diff options
author | Eric Wong <normalperson@yhbt.net> | 2011-09-07 00:36:58 +0000 |
---|---|---|
committer | Eric Wong <normalperson@yhbt.net> | 2011-09-15 21:37:40 +0000 |
commit | ac346b5abcfa6253bd792091e5fb011774c40d49 (patch) | |
tree | b304b96f42c3ba2cde396de8ed626754ae9d78cc /t | |
parent | b48c6659b294b37f2c6ff3e75c1c9245522d48d1 (diff) | |
download | unicorn-ac346b5abcfa6253bd792091e5fb011774c40d49.tar.gz |
This will also be the foundation of SSL support in Rainbows! and Zbatery. Some users may also want to use this in Unicorn on LANs to meet certain security/auditing requirements. Of course, Nightmare! (in whatever form) should also be able to use it.
Diffstat (limited to 't')
-rw-r--r-- | t/.gitignore | 2 | ||||
-rwxr-xr-x | t/sslgen.sh | 63 | ||||
-rwxr-xr-x | t/t0600-https-server-basic.sh | 48 |
3 files changed, 113 insertions, 0 deletions
diff --git a/t/.gitignore b/t/.gitignore index a0c1c36..2312321 100644 --- a/t/.gitignore +++ b/t/.gitignore @@ -1,2 +1,4 @@ /random_blob /.dep+* +/*.crt +/*.key diff --git a/t/sslgen.sh b/t/sslgen.sh new file mode 100755 index 0000000..3fd070a --- /dev/null +++ b/t/sslgen.sh @@ -0,0 +1,63 @@ +#!/bin/sh +set -e +set -x + +certinfo() { + echo US + echo Hell + echo A Very Special Place + echo Monkeys + echo Poo-Flingers + echo 127.0.0.1 + echo kgio@bogomips.org +} + +certinfo2() { + certinfo + echo + echo +} + +ca_certinfo () { + echo US + echo Hell + echo An Even More Special Place + echo Deranged Monkeys + echo Poo-Hurlers + echo 127.6.6.6 + echo unicorn@bogomips.org +} + +openssl genrsa -out ca.key 512 +ca_certinfo | openssl req -new -x509 -days 666 -key ca.key -out ca.crt + +openssl genrsa -out bad-ca.key 512 +ca_certinfo | openssl req -new -x509 -days 666 -key bad-ca.key -out bad-ca.crt + +openssl genrsa -out server.key 512 +certinfo2 | openssl req -new -key server.key -out server.csr + +openssl x509 -req -days 666 \ + -in server.csr -CA ca.crt -CAkey ca.key -set_serial 1 -out server.crt +n=2 +mk_client_cert () { + CLIENT=$1 + openssl genrsa -out $CLIENT.key 512 + certinfo2 | openssl req -new -key $CLIENT.key -out $CLIENT.csr + + openssl x509 -req -days 666 \ + -in $CLIENT.csr -CA $CA.crt -CAkey $CA.key -set_serial $n \ + -out $CLIENT.crt + rm -f $CLIENT.csr + n=$(($n + 1)) +} + +CA=ca +mk_client_cert client1 +mk_client_cert client2 + +CA=bad-ca mk_client_cert bad-client + +rm -f server.csr + +echo OK diff --git a/t/t0600-https-server-basic.sh b/t/t0600-https-server-basic.sh new file mode 100755 index 0000000..5dd0d65 --- /dev/null +++ b/t/t0600-https-server-basic.sh @@ -0,0 +1,48 @@ +#!/bin/sh +. ./test-lib.sh +t_plan 7 "simple HTTPS connection tests" + +t_begin "setup and start" && { + rtmpfiles curl_err + unicorn_setup +cat > $unicorn_config <<EOF +ssl do + listen "$listen" + ssl_certificate "server.crt" + ssl_certificate_key "server.key" +end +pid "$pid" +stderr_path "$r_err" +stdout_path "$r_out" +EOF + unicorn -D -c $unicorn_config env.ru + unicorn_wait_start +} + +t_begin "single request" && { + curl -sSfv --cacert ca.crt https://$listen/ +} + +t_begin "check stderr has no errors" && { + check_stderr +} + +t_begin "multiple requests" && { + curl -sSfv --no-keepalive --cacert ca.crt \ + https://$listen/ https://$listen/ 2>> $curl_err >> $tmp + dbgcat curl_err +} + +t_begin "check stderr has no errors" && { + check_stderr +} + +t_begin "killing succeeds" && { + kill $unicorn_pid +} + +t_begin "check stderr has no errors" && { + check_stderr +} + +t_done |