# HG changeset patch
# User Oksana Deeva <o.deeva@wbsrv.ru>
# Date 1715111756 -10800
# Tue May 07 22:55:56 2024 +0300
# Node ID e5014b423e1391dd1078d064361a0b28d1a488d0
# Parent 2a607a31f583add7adfa1ac434a3f793d327ca6b
Tests: ssl_engine_keys.t improved

diff -r 2a607a31f583 -r e5014b423e13 ssl_engine_keys.t
--- a/ssl_engine_keys.t Tue Apr 23 17:59:53 2024 +0400
+++ b/ssl_engine_keys.t Tue May 07 22:55:56 2024 +0300
@@ -28,7 +28,7 @@
unless $ENV{TEST_NGINX_UNSAFE};

my $t = Test::Nginx->new()->has(qw/http proxy http_ssl/)->has_daemon('openssl')
- ->has_daemon('softhsm2-util')->has_daemon('pkcs11-tool')->plan(2);
+ ->has_daemon('softhsm2-util')->has_daemon('pkcs11-tool');

$t->write_file_expand('nginx.conf', <<'EOF');

@@ -86,9 +86,29 @@
#
# http://mailman.nginx.org/pipermail/nginx-devel/2014-October/006151.html
#
-# Note that library paths may differ on different systems,
+# Note that library paths vary on different systems,
# and may need to be adjusted.

+my $libsofthsm2_path;
+my @so_paths = (
+ '/usr/lib/softhsm/', # alpine, astrase, debian, ubuntu
+ '/usr/lib64/softhsm/', # rosachrome, rosafresh
+ '/usr/local/lib/softhsm/', # freebsd
+ '/lib64/', # redos, almalinux, centos, oracle, rocky
+);
+for my $so_path (@so_paths) {
+ my $path = $so_path . 'libsofthsm2.so';
+ if (-e $path) {
+ $libsofthsm2_path = $path;
+ last;
+ }
+};
+
+die 'Can\'t determine libsofthsm2.so path'
+ unless $libsofthsm2_path;
+
+note("libsofthsm2_path: $libsofthsm2_path");
+
$t->write_file('openssl.conf', <<EOF);
openssl_conf = openssl_def

@@ -100,8 +120,8 @@

[pkcs11_section]
engine_id = pkcs11
-dynamic_path = /usr/local/lib/engines/pkcs11.so
-MODULE_PATH = /usr/local/lib/softhsm/libsofthsm2.so
+#dynamic_path = /usr/local/lib/engines/pkcs11.so
+MODULE_PATH = $libsofthsm2_path
init = 1
PIN = 1234

@@ -125,21 +145,37 @@
$ENV{OPENSSL_CONF} = "$d/openssl.conf";

foreach my $name ('localhost') {
- system('softhsm2-util --init-token --slot 0 --label NginxZero '
+ my $cmd = 'softhsm2-util --init-token --slot 0 --label NginxZero '
. '--pin 1234 --so-pin 1234 '
- . ">>$d/openssl.out 2>&1");
+ . ">>$d/openssl.out 2>&1";
+
+ note("SOFTHSM2_CONF=$d/softhsm2.conf OPENSSL_CONF=$d/openssl.conf $cmd");
+
+ system($cmd);

- system('pkcs11-tool --module=/usr/local/lib/softhsm/libsofthsm2.so '
+ $cmd = "pkcs11-tool --module=$libsofthsm2_path "
. '-p 1234 -l -k -d 0 -a nx_key_0 --key-type rsa:2048 '
- . ">>$d/openssl.out 2>&1");
+ . ">>$d/openssl.out 2>&1";
+
+ note("SOFTHSM2_CONF=$d/softhsm2.conf OPENSSL_CONF=$d/openssl.conf $cmd");

- system('openssl req -x509 -new '
+ system($cmd);
+
+ $cmd = 'openssl req -x509 -new '
. "-subj /CN=$name/ -out $d/$name.crt -text "
. "-engine pkcs11 -keyform engine -key id_00 "
- . ">>$d/openssl.out 2>&1") == 0
- or die "Can't create certificate for $name: $!\n";
+ . ">>$d/openssl.out 2>&1";
+
+ note("SOFTHSM2_CONF=$d/softhsm2.conf OPENSSL_CONF=$d/openssl.conf $cmd");
+
+ my $openssl_call_result = system($cmd);
+
+ plan(skip_all => "Can't create certificate for $name: $!\n")
+ unless $openssl_call_result == 0;
}

+$t->plan(2);
+
$t->run();

$t->write_file('index.html', '');
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel