From fdb585d749ee1d4fdc72ed7553c045cfbc6508d2 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 9 Apr 2024 13:12:21 +0100 Subject: [PATCH] Set up nginx integration test This uses the system nginx (assumed to be available) to start a server, then grabs a small html file and a larger 5MB download with the system curl (using system openssl). --- rustls-libssl/tests/runner.rs | 115 +++++++++++++++++++++++++++++++++- 1 file changed, 114 insertions(+), 1 deletion(-) diff --git a/rustls-libssl/tests/runner.rs b/rustls-libssl/tests/runner.rs index ff3792a..b9405cf 100644 --- a/rustls-libssl/tests/runner.rs +++ b/rustls-libssl/tests/runner.rs @@ -1,6 +1,6 @@ use std::io::Read; use std::process::{Child, Command, Output, Stdio}; -use std::{net, thread, time}; +use std::{fs, net, thread, time}; /* Note: * @@ -327,6 +327,119 @@ fn server() { assert_eq!(openssl_output, rustls_output); } +const NGINX_LOG_LEVEL: &str = "info"; + +#[test] +#[ignore] +fn nginx() { + fs::create_dir_all("target/nginx-tmp/basic/html").unwrap(); + fs::write( + "target/nginx-tmp/basic/server.conf", + " +daemon off; +master_process off; +pid nginx.pid; + +events { +} + +http { + ssl_protocols TLSv1.2 TLSv1.3; + access_log access.log; + + server { + listen 8443 ssl; + server_name localhost; + ssl_certificate ../../../test-ca/rsa/server.cert; + ssl_certificate_key ../../../test-ca/rsa/server.key; + + location = / { + return 200 \"hello world\n\"; + } + + location /ssl-agreed { + return 200 \"protocol:$ssl_protocol,cipher:$ssl_cipher\n\"; + } + + location /ssl-server-name { + return 200 \"server-name:$ssl_server_name\n\"; + } + + location /ssl-was-reused { + return 200 \"reused:$ssl_session_reused\n\"; + } + + # not currently implemented: + location /ssl-offer { + return 200 \"ciphers:$ssl_ciphers,curves:$ssl_curves\n\"; + } + + location /ssl-early-data { + return 200 \"early-data:$ssl_early_data\n\"; + } + + location /ssl-client-auth { + return 200 \"s-dn:$ssl_client_s_dn\ni-dn:$ssl_client_i_dn\nserial:$ssl_client_serial\nfp:$ssl_client_fingerprint\nverify:$ssl_client_verify\nv-start:$ssl_client_v_start\nv-end:$ssl_client_v_end\nv-remain:$ssl_client_v_remain\ncert:\n$ssl_client_cert\n\"; + } + } +} +", + ) + .unwrap(); + + let big_file = vec![b'a'; 5 * 1024 * 1024]; + fs::write("target/nginx-tmp/basic/html/large.html", &big_file).unwrap(); + + let nginx_server = KillOnDrop(Some( + Command::new("tests/maybe-valgrind.sh") + .args([ + "nginx", + "-g", + &format!("error_log stderr {NGINX_LOG_LEVEL};"), + "-p", + "./target/nginx-tmp/basic", + "-c", + "server.conf", + ]) + .spawn() + .unwrap(), + )); + wait_for_port(8443); + + // basic single request + assert_eq!( + Command::new("curl") + .env("LD_LIBRARY_PATH", "") + .args(["--cacert", "test-ca/rsa/ca.cert", "https://localhost:8443/"]) + .stdout(Stdio::piped()) + .output() + .map(print_output) + .unwrap() + .stdout, + b"hello world\n" + ); + + // big download (throttled by curl to ensure non-blocking writes work) + assert_eq!( + Command::new("curl") + .env("LD_LIBRARY_PATH", "") + .args([ + "--cacert", + "test-ca/rsa/ca.cert", + "--limit-rate", + "1M", + "https://localhost:8443/large.html" + ]) + .stdout(Stdio::piped()) + .output() + .unwrap() + .stdout, + big_file + ); + + drop(nginx_server); +} + struct KillOnDrop(Option); impl KillOnDrop {