [diff] [blame] | 75 | server_name localhost; |
| 76 | |
| 77 | ssl_certificate_key localhost.key; |
| 78 | ssl_certificate localhost.crt; |
Sergey Kandaurov | b756134 | 2015-04-23 14:01:21 +0300 | [diff] [blame] | 79 | } |
| 80 | } |
| 81 | |
| 82 | EOF |
| 83 | |
| 84 | $t->write_file('openssl.conf', <<EOF); |
| 85 | [ req ] |
Sergey Kandaurov | 571b1a5 | 2019-07-09 13:37:55 +0300 | [diff] [blame] | 86 | default_bits = 2048 |
Sergey Kandaurov | b756134 | 2015-04-23 14:01:21 +0300 | [diff] [blame] | 87 | encrypt_key = no |
| 88 | distinguished_name = req_distinguished_name |
| 89 | [ req_distinguished_name ] |
| 90 | EOF |
| 91 | |
| 92 | $t->write_file('index.html', ''); |
| 93 | |
| 94 | my $d = $t->testdir(); |
| 95 | |
| 96 | foreach my $name ('localhost') { |
| 97 | system('openssl req -x509 -new ' |
Sergey Kandaurov | 2225e6e | 2017-09-20 14:46:51 +0300 | [diff] [blame] | 98 | . "-config $d/openssl.conf -subj /CN=$name/ " |
| 99 | . "-out $d/$name.crt -keyout $d/$name.key " |
Sergey Kandaurov | b756134 | 2015-04-23 14:01:21 +0300 | [diff] [blame] | 100 | . ">>$d/openssl.out 2>&1") == 0 |
| 101 | or die "Can't create certificate for $name: $!\n"; |
| 102 | } |
| 103 | |
| 104 | $t->run(); |
| 105 | |
| 106 | ############################################################################### |
| 107 | |
Sergey Kandaurov | eec6871 | 2017-07-19 16:21:42 +0300 | [diff] [blame] | 108 | is(stream('127.0.0.1:' . port(8081))->read(), '.', 'ssl'); |
| 109 | is(stream('127.0.0.1:' . port(8081))->read(), '.', 'ssl 2'); |
Sergey Kandaurov | b756134 | 2015-04-23 14:01:21 +0300 | [diff] [blame] | 110 | |
Sergey Kandaurov | eec6871 | 2017-07-19 16:21:42 +0300 | [diff] [blame] | 111 | is(stream('127.0.0.1:' . port(8082))->read(), '.', 'ssl session new'); |
| 112 | is(stream('127.0.0.1:' . port(8082))->read(), 'r', 'ssl session reused'); |
Sergey Kandaurov | 0ebf2bd | 2017-07-20 14:47:59 +0300 | [diff] [blame] | 113 | is(stream('127.0.0.1:' . port(8082))->read(), 'r', 'ssl session reused 2'); |
Sergey Kandaurov | b756134 | 2015-04-23 14:01:21 +0300 | [diff] [blame] | 114 | |
Sergey Kandaurov | 275abbd | 2015-10-05 13:19:45 +0300 | [diff] [blame] | 115 | my $s = http('', start => 1); |
| 116 | |
Sergey Kandaurov | 96fbc06 | 2015-12-07 13:38:52 +0300 | [diff] [blame] | 117 | sleep 3; |
Sergey Kandaurov | 275abbd | 2015-10-05 13:19:45 +0300 | [diff] [blame] | 118 | |
Sergey Kandaurov | 4d1635d | 2015-10-07 18:56:09 +0300 | [diff] [blame] | 119 | like(http_get('/', socket => $s), qr/200 OK/, 'proxy connect timeout'); |
Sergey Kandaurov | 275abbd | 2015-10-05 13:19:45 +0300 | [diff] [blame] | 120 | |
Sergey Kandaurov | b756134 | 2015-04-23 14:01:21 +0300 | [diff] [blame] | 121 | ############################################################################### |