[GitHub] [apisix] membphis commented on a change in pull request #2089: feature: multiple certificates support for single domain

Fri, 21 Aug 2020 01:26:38 -0700 


membphis commented on a change in pull request #2089:
URL: https://github.com/apache/apisix/pull/2089#discussion_r474517742



##########
File path: t/router/radixtree-sni.t
##########
@@ -940,3 +940,134 @@ connected: 1
 failed to do SSL handshake: handshake failed
 --- error_log
 decrypt ssl key failed.
+
+
+
+=== TEST 21 set ssl with multiple certificates.
+--- config
+location /t {
+    content_by_lua_block {
+        local core = require("apisix.core")
+        local t = require("lib.test_admin")
+
+        local ssl_cert = t.read_file("conf/cert/apisix.crt")
+        local ssl_key = t.read_file("conf/cert/apisix.key")
+        local ssl_ecc_cert = t.read_file("conf/cert/apisix_ecc.crt")
+        local ssl_ecc_key = t.read_file("conf/cert/apisix_ecc.key")
+
+        local data = {
+            cert = ssl_cert,
+            key = ssl_key,
+            certs = { ssl_ecc_cert },
+            keys = { ssl_ecc_key },
+            sni = "test3.com",
+        }
+
+        local code, body = t.test('/apisix/admin/ssl/1',
+            ngx.HTTP_PUT,
+            core.json.encode(data),
+            [[{
+                "node": {
+                    "value": {
+                        "sni": "test3.com"
+                    },
+                    "key": "/apisix/ssl/1"
+                },
+                "action": "set"
+            }]]
+        )
+        ngx.status = code
+        ngx.say(body)
+    }
+}
+--- request
+GET /t
+--- response_body
+passed
+--- no_error_log
+[error]
+
+
+
+=== TEST 22: client request using ECC certificate
+--- config
+listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
+location /t {
+    lua_ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384;
+    content_by_lua_block {
+        -- etcd sync
+
+        ngx.sleep(0.2)
+
+        do
+            local sock = ngx.socket.tcp()
+
+            sock:settimeout(2000)
+
+            local ok, err = 
sock:connect("unix:$TEST_NGINX_HTML_DIR/nginx.sock")
+            if not ok then
+                ngx.say("failed to connect: ", err)
+                return
+            end
+
+            ngx.say("connected: ", ok)
+
+            local sess, err = sock:sslhandshake(nil, "test3.com", false)

Review comment:
       the SNI of `apisix_ecc` is `test.com`




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to