[PATCH] Tests: ssl_engine_keys.t improved

o.deeva at wbsrv.ru o.deeva at wbsrv.ru
Tue May 7 20:32:45 UTC 2024


# HG changeset patch
# User Oksana Deeva <o.deeva at wbsrv.ru>
# Date 1715111756 -10800
#      Tue May 07 22:55:56 2024 +0300
# Node ID e5014b423e1391dd1078d064361a0b28d1a488d0
# Parent  2a607a31f583add7adfa1ac434a3f793d327ca6b
Tests: ssl_engine_keys.t improved

diff -r 2a607a31f583 -r e5014b423e13 ssl_engine_keys.t
--- a/ssl_engine_keys.t	Tue Apr 23 17:59:53 2024 +0400
+++ b/ssl_engine_keys.t	Tue May 07 22:55:56 2024 +0300
@@ -28,7 +28,7 @@
 	unless $ENV{TEST_NGINX_UNSAFE};
 
 my $t = Test::Nginx->new()->has(qw/http proxy http_ssl/)->has_daemon('openssl')
-	->has_daemon('softhsm2-util')->has_daemon('pkcs11-tool')->plan(2);
+	->has_daemon('softhsm2-util')->has_daemon('pkcs11-tool');
 
 $t->write_file_expand('nginx.conf', <<'EOF');
 
@@ -86,9 +86,29 @@
 #
 # http://mailman.nginx.org/pipermail/nginx-devel/2014-October/006151.html
 #
-# Note that library paths may differ on different systems,
+# Note that library paths vary on different systems,
 # and may need to be adjusted.
 
+my $libsofthsm2_path;
+my @so_paths = (
+	'/usr/lib/softhsm/',    # alpine, astrase, debian, ubuntu
+	'/usr/lib64/softhsm/',  # rosachrome, rosafresh
+	'/usr/local/lib/softhsm/', # freebsd
+	'/lib64/',              # redos, almalinux, centos, oracle, rocky
+);
+for my $so_path (@so_paths) {
+	my $path = $so_path . 'libsofthsm2.so';
+	if (-e $path) {
+		$libsofthsm2_path = $path;
+		last;
+	}
+};
+
+die 'Can\'t determine libsofthsm2.so path'
+	unless $libsofthsm2_path;
+
+note("libsofthsm2_path: $libsofthsm2_path");
+
 $t->write_file('openssl.conf', <<EOF);
 openssl_conf = openssl_def
 
@@ -100,8 +120,8 @@
 
 [pkcs11_section]
 engine_id = pkcs11
-dynamic_path = /usr/local/lib/engines/pkcs11.so
-MODULE_PATH = /usr/local/lib/softhsm/libsofthsm2.so
+#dynamic_path = /usr/local/lib/engines/pkcs11.so
+MODULE_PATH = $libsofthsm2_path
 init = 1
 PIN = 1234
 
@@ -125,21 +145,37 @@
 $ENV{OPENSSL_CONF} = "$d/openssl.conf";
 
 foreach my $name ('localhost') {
-	system('softhsm2-util --init-token --slot 0 --label NginxZero '
+	my $cmd = 'softhsm2-util --init-token --slot 0 --label NginxZero '
 		. '--pin 1234 --so-pin 1234 '
-		. ">>$d/openssl.out 2>&1");
+		. ">>$d/openssl.out 2>&1";
+
+	note("SOFTHSM2_CONF=$d/softhsm2.conf OPENSSL_CONF=$d/openssl.conf $cmd");
+
+	system($cmd);
 
-	system('pkcs11-tool --module=/usr/local/lib/softhsm/libsofthsm2.so '
+	$cmd = "pkcs11-tool --module=$libsofthsm2_path "
 		. '-p 1234 -l -k -d 0 -a nx_key_0 --key-type rsa:2048 '
-		. ">>$d/openssl.out 2>&1");
+		. ">>$d/openssl.out 2>&1";
+
+	note("SOFTHSM2_CONF=$d/softhsm2.conf OPENSSL_CONF=$d/openssl.conf $cmd");
 
-	system('openssl req -x509 -new '
+	system($cmd);
+
+	$cmd = 'openssl req -x509 -new '
 		. "-subj /CN=$name/ -out $d/$name.crt -text "
 		. "-engine pkcs11 -keyform engine -key id_00 "
-		. ">>$d/openssl.out 2>&1") == 0
-		or die "Can't create certificate for $name: $!\n";
+		. ">>$d/openssl.out 2>&1";
+
+	note("SOFTHSM2_CONF=$d/softhsm2.conf OPENSSL_CONF=$d/openssl.conf $cmd");
+
+	my $openssl_call_result = system($cmd);
+
+	plan(skip_all => "Can't create certificate for $name: $!\n")
+		unless $openssl_call_result == 0;
 }
 
+$t->plan(2);
+
 $t->run();
 
 $t->write_file('index.html', '');


More information about the nginx-devel mailing list