about summary refs log tree commit homepage
path: root/t
diff options
context:
space:
mode:
authorEric Wong <normalperson@yhbt.net>2011-09-07 00:36:58 +0000
committerEric Wong <normalperson@yhbt.net>2011-09-15 21:37:40 +0000
commitac346b5abcfa6253bd792091e5fb011774c40d49 (patch)
treeb304b96f42c3ba2cde396de8ed626754ae9d78cc /t
parentb48c6659b294b37f2c6ff3e75c1c9245522d48d1 (diff)
downloadunicorn-ac346b5abcfa6253bd792091e5fb011774c40d49.tar.gz
This will also be the foundation of SSL support in Rainbows!
and Zbatery.  Some users may also want to use this in
Unicorn on LANs to meet certain security/auditing requirements.
Of course, Nightmare! (in whatever form) should also be able to
use it.
Diffstat (limited to 't')
-rw-r--r--t/.gitignore2
-rwxr-xr-xt/sslgen.sh63
-rwxr-xr-xt/t0600-https-server-basic.sh48
3 files changed, 113 insertions, 0 deletions
diff --git a/t/.gitignore b/t/.gitignore
index a0c1c36..2312321 100644
--- a/t/.gitignore
+++ b/t/.gitignore
@@ -1,2 +1,4 @@
 /random_blob
 /.dep+*
+/*.crt
+/*.key
diff --git a/t/sslgen.sh b/t/sslgen.sh
new file mode 100755
index 0000000..3fd070a
--- /dev/null
+++ b/t/sslgen.sh
@@ -0,0 +1,63 @@
+#!/bin/sh
+set -e
+set -x
+
+certinfo() {
+        echo US
+        echo Hell
+        echo A Very Special Place
+        echo Monkeys
+        echo Poo-Flingers
+        echo 127.0.0.1
+        echo kgio@bogomips.org
+}
+
+certinfo2() {
+        certinfo
+        echo
+        echo
+}
+
+ca_certinfo () {
+        echo US
+        echo Hell
+        echo An Even More Special Place
+        echo Deranged Monkeys
+        echo Poo-Hurlers
+        echo 127.6.6.6
+        echo unicorn@bogomips.org
+}
+
+openssl genrsa -out ca.key 512
+ca_certinfo | openssl req -new -x509 -days 666 -key ca.key -out ca.crt
+
+openssl genrsa -out bad-ca.key 512
+ca_certinfo | openssl req -new -x509 -days 666 -key bad-ca.key -out bad-ca.crt
+
+openssl genrsa -out server.key 512
+certinfo2 | openssl req -new -key server.key -out server.csr
+
+openssl x509 -req -days 666 \
+        -in server.csr -CA ca.crt -CAkey ca.key -set_serial 1 -out server.crt
+n=2
+mk_client_cert () {
+        CLIENT=$1
+        openssl genrsa -out $CLIENT.key 512
+        certinfo2 | openssl req -new -key $CLIENT.key -out $CLIENT.csr
+
+        openssl x509 -req -days 666 \
+                -in $CLIENT.csr -CA $CA.crt -CAkey $CA.key -set_serial $n \
+                -out $CLIENT.crt
+        rm -f $CLIENT.csr
+        n=$(($n + 1))
+}
+
+CA=ca
+mk_client_cert client1
+mk_client_cert client2
+
+CA=bad-ca mk_client_cert bad-client
+
+rm -f server.csr
+
+echo OK
diff --git a/t/t0600-https-server-basic.sh b/t/t0600-https-server-basic.sh
new file mode 100755
index 0000000..5dd0d65
--- /dev/null
+++ b/t/t0600-https-server-basic.sh
@@ -0,0 +1,48 @@
+#!/bin/sh
+. ./test-lib.sh
+t_plan 7 "simple HTTPS connection tests"
+
+t_begin "setup and start" && {
+        rtmpfiles curl_err
+        unicorn_setup
+cat > $unicorn_config <<EOF
+ssl do
+  listen "$listen"
+  ssl_certificate "server.crt"
+  ssl_certificate_key "server.key"
+end
+pid "$pid"
+stderr_path "$r_err"
+stdout_path "$r_out"
+EOF
+        unicorn -D -c $unicorn_config env.ru
+        unicorn_wait_start
+}
+
+t_begin "single request" && {
+        curl -sSfv --cacert ca.crt https://$listen/
+}
+
+t_begin "check stderr has no errors" && {
+        check_stderr
+}
+
+t_begin "multiple requests" && {
+        curl -sSfv --no-keepalive --cacert ca.crt \
+                https://$listen/ https://$listen/ 2>> $curl_err >> $tmp
+                dbgcat curl_err
+}
+
+t_begin "check stderr has no errors" && {
+        check_stderr
+}
+
+t_begin "killing succeeds" && {
+        kill $unicorn_pid
+}
+
+t_begin "check stderr has no errors" && {
+        check_stderr
+}
+
+t_done