From 2a089cb615729894eba4def973c98e44cd1cebe7 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 9 Apr 2024 13:12:21 +0100 Subject: [PATCH] Set up nginx integration test This uses the system nginx (assumed to be available) to start a server, then grabs a small html file and a larger 5MB download with the system curl (using system openssl). --- rustls-libssl/tests/nginx.conf | 47 ++++++++++++++++++++++++ rustls-libssl/tests/runner.rs | 67 +++++++++++++++++++++++++++++++++- 2 files changed, 113 insertions(+), 1 deletion(-) create mode 100644 rustls-libssl/tests/nginx.conf diff --git a/rustls-libssl/tests/nginx.conf b/rustls-libssl/tests/nginx.conf new file mode 100644 index 0000000..4acc9ed --- /dev/null +++ b/rustls-libssl/tests/nginx.conf @@ -0,0 +1,47 @@ +daemon off; +master_process off; +pid nginx.pid; + +events { +} + +http { + ssl_protocols TLSv1.2 TLSv1.3; + access_log access.log; + + server { + listen 8443 ssl; + server_name localhost; + ssl_certificate ../../../test-ca/rsa/server.cert; + ssl_certificate_key ../../../test-ca/rsa/server.key; + + location = / { + return 200 "hello world\n"; + } + + location /ssl-agreed { + return 200 "protocol:$ssl_protocol,cipher:$ssl_cipher\n"; + } + + location /ssl-server-name { + return 200 "server-name:$ssl_server_name\n"; + } + + location /ssl-was-reused { + return 200 "reused:$ssl_session_reused\n"; + } + + # not currently implemented: + location /ssl-offer { + return 200 "ciphers:$ssl_ciphers,curves:$ssl_curves\n"; + } + + location /ssl-early-data { + return 200 "early-data:$ssl_early_data\n"; + } + + location /ssl-client-auth { + return 200 "s-dn:$ssl_client_s_dn\ni-dn:$ssl_client_i_dn\nserial:$ssl_client_serial\nfp:$ssl_client_fingerprint\nverify:$ssl_client_verify\nv-start:$ssl_client_v_start\nv-end:$ssl_client_v_end\nv-remain:$ssl_client_v_remain\ncert:\n$ssl_client_cert\n"; + } + } +} diff --git a/rustls-libssl/tests/runner.rs b/rustls-libssl/tests/runner.rs index ff3792a..03e6075 100644 --- a/rustls-libssl/tests/runner.rs +++ b/rustls-libssl/tests/runner.rs @@ -1,6 +1,6 @@ use std::io::Read; use std::process::{Child, Command, Output, Stdio}; -use std::{net, thread, time}; +use std::{fs, net, thread, time}; /* Note: * @@ -327,6 +327,71 @@ fn server() { assert_eq!(openssl_output, rustls_output); } +const NGINX_LOG_LEVEL: &str = "info"; + +#[test] +#[ignore] +fn nginx() { + fs::create_dir_all("target/nginx-tmp/basic/html").unwrap(); + fs::write( + "target/nginx-tmp/basic/server.conf", + include_str!("nginx.conf"), + ) + .unwrap(); + + let big_file = vec![b'a'; 5 * 1024 * 1024]; + fs::write("target/nginx-tmp/basic/html/large.html", &big_file).unwrap(); + + let nginx_server = KillOnDrop(Some( + Command::new("tests/maybe-valgrind.sh") + .args([ + "nginx", + "-g", + &format!("error_log stderr {NGINX_LOG_LEVEL};"), + "-p", + "./target/nginx-tmp/basic", + "-c", + "server.conf", + ]) + .spawn() + .unwrap(), + )); + wait_for_port(8443); + + // basic single request + assert_eq!( + Command::new("curl") + .env("LD_LIBRARY_PATH", "") + .args(["--cacert", "test-ca/rsa/ca.cert", "https://localhost:8443/"]) + .stdout(Stdio::piped()) + .output() + .map(print_output) + .unwrap() + .stdout, + b"hello world\n" + ); + + // big download (throttled by curl to ensure non-blocking writes work) + assert_eq!( + Command::new("curl") + .env("LD_LIBRARY_PATH", "") + .args([ + "--cacert", + "test-ca/rsa/ca.cert", + "--limit-rate", + "1M", + "https://localhost:8443/large.html" + ]) + .stdout(Stdio::piped()) + .output() + .unwrap() + .stdout, + big_file + ); + + drop(nginx_server); +} + struct KillOnDrop(Option); impl KillOnDrop {