Tests: dynamic certificates to upstream in optimized SSL contexts.

Author: pluknet

proxy_ssl_certificate_vars.t

@@ -43,10 +43,12 @@ http {
 
         proxy_ssl_session_reuse off;
 
+        proxy_ssl_certificate $arg_cert.example.com.crt;
+        proxy_ssl_certificate_key $arg_cert.example.com.key;
+        proxy_ssl_password_file password;
+
         location / {
             proxy_pass https://127.0.0.1:8081/;
-            proxy_ssl_certificate $arg_cert.example.com.crt;
-            proxy_ssl_certificate_key $arg_cert.example.com.key;
         }
 
         location /encrypted {
@@ -56,6 +58,10 @@ http {
             proxy_ssl_password_file password;
         }
 
+        location /optimized {
+            proxy_pass https://127.0.0.1:8082/;
+        }
+
         location /none {
             proxy_pass https://127.0.0.1:8082/;
             proxy_ssl_certificate $arg_cert;
@@ -132,7 +138,7 @@ sleep 1 if $^O eq 'MSWin32';
 $t->write_file('password', '3.example.com');
 $t->write_file('index.html', '');
 
-$t->run()->plan(4);
+$t->run()->plan(5);
 
 ###############################################################################
 
@@ -142,6 +148,16 @@ like(http_get('/?cert=2'),
 	qr/X-Verify: FAILED/ms, 'variable - fail certificate');
 like(http_get('/encrypted?cert=3'),
 	qr/X-Verify: SUCCESS/ms, 'variable - with encrypted key');
+
+TODO: {
+todo_skip 'leaves coredump', 1 unless $t->has_version('1.27.5')
+	or $ENV{TEST_NGINX_UNSAFE};
+
+like(http_get('/optimized?cert=3'),
+	qr/X-Verify: SUCCESS/ms, 'variable - with encrypted key optimized');
+
+}
+
 like(http_get('/none'),
 	qr/X-Verify: NONE/ms, 'variable - no certificate');
 

stream_proxy_ssl_certificate_vars.t

@@ -41,19 +41,21 @@ stream {
         %%PORT_8082%% 1;
         %%PORT_8083%% 2;
         %%PORT_8084%% 3;
+        %%PORT_8086%% 3;
         %%PORT_8085%% "";
     }
 
     proxy_ssl on;
     proxy_ssl_session_reuse off;
 
+    proxy_ssl_certificate $cert.example.com.crt;
+    proxy_ssl_certificate_key $cert.example.com.key;
+    proxy_ssl_password_file password;
+
     server {
         listen      127.0.0.1:8082;
         listen      127.0.0.1:8083;
         proxy_pass  127.0.0.1:8080;
-
-        proxy_ssl_certificate $cert.example.com.crt;
-        proxy_ssl_certificate_key $cert.example.com.key;
     }
 
     server {
@@ -65,6 +67,11 @@ stream {
         proxy_ssl_password_file password;
     }
 
+    server {
+        listen      127.0.0.1:8086;
+        proxy_pass  127.0.0.1:8081;
+    }
+
     server {
         listen      127.0.0.1:8085;
         proxy_pass  127.0.0.1:8081;
@@ -146,7 +153,7 @@ sleep 1 if $^O eq 'MSWin32';
 $t->write_file('password', '3.example.com');
 $t->write_file('index.html', '');
 
-$t->run()->plan(4);
+$t->run()->plan(5);
 
 ###############################################################################
 
@@ -156,6 +163,16 @@ like(http_get('/', socket => IO::Socket::INET->new('127.0.0.1:' . port(8083))),
 	qr/X-Verify: FAILED/ms, 'variable - fail certificate');
 like(http_get('/', socket => IO::Socket::INET->new('127.0.0.1:' . port(8084))),
 	qr/X-Verify: SUCCESS/ms, 'variable - with encrypted key');
+
+TODO: {
+todo_skip 'leaves coredump', 1 unless $t->has_version('1.27.5')
+	or $ENV{TEST_NGINX_UNSAFE};
+
+like(http_get('/', socket => IO::Socket::INET->new('127.0.0.1:' . port(8086))),
+	qr/X-Verify: SUCCESS/ms, 'variable - with encrypted key optimized');
+
+}
+
 like(http_get('/', socket => IO::Socket::INET->new('127.0.0.1:' . port(8085))),
 	qr/X-Verify: NONE/ms, 'variable - no certificate');