@@ -3034,3 +3034,183 @@ func TestAnalyze_auth_require(t *testing.T) {
30343034 })
30353035 }
30363036}
3037+
3038+ func TestAnalyze_ssl_ocsp (t * testing.T ) {
3039+
3040+ t .Parallel ()
3041+ testcases := map [string ]struct {
3042+ stmt * Directive
3043+ ctx []blockCtx
3044+ matchFunc MatchFunc
3045+ wantErr bool
3046+ }{
3047+ "ssl_ocsp ok in OS 1.24" : {
3048+ & Directive {
3049+ Directive : "ssl_ocsp" ,
3050+ Args : []string {"leaf" },
3051+ Line : 5 ,
3052+ },
3053+ []blockCtx {{"http" }, {"http" , "server" }},
3054+ MatchOss124 ,
3055+ false ,
3056+ },
3057+ "ssl_ocsp ok in OS 1.26" : {
3058+ & Directive {
3059+ Directive : "ssl_ocsp" ,
3060+ Args : []string {"leaf" },
3061+ Line : 5 ,
3062+ },
3063+ []blockCtx {{"http" }, {"http" , "server" }},
3064+ MatchOss126 ,
3065+ false ,
3066+ },
3067+ "ssl_ocsp ok in OS latest" : {
3068+ & Directive {
3069+ Directive : "ssl_ocsp" ,
3070+ Args : []string {"leaf" },
3071+ Line : 5 ,
3072+ },
3073+ []blockCtx {{"http" }, {"http" , "server" }, {"stream" }, {"stream" , "server" }},
3074+ MatchOssLatest ,
3075+ false ,
3076+ },
3077+ "ssl_ocsp ok in R30" : {
3078+ & Directive {
3079+ Directive : "ssl_ocsp" ,
3080+ Args : []string {"leaf" },
3081+ Line : 5 ,
3082+ },
3083+ []blockCtx {{"http" }, {"http" , "server" }},
3084+ MatchNginxPlusR30 ,
3085+ false ,
3086+ },
3087+ "ssl_ocsp ok in R31" : {
3088+ & Directive {
3089+ Directive : "ssl_ocsp" ,
3090+ Args : []string {"leaf" },
3091+ Line : 5 ,
3092+ },
3093+ []blockCtx {{"http" }, {"http" , "server" }},
3094+ MatchNginxPlusR31 ,
3095+ false ,
3096+ },
3097+ "ssl_ocsp ok in R33" : {
3098+ & Directive {
3099+ Directive : "ssl_ocsp" ,
3100+ Args : []string {"leaf" },
3101+ Line : 5 ,
3102+ },
3103+ []blockCtx {{"http" }, {"http" , "server" }, {"stream" }, {"stream" , "server" }},
3104+ MatchNginxPlusR33 ,
3105+ false ,
3106+ },
3107+ "ssl_ocsp ok in R34" : {
3108+ & Directive {
3109+ Directive : "ssl_ocsp" ,
3110+ Args : []string {"leaf" },
3111+ Line : 5 ,
3112+ },
3113+ []blockCtx {{"http" }, {"http" , "server" }, {"stream" }, {"stream" , "server" }},
3114+ MatchNginxPlusR34 ,
3115+ false ,
3116+ },
3117+ "ssl_ocsp ok in R35" : {
3118+ & Directive {
3119+ Directive : "ssl_ocsp" ,
3120+ Args : []string {"leaf" },
3121+ Line : 5 ,
3122+ },
3123+ []blockCtx {{"http" }, {"http" , "server" }, {"stream" }, {"stream" , "server" }},
3124+ MatchNginxPlusR35 ,
3125+ false ,
3126+ },
3127+ "ssl_ocsp ok in Plus latest" : {
3128+ & Directive {
3129+ Directive : "ssl_ocsp" ,
3130+ Args : []string {"leaf" },
3131+ Line : 5 ,
3132+ },
3133+ []blockCtx {{"http" }, {"http" , "server" }, {"stream" }, {"stream" , "server" }},
3134+ MatchNginxPlusLatest ,
3135+ false ,
3136+ },
3137+ "ssl_ocsp not ok in OS 1.24 wrong context" : {
3138+ & Directive {
3139+ Directive : "ssl_ocsp" ,
3140+ Args : []string {"leaf" },
3141+ Line : 5 ,
3142+ },
3143+ []blockCtx {{"stream" }, {"stream" , "server" }},
3144+ MatchOss124 ,
3145+ true ,
3146+ },
3147+ "ssl_ocsp not ok in OS 1.26 wrong context" : {
3148+ & Directive {
3149+ Directive : "ssl_ocsp" ,
3150+ Args : []string {"leaf" },
3151+ Line : 5 ,
3152+ },
3153+ []blockCtx {{"stream" }, {"stream" , "server" }},
3154+ MatchOss126 ,
3155+ true ,
3156+ },
3157+ "ssl_ocsp not ok in OS latest wrong parameters" : {
3158+ & Directive {
3159+ Directive : "ssl_ocsp" ,
3160+ Args : []string {"on" , "leaf" },
3161+ Line : 5 ,
3162+ },
3163+ []blockCtx {{"http" }, {"http" , "server" }, {"stream" }, {"stream" , "server" }},
3164+ MatchOssLatest ,
3165+ true ,
3166+ },
3167+ "ssl_ocsp not ok in Plus R30 wrong context" : {
3168+ & Directive {
3169+ Directive : "ssl_ocsp" ,
3170+ Args : []string {"leaf" },
3171+ Line : 5 ,
3172+ },
3173+ []blockCtx {{"stream" }, {"stream" , "server" }},
3174+ MatchNginxPlusR30 ,
3175+ true ,
3176+ },
3177+ "ssl_ocsp not ok in Plus R31 wrong context" : {
3178+ & Directive {
3179+ Directive : "ssl_ocsp" ,
3180+ Args : []string {"leaf" },
3181+ Line : 5 ,
3182+ },
3183+ []blockCtx {{"stream" }, {"stream" , "server" }},
3184+ MatchNginxPlusR31 ,
3185+ true ,
3186+ },
3187+ "ssl_ocsp not ok in Plus latest wrong parameters" : {
3188+ & Directive {
3189+ Directive : "ssl_ocsp" ,
3190+ Args : []string {"on" , "leaf" },
3191+ Line : 5 ,
3192+ },
3193+ []blockCtx {{"stream" }, {"stream" , "server" }},
3194+ MatchNginxPlusLatest ,
3195+ true ,
3196+ },
3197+ }
3198+
3199+ for name , tc := range testcases {
3200+ t .Run (name , func (t * testing.T ) {
3201+ for _ , ctx := range tc .ctx {
3202+ err := analyze ("nginx.conf" , tc .stmt , ";" , ctx , & ParseOptions {
3203+ DirectiveSources : []MatchFunc {tc .matchFunc },
3204+ })
3205+
3206+ if ! tc .wantErr && err != nil {
3207+ t .Fatal (err )
3208+ }
3209+
3210+ if tc .wantErr && err == nil {
3211+ t .Fatal ("expected error, got nil" )
3212+ }
3213+ }
3214+ })
3215+ }
3216+ }
0 commit comments