@@ -5,7 +5,7 @@ use Test::Nginx::Socket::Lua;
55
66repeat_each(2 );
77
8- plan tests => repeat_each() * (blocks() * 7 + 2 );
8+ plan tests => repeat_each() * (blocks() * 7 );
99
1010$ ENV {TEST_NGINX_HTML_DIR} ||= html_dir();
1111
@@ -2351,3 +2351,199 @@ SSL reused session
23512351[alert]
23522352--- timeout: 3
23532353
2354+
2355+
2356+ === TEST 30: unix domain ssl cosocket (verify cert but no host name check, passed)
2357+ --- http_config
2358+ server {
2359+ listen unix: $ TEST_NGINX_HTML_DIR / nginx. sock ssl;
2360+ server_name test. com;
2361+ ssl_certificate .. / html/ test. crt;
2362+ ssl_certificate_key .. / html/ test. key ;
2363+
2364+ server_tokens off;
2365+ location / foo {
2366+ default_type ' text/plain'
2367+ content_by_lua ' ngx.status = 201 ngx.say("foo") ngx.exit(201)'
2368+ more_clear_headers Date ;
2369+ }
2370+ }
2371+ --- config
2372+ server_tokens off;
2373+ resolver $ TEST_NGINX_RESOLVER
2374+ lua_ssl_trusted_certificate ../html/test.crt;
2375+
2376+ location /t {
2377+ # set $port 5000;
2378+ set $ port $ TEST_NGINX_MEMCACHED_PORT ;
2379+
2380+ content_by_lua '
2381+ do
2382+ local sock = ngx.socket.tcp()
2383+ local ok, err = sock:connect("unix:$TEST_NGINX_HTML_DIR/nginx.sock")
2384+ if not ok then
2385+ ngx.say("failed to connect: ", err)
2386+ return
2387+ end
2388+
2389+ ngx.say("connected: ", ok)
2390+
2391+ local sess, err = sock:sslhandshake(nil, nil, true)
2392+ if not sess then
2393+ ngx.say("failed to do SSL handshake: ", err)
2394+ return
2395+ end
2396+
2397+ ngx.say("ssl handshake: ", type(sess))
2398+
2399+ local req = "GET /foo HTTP/1.0\\ r\\ nHost: test.com\\ r\\ nConnection: close\\ r\\ n\\ r\\ n"
2400+ local bytes, err = sock:send(req)
2401+ if not bytes then
2402+ ngx.say("failed to send http request: ", err)
2403+ return
2404+ end
2405+
2406+ ngx.say("sent http request: ", bytes, " bytes.")
2407+
2408+ while true do
2409+ local line, err = sock:receive()
2410+ if not line then
2411+ -- ngx.say("failed to recieve response status line: ", err)
2412+ break
2413+ end
2414+
2415+ ngx.say("received: ", line)
2416+ end
2417+
2418+ local ok, err = sock:close()
2419+ ngx.say("close: ", ok, " ", err)
2420+ end -- do
2421+ collectgarbage()
2422+ ' ;
2423+ }
2424+
2425+ --- request
2426+ GET /t
2427+ --- response_body
2428+ connected: 1
2429+ ssl handshake: userdata
2430+ sent http request: 56 bytes.
2431+ received: HTTP/1.1 201 Created
2432+ received: Server: nginx
2433+ received: Content-Type: text/plain
2434+ received: Content-Length: 4
2435+ received: Connection: close
2436+ received:
2437+ received: foo
2438+ close: 1 nil
2439+
2440+ --- user_files eval
2441+ " >>> test. key
2442+ $::TestCertificateKey
2443+ >>> test. crt
2444+ $::TestCertificate"
2445+
2446+ --- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
2447+ --- grep_error_log_out eval
2448+ qr/^lua ssl save session: ([0-9A-F]+):2
2449+ lua ssl free session: ([0-9A-F]+):1
2450+ $/
2451+ --- error_log
2452+ --- no_error_log
2453+ SSL reused session
2454+ [error]
2455+ [alert]
2456+ --- timeout: 3
2457+
2458+
2459+
2460+ === TEST 31: unix domain ssl cosocket (verify cert but no host name check, NOT passed)
2461+ --- http_config
2462+ server {
2463+ listen unix: $ TEST_NGINX_HTML_DIR / nginx. sock ssl;
2464+ server_name test. com;
2465+ ssl_certificate .. / html/ test. crt;
2466+ ssl_certificate_key .. / html/ test. key ;
2467+
2468+ server_tokens off;
2469+ location / foo {
2470+ default_type ' text/plain'
2471+ content_by_lua ' ngx.status = 201 ngx.say("foo") ngx.exit(201)'
2472+ more_clear_headers Date ;
2473+ }
2474+ }
2475+ --- config
2476+ server_tokens off;
2477+ resolver $ TEST_NGINX_RESOLVER
2478+ #lua_ssl_trusted_certificate ../html/test.crt;
2479+
2480+ location /t {
2481+ # set $port 5000;
2482+ set $ port $ TEST_NGINX_MEMCACHED_PORT ;
2483+
2484+ content_by_lua '
2485+ do
2486+ local sock = ngx.socket.tcp()
2487+ local ok, err = sock:connect("unix:$TEST_NGINX_HTML_DIR/nginx.sock")
2488+ if not ok then
2489+ ngx.say("failed to connect: ", err)
2490+ return
2491+ end
2492+
2493+ ngx.say("connected: ", ok)
2494+
2495+ local sess, err = sock:sslhandshake(nil, nil, true)
2496+ if not sess then
2497+ ngx.say("failed to do SSL handshake: ", err)
2498+ return
2499+ end
2500+
2501+ ngx.say("ssl handshake: ", type(sess))
2502+
2503+ local req = "GET /foo HTTP/1.0\\ r\\ nHost: test.com\\ r\\ nConnection: close\\ r\\ n\\ r\\ n"
2504+ local bytes, err = sock:send(req)
2505+ if not bytes then
2506+ ngx.say("failed to send http request: ", err)
2507+ return
2508+ end
2509+
2510+ ngx.say("sent http request: ", bytes, " bytes.")
2511+
2512+ while true do
2513+ local line, err = sock:receive()
2514+ if not line then
2515+ -- ngx.say("failed to recieve response status line: ", err)
2516+ break
2517+ end
2518+
2519+ ngx.say("received: ", line)
2520+ end
2521+
2522+ local ok, err = sock:close()
2523+ ngx.say("close: ", ok, " ", err)
2524+ end -- do
2525+ collectgarbage()
2526+ ' ;
2527+ }
2528+
2529+ --- request
2530+ GET /t
2531+ --- response_body
2532+ connected: 1
2533+ failed to do SSL handshake: 18: self signed certificate
2534+
2535+ --- user_files eval
2536+ " >>> test. key
2537+ $::TestCertificateKey
2538+ >>> test. crt
2539+ $::TestCertificate"
2540+
2541+ --- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
2542+ --- grep_error_log_out
2543+ --- error_log
2544+ lua ssl certificate verify error: (18: self signed certificate)
2545+ --- no_error_log
2546+ SSL reused session
2547+ [alert]
2548+ --- timeout: 3
2549+
0 commit comments