Skip to content

Commit

Permalink
update test cases
Browse files Browse the repository at this point in the history
  • Loading branch information
AlinsRan committed Jul 31, 2023
1 parent 5d385be commit dd8bfd4
Show file tree
Hide file tree
Showing 5 changed files with 32 additions and 62 deletions.
1 change: 1 addition & 0 deletions apisix/init.lua
Original file line number Diff line number Diff line change
Expand Up @@ -211,6 +211,7 @@ function _M.http_ssl_protocols_phase()
if err then
core.log.error("failed to fetch ssl config: ", err)
end
core.log.error("failed to find any SSL certificate by SNI: ", sni)
ngx_exit(-1)
end

Expand Down
1 change: 1 addition & 0 deletions ci/common.sh
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ export_or_prefix() {
export OPENRESTY_PREFIX="/usr/local/openresty-debug"
export APISIX_MAIN="https://raw.githubusercontent.com/apache/incubator-apisix/master/rockspec/apisix-master-0.rockspec"
export PATH=$OPENRESTY_PREFIX/nginx/sbin:$OPENRESTY_PREFIX/luajit/bin:$OPENRESTY_PREFIX/bin:$PATH
export OPENSSL111_BIN=$OPENRESTY_PREFIX/openssl111/bin/openssl
}

create_lua_deps() {
Expand Down
12 changes: 7 additions & 5 deletions ci/linux-install-openresty.sh
Original file line number Diff line number Diff line change
Expand Up @@ -24,12 +24,7 @@ if [[ $ARCH == "arm64" ]] || [[ $ARCH == "aarch64" ]]; then
fi

wget -qO - https://openresty.org/package/pubkey.gpg | sudo apt-key add -
sudo apt-get -y update --fix-missing
sudo apt-get -y install software-properties-common
sudo add-apt-repository -y "deb https://openresty.org/package/${arch_path}ubuntu $(lsb_release -sc) main"

sudo apt-get update

abt_branch=${abt_branch:="master"}

COMPILE_OPENSSL3=${COMPILE_OPENSSL3-no}
Expand All @@ -38,6 +33,13 @@ OPENSSL3_PREFIX=${OPENSSL3_PREFIX-/home/runner}
SSL_LIB_VERSION=${SSL_LIB_VERSION-openssl}

if [ "$OPENRESTY_VERSION" == "source" ]; then
export openssl_prefix=$OPENRESTY_PREFIX/openssl111
export zlib_prefix=$OPENRESTY_PREFIX/zlib
export pcre_prefix=$OPENRESTY_PREFIX/pcre

export cc_opt="-DNGX_LUA_ABORT_AT_PANIC -I${zlib_prefix}/include -I${pcre_prefix}/include -I${openssl_prefix}/include"
export ld_opt="-L${zlib_prefix}/lib -L${pcre_prefix}/lib -L${openssl_prefix}/lib -Wl,-rpath,${zlib_prefix}/lib:${pcre_prefix}/lib:${openssl_prefix}/lib"

if [ "$COMPILE_OPENSSL3" == "yes" ]; then
apt install -y build-essential
git clone https://github.com/openssl/openssl
Expand Down
1 change: 1 addition & 0 deletions t/APISIX.pm
Original file line number Diff line number Diff line change
Expand Up @@ -267,6 +267,7 @@ env ENABLE_ETCD_AUTH;
env APISIX_PROFILE;
env PATH; # for searching external plugin runner's binary
env TEST_NGINX_HTML_DIR;
env OPENSSL111_BIN;
_EOC_


Expand Down
79 changes: 22 additions & 57 deletions t/node/ssl-protocols.t
Original file line number Diff line number Diff line change
Expand Up @@ -14,14 +14,22 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
use t::APISIX 'no_plan';
use t::APISIX;

repeat_each(1);
log_level('info');
no_root_location();
no_shuffle();

$ENV{TEST_NGINX_HTML_DIR} ||= html_dir();
my $openssl_bin = $ENV{OPENSSL111_BIN};
if (! -x $openssl_bin) {
$ENV{OPENSSL111_BIN} = '/usr/local/openresty/openssl111/bin/openssl';
if (! -x $ENV{OPENSSL111_BIN}) {
plan(skip_all => "openssl111 not installed");
}
}

plan('no_plan');

add_block_preprocessor(sub {
my ($block) = @_;
Expand Down Expand Up @@ -120,9 +128,9 @@ passed
=== TEST 3: Successfully, access test.com with TLSv1.3
--- exec
curl -k -v --tls-max 1.3 --tlsv1.3 --resolve "test.com:1994:127.0.0.1" https://test.com:1994/hello 2>&1 | cat
echo -n "Q" | $OPENSSL111_BIN s_client -connect 127.0.0.1:1994 -servername test.com -tls1_3 2>&1 | cat
--- response_body eval
qr/TLSv1\.3 \(IN\), TLS handshake, Server hello(?s).*hello world/
qr/Server certificate/
Expand All @@ -136,9 +144,9 @@ qr/TLSv1\.2 \(IN\), TLS handshake, Server hello(?s).*hello world/
=== TEST 5: Successfully, access test.com with TLSv1.1
--- exec
curl -k -v --tls-max 1.1 --tlsv1.1 --resolve "test.com:1994:127.0.0.1" https://test.com:1994/hello 2>&1 | cat
echo -n "Q" | $OPENSSL111_BIN s_client -connect 127.0.0.1:1994 -servername test.com -tls1_1 2>&1 | cat
--- response_body eval
qr/TLSv1\.1 \(IN\), TLS handshake, Server hello(?s).*hello world/
qr/Server certificate/
Expand Down Expand Up @@ -211,9 +219,9 @@ GET /t
=== TEST 8: Successfully, access test.com with TLSv1.3
--- exec
curl -k -v --tls-max 1.3 --tlsv1.3 --resolve "test.com:1994:127.0.0.1" https://test.com:1994/hello 2>&1 | cat
echo -n "Q" | $OPENSSL111_BIN s_client -connect 127.0.0.1:1994 -servername test.com -tls1_3 2>&1 | cat
--- response_body eval
qr/TLSv1\.3 \(IN\), TLS handshake, Server hello(?s).*hello world/
qr/Server certificate/
Expand All @@ -227,9 +235,9 @@ qr/TLSv1\.2 \(IN\), TLS handshake, Server hello(?s).*hello world/
=== TEST 10: Successfully, access test2.com with TLSv1.3
--- exec
curl -k -v --tls-max 1.3 --tlsv1.3 --resolve "test2.com:1994:127.0.0.1" https://test2.com:1994/hello 2>&1 | cat
echo -n "Q" | $OPENSSL111_BIN s_client -connect 127.0.0.1:1994 -servername test2.com -tls1_3 2>&1 | cat
--- response_body eval
qr/TLSv1\.3 \(IN\), TLS handshake, Server hello(?s).*hello world/
qr/Server certificate/
Expand Down Expand Up @@ -277,57 +285,14 @@ passed
=== TEST 13: Successfully, access test.com with TLSv1.1
--- exec
curl -k -v --tls-max 1.1 --tlsv1.1 --resolve "test.com:1994:127.0.0.1" https://test.com:1994/hello 2>&1 | cat
echo -n "Q" | $OPENSSL111_BIN s_client -connect 127.0.0.1:1994 -servername test.com -tls1_1 2>&1 | cat
--- response_body eval
qr/TLSv1\.1 \(IN\), TLS handshake, Server hello(?s).*hello world/
qr/Server certificate/
=== TEST 14: Failed, access test.com with TLSv1.3
--- exec
curl -k -v --tls-max 1.3 --tlsv1.3 --resolve "test.com:1994:127.0.0.1" https://test.com:1994/hello 2>&1 | cat
echo -n "Q" | $OPENSSL111_BIN s_client -connect 127.0.0.1:1994 -servername test.com -tls1_3 2>&1 | cat
--- response_body eval
qr/TLSv1\.3 \(IN\), TLS alert/
=== TEST 15: hello
--- config
listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
location /t {
content_by_lua_block {
do
local sock = ngx.socket.tcp()
local ssl = require "ssl"
sock:settimeout(2000)
local ok, err = sock:connect("unix:$TEST_NGINX_HTML_DIR/nginx.sock")
if not ok then
ngx.say("failed to connect: ", err)
return
end
local params = {
mode = "client",
protocol = "tlsv1_3",
verify = "none",
options = "all",
}
local sec_sock = ssl.wrap(sock, params)
local sess, err = sec_sock:dohandshake()
if not sess then
ngx.say("failed to do SSL handshake: ", err)
return
end
ngx.say("ssl handshake: ", sess ~= nil)
end -- do
-- collectgarbage()
}
}
--- request
GET /t
--- response_body
ssl handshake: true
qr/tlsv1 alert/

0 comments on commit dd8bfd4

Please sign in to comment.