# HG changeset patch # User Oksana Deeva <o.de...@wbsrv.ru> # Date 1715111756 -10800 # Tue May 07 22:55:56 2024 +0300 # Node ID e5014b423e1391dd1078d064361a0b28d1a488d0 # Parent 2a607a31f583add7adfa1ac434a3f793d327ca6b Tests: ssl_engine_keys.t improved
diff -r 2a607a31f583 -r e5014b423e13 ssl_engine_keys.t --- a/ssl_engine_keys.t Tue Apr 23 17:59:53 2024 +0400 +++ b/ssl_engine_keys.t Tue May 07 22:55:56 2024 +0300 @@ -28,7 +28,7 @@ unless $ENV{TEST_NGINX_UNSAFE}; my $t = Test::Nginx->new()->has(qw/http proxy http_ssl/)->has_daemon('openssl') - ->has_daemon('softhsm2-util')->has_daemon('pkcs11-tool')->plan(2); + ->has_daemon('softhsm2-util')->has_daemon('pkcs11-tool'); $t->write_file_expand('nginx.conf', <<'EOF'); @@ -86,9 +86,29 @@ # # http://mailman.nginx.org/pipermail/nginx-devel/2014-October/006151.html # -# Note that library paths may differ on different systems, +# Note that library paths vary on different systems, # and may need to be adjusted. +my $libsofthsm2_path; +my @so_paths = ( + '/usr/lib/softhsm/', # alpine, astrase, debian, ubuntu + '/usr/lib64/softhsm/', # rosachrome, rosafresh + '/usr/local/lib/softhsm/', # freebsd + '/lib64/', # redos, almalinux, centos, oracle, rocky +); +for my $so_path (@so_paths) { + my $path = $so_path . 'libsofthsm2.so'; + if (-e $path) { + $libsofthsm2_path = $path; + last; + } +}; + +die 'Can\'t determine libsofthsm2.so path' + unless $libsofthsm2_path; + +note("libsofthsm2_path: $libsofthsm2_path"); + $t->write_file('openssl.conf', <<EOF); openssl_conf = openssl_def @@ -100,8 +120,8 @@ [pkcs11_section] engine_id = pkcs11 -dynamic_path = /usr/local/lib/engines/pkcs11.so -MODULE_PATH = /usr/local/lib/softhsm/libsofthsm2.so +#dynamic_path = /usr/local/lib/engines/pkcs11.so +MODULE_PATH = $libsofthsm2_path init = 1 PIN = 1234 @@ -125,21 +145,37 @@ $ENV{OPENSSL_CONF} = "$d/openssl.conf"; foreach my $name ('localhost') { - system('softhsm2-util --init-token --slot 0 --label NginxZero ' + my $cmd = 'softhsm2-util --init-token --slot 0 --label NginxZero ' . '--pin 1234 --so-pin 1234 ' - . ">>$d/openssl.out 2>&1"); + . ">>$d/openssl.out 2>&1"; + + note("SOFTHSM2_CONF=$d/softhsm2.conf OPENSSL_CONF=$d/openssl.conf $cmd"); + + system($cmd); - system('pkcs11-tool --module=/usr/local/lib/softhsm/libsofthsm2.so ' + $cmd = "pkcs11-tool --module=$libsofthsm2_path " . '-p 1234 -l -k -d 0 -a nx_key_0 --key-type rsa:2048 ' - . ">>$d/openssl.out 2>&1"); + . ">>$d/openssl.out 2>&1"; + + note("SOFTHSM2_CONF=$d/softhsm2.conf OPENSSL_CONF=$d/openssl.conf $cmd"); - system('openssl req -x509 -new ' + system($cmd); + + $cmd = 'openssl req -x509 -new ' . "-subj /CN=$name/ -out $d/$name.crt -text " . "-engine pkcs11 -keyform engine -key id_00 " - . ">>$d/openssl.out 2>&1") == 0 - or die "Can't create certificate for $name: $!\n"; + . ">>$d/openssl.out 2>&1"; + + note("SOFTHSM2_CONF=$d/softhsm2.conf OPENSSL_CONF=$d/openssl.conf $cmd"); + + my $openssl_call_result = system($cmd); + + plan(skip_all => "Can't create certificate for $name: $!\n") + unless $openssl_call_result == 0; } +$t->plan(2); + $t->run(); $t->write_file('index.html', ''); _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel