KNEL/KNELProductionContainers
2
0
Fork 0
Code Pull Requests Actions Packages Releases Activity
Files
integration
KNELProductionContainers/CloudronPackages/APISIX/apisix-source/t/node/ssl-protocols.t
ReachableCEO 54cc5f7308 feat(apisix): add Cloudron package 
- Implements Apache APISIX packaging for Cloudron platform.
- Includes Dockerfile, CloudronManifest.json, and start.sh.
- Configured to use Cloudron's etcd addon.

🤖 Generated with Gemini CLI
Co-Authored-By: Gemini <noreply@google.com>
2025-09-04 09:42:47 -05:00

299 lines
8.0 KiB
Perl
Raw Permalink Blame History

#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
use t::APISIX;
repeat_each(1);
log_level('info');
no_root_location();
no_shuffle();
my $openssl_bin = $ENV{OPENSSL_BIN};
if (! -x $openssl_bin) {
$ENV{OPENSSL_BIN} = '/usr/local/openresty/openssl3/bin/openssl';
if (! -x $ENV{OPENSSL_BIN}) {
plan(skip_all => "openssl3 not installed");
}
}
plan('no_plan');
add_block_preprocessor(sub {
my ($block) = @_;
my $yaml_config = $block->yaml_config // <<_EOC_;
deployment:
role: traditional
role_traditional:
config_provider: etcd
admin:
admin_key: null
apisix:
node_listen: 1984
proxy_mode: http&stream
stream_proxy:
tcp:
- 9100
enable_resolv_search_opt: false
ssl:
ssl_protocols: TLSv1.1 TLSv1.2 TLSv1.3
ssl_ciphers: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA
_EOC_
$block->set_value("yaml_config", $yaml_config);
});
run_tests();
__DATA__
=== TEST 1: set route
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/routes/1',
ngx.HTTP_PUT,
[[{
"upstream": {
"nodes": {
"127.0.0.1:1980": 1
},
"type": "roundrobin"
},
"uris": ["/hello", "/world"]
}]]
)
if code >= 300 then
ngx.status = code
ngx.say(message)
return
end
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
=== TEST 2: create ssl for test.com (unset ssl_protocols)
--- config
location /t {
content_by_lua_block {
local core = require("apisix.core")
local t = require("lib.test_admin")
local ssl_cert = t.read_file("t/certs/apisix.crt")
local ssl_key = t.read_file("t/certs/apisix.key")
local data = {cert = ssl_cert, key = ssl_key, sni = "test.com"}
local code, body = t.test('/apisix/admin/ssls/1',
ngx.HTTP_PUT,
core.json.encode(data),
[[{
"value": {
"sni": "test.com",
"ssl_protocols": null,
},
"key": "/apisix/ssls/1"
}]]
)
ngx.status = code
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
=== TEST 3: Successfully, access test.com with TLSv1.3
--- exec
echo -n "Q" | $OPENSSL_BIN s_client -connect 127.0.0.1:1994 -servername test.com -tls1_3 2>&1 | cat
--- response_body eval
qr/Server certificate/
=== TEST 4: Successfully, access test.com with TLSv1.2
--- exec
curl -k -v --tls-max 1.2 --tlsv1.2 --resolve "test.com:1994:127.0.0.1" https://test.com:1994/hello 2>&1 | cat
--- response_body eval
qr/TLSv1\.2 \(IN\), TLS handshake, Server hello(?s).*hello world/
=== TEST 5: Successfully, access test.com with TLSv1.1
--- exec
echo -n "Q" | $OPENSSL_BIN s_client -connect 127.0.0.1:1994 -servername test.com -tls1_1 2>&1 | cat
--- response_body eval
qr/Server certificate/
=== TEST 6: set TLSv1.2 and TLSv1.3 for test.com
--- config
location /t {
content_by_lua_block {
local core = require("apisix.core")
local t = require("lib.test_admin")
local ssl_cert = t.read_file("t/certs/apisix.crt")
local ssl_key = t.read_file("t/certs/apisix.key")
local data = {cert = ssl_cert, key = ssl_key, sni = "test.com", ssl_protocols = {"TLSv1.2", "TLSv1.3"}}
local code, body = t.test('/apisix/admin/ssls/1',
ngx.HTTP_PUT,
core.json.encode(data),
[[{
"value": {
"sni": "test.com",
"ssl_protocols": ["TLSv1.2", "TLSv1.3"],
},
"key": "/apisix/ssls/1"
}]]
)
ngx.status = code
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
=== TEST 7: Set TLSv1.3 for the test2.com
--- config
location /t {
content_by_lua_block {
local core = require("apisix.core")
local t = require("lib.test_admin")
local ssl_cert = t.read_file("t/certs/test2.crt")
local ssl_key = t.read_file("t/certs/test2.key")
local data = {cert = ssl_cert, key = ssl_key, sni = "test2.com", ssl_protocols = {"TLSv1.3"}}
local code, body = t.test('/apisix/admin/ssls/2',
ngx.HTTP_PUT,
core.json.encode(data),
[[{
"value": {
"sni": "test2.com"
},
"key": "/apisix/ssls/2"
}]]
)
ngx.status = code
ngx.say(body)
}
}
--- response_body
passed
--- request
GET /t
=== TEST 8: Successfully, access test.com with TLSv1.3
--- exec
echo -n "Q" | $OPENSSL_BIN s_client -connect 127.0.0.1:1994 -servername test.com -tls1_3 2>&1 | cat
--- response_body eval
qr/Server certificate/
=== TEST 9: Successfully, access test.com with TLSv1.2
--- exec
curl -k -v --tls-max 1.2 --tlsv1.2 --resolve "test.com:1994:127.0.0.1" https://test.com:1994/hello 2>&1 | cat
--- response_body eval
qr/TLSv1\.2 \(IN\), TLS handshake, Server hello(?s).*hello world/
=== TEST 10: Successfully, access test2.com with TLSv1.3
--- exec
echo -n "Q" | $OPENSSL_BIN s_client -connect 127.0.0.1:1994 -servername test2.com -tls1_3 2>&1 | cat
--- response_body eval
qr/Server certificate/
=== TEST 11: Failed, access test2.com with TLSv1.2
--- exec
curl -k -v --tls-max 1.2 --tlsv1.2 --resolve "test2.com:1994:127.0.0.1" https://test2.com:1994/hello 2>&1 | cat
--- response_body eval
qr/TLSv1\.2 \(IN\), TLS alert/
=== TEST 12: set TLSv1.1 for test.com
--- config
location /t {
content_by_lua_block {
local core = require("apisix.core")
local t = require("lib.test_admin")
local ssl_cert = t.read_file("t/certs/apisix.crt")
local ssl_key = t.read_file("t/certs/apisix.key")
local data = {cert = ssl_cert, key = ssl_key, sni = "test.com", ssl_protocols = {"TLSv1.1"}}
local code, body = t.test('/apisix/admin/ssls/1',
ngx.HTTP_PUT,
core.json.encode(data),
[[{
"value": {
"sni": "test.com",
"ssl_protocols": ["TLSv1.1"],
},
"key": "/apisix/ssls/1"
}]]
)
ngx.status = code
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
=== TEST 13: Successfully, access test.com with TLSv1.1
--- exec
echo -n "Q" | $OPENSSL_BIN s_client -connect 127.0.0.1:1994 -servername test.com -tls1_1 2>&1 | cat
--- response_body eval
qr/Server certificate/
=== TEST 14: Failed, access test.com with TLSv1.3
--- exec
echo -n "Q" | $OPENSSL_BIN s_client -connect 127.0.0.1:1994 -servername test.com -tls1_3 2>&1 | cat
--- response_body eval
qr/tlsv1 alert/
View Git Blame Copy Permalink