Compare revisions

166a886c · 3c4a7183 · 3c4a7183 · 166a886c · 3c4a7183 · 3c4a7183
--- a/t/eec_cert.t
+++ b/t/eec_cert.t
-use Test::Nginx::Socket 'no_plan';
-
-run_tests();
-
-__DATA__
-
-=== TEST 1: rfc proxy certificate, no AC
--- main_config
-    env X509_VOMS_DIR=t/vomsdir;
-    env X509_CERT_DIR=t/trust-anchors;
--- http_config
-    server {
-        error_log logs/error.log debug;
-        listen 8443 ssl;
-        ssl_certificate ../../certs/nginx_voms_example.cert.pem;
-        ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
-        ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
-        ssl_verify_depth 10;
-        ssl_verify_client on;
-	location = / {
-            default_type text/plain;
-            echo $ssl_client_ee_cert;
-        }
-    }
--- config
-    location = / {
-        error_log logs/error-proxy.log debug;
-        proxy_pass https://localhost:8443/;
-        proxy_ssl_certificate ../../certs/0.cert.pem;
-        proxy_ssl_certificate_key ../../certs/0.key.pem;
-    }
--- request
-GET / 
--- response_body
-----BEGIN CERTIFICATE-----
-	MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM
-	MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX
-	DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG
-	A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw
-	hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R
-	BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc
-	CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK
-	2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al
-	xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop
-	kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
-	fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG
-	CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF
-	BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe
-	gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB
-	AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx
-	d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu
-	SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf
-	49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg
-	C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N
-	vDxcPMc/wmnMa+smNal0sJ6m
-	-----END CERTIFICATE-----
--- error_code: 200
-
-
-=== TEST 2: EEC
-
--- main_config
-    env X509_VOMS_DIR=t/vomsdir;
-    env X509_CERT_DIR=t/trust-anchors;
--- http_config
-    server {
-        error_log logs/error.log debug;
-        listen 8443 ssl;
-        ssl_certificate ../../certs/nginx_voms_example.cert.pem;
-        ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
-        ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
-        ssl_verify_depth 10;
-        ssl_verify_client on;
-	location = / {
-            default_type text/plain;
-            echo $ssl_client_ee_cert;
-        }
-    }
--- config
-    location = / {
-        error_log logs/error-proxy.log debug;
-        proxy_pass https://localhost:8443/;
-        proxy_ssl_certificate ../../certs/test0.cert.pem;
-        proxy_ssl_certificate_key ../../certs/9.key.pem;
-    }
--- request
-GET / 
--- response_body
-----BEGIN CERTIFICATE-----
-	MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM
-	MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX
-	DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG
-	A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw
-	hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R
-	BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc
-	CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK
-	2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al
-	xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop
-	kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
-	fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG
-	CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF
-	BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe
-	gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB
-	AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx
-	d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu
-	SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf
-	49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg
-	C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N
-	vDxcPMc/wmnMa+smNal0sJ6m
-	-----END CERTIFICATE-----
--- error_code: 200
--- a/t/eec_cert1.t
+++ b/t/eec_cert1.t
+use Test::Nginx::Socket 'no_plan';
+
+run_tests();
+
+__DATA__
+
+=== TEST 1: RFC proxy certificate, no AC
+--- main_config
+    env X509_VOMS_DIR=t/vomsdir;
+    env X509_CERT_DIR=t/trust-anchors;
+    load_module /etc/nginx/modules/ngx_http_voms_module.so;
+--- http_config
+    client_body_temp_path /tmp/client_temp;
+    proxy_temp_path       /tmp/proxy_temp_path;
+    fastcgi_temp_path     /tmp/fastcgi_temp;
+    uwsgi_temp_path       /tmp/uwsgi_temp;
+    scgi_temp_path        /tmp/scgi_temp;	
+    server {
+        error_log logs/error.log debug;
+        listen 8443 ssl;
+        ssl_certificate ../../certs/star_test_example.cert.pem;
+        ssl_certificate_key ../../certs/star_test_example.key.pem;
+        ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
+        ssl_verify_depth 10;
+        ssl_verify_client on;
+	location = / {
+            default_type text/plain;
+            return 200 "$ssl_client_ee_s_dn\n$ssl_client_ee_i_dn\n$ssl_client_s_dn\n$ssl_client_i_dn\n";
+        }
+    }
+--- config
+    location = / {
+        error_log logs/error-proxy.log debug;
+        proxy_pass https://localhost:8443/;
+        proxy_ssl_certificate ../../certs/0.cert.pem;
+        proxy_ssl_certificate_key ../../certs/0.key.pem;
+    }
+--- request
+GET / 
+--- response_body eval
+my $ee_s = `openssl x509 -in t/certs/test0.cert.pem -noout -subject -nameopt RFC2253` =~ s/^subject=//r;
+my $ee_i = `openssl x509 -in t/certs/test0.cert.pem -noout -issuer -nameopt RFC2253` =~ s/^issuer=//r;
+my $pr_s = `openssl x509 -in t/certs/0.cert.pem -noout -subject -nameopt RFC2253` =~ s/^subject=//r;
+my $pr_i = `openssl x509 -in t/certs/0.cert.pem -noout -issuer -nameopt RFC2253` =~ s/^issuer=//r;
+"$ee_s$ee_i$pr_s$pr_i";
+--- error_code: 200
--- a/t/eec_chain.t
+++ b/t/eec_chain.t
@@ -8,50 +8,35 @@ __DATA__
 --- main_config
    env X509_VOMS_DIR=t/vomsdir;
    env X509_CERT_DIR=t/trust-anchors;
+	load_module /etc/nginx/modules/ngx_http_voms_module.so;
 --- http_config
+    client_body_temp_path /tmp/client_temp;
+    proxy_temp_path       /tmp/proxy_temp_path;
+    fastcgi_temp_path     /tmp/fastcgi_temp;
+    uwsgi_temp_path       /tmp/uwsgi_temp;
+    scgi_temp_path        /tmp/scgi_temp;
    server {
        error_log logs/error.log debug;
        listen 8443 ssl;
-        ssl_certificate ../../certs/nginx_voms_example.cert.pem;
-        ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
-        ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
+        ssl_certificate ../../certs/star_test_example.cert.pem;
+        ssl_certificate_key ../../certs/star_test_example.key.pem;
+        ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
        ssl_verify_depth 10;
        ssl_verify_client on;
-	location = / {
+	    location = / {
            default_type text/plain;
-            echo $ssl_client_ee_cert;
+			return 200 "$ssl_client_ee_s_dn\n";
        }
    }
 --- config
    location = / {
        error_log logs/error-proxy.log debug;
        proxy_pass https://localhost:8443/;
-        proxy_ssl_certificate ../../certs/9.pem;
-        proxy_ssl_certificate_key ../../certs/9.key.pem;
+        proxy_ssl_certificate ../../certs/test0+ca.pem;
+        proxy_ssl_certificate_key ../../certs/test0.key.pem;
    }
 --- request
-GET / 
--- response_body
-----BEGIN CERTIFICATE-----
-	MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM
-	MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX
-	DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG
-	A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw
-	hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R
-	BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc
-	CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK
-	2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al
-	xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop
-	kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
-	fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG
-	CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF
-	BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe
-	gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB
-	AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx
-	d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu
-	SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf
-	49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg
-	C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N
-	vDxcPMc/wmnMa+smNal0sJ6m
-	-----END CERTIFICATE-----
+GET /
+--- response_body eval
+`openssl x509 -in t/certs/test0.cert.pem -noout -subject -nameopt RFC2253` =~ s/^subject=//r;
 --- error_code: 200
--- a/t/eec_subject.t
+++ b/t/eec_subject.t
-use Test::Nginx::Socket 'no_plan';
-
-run_tests();
-
-__DATA__
-
-=== TEST 1: rfc proxy certificate, no AC
--- main_config
-    env X509_VOMS_DIR=t/vomsdir;
-    env X509_CERT_DIR=t/trust-anchors;
--- http_config
-    server {
-        error_log logs/error.log debug;
-        listen 8443 ssl;
-        ssl_certificate ../../certs/nginx_voms_example.cert.pem;
-        ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
-        ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
-        ssl_verify_depth 10;
-        ssl_verify_client on;
-	location = / {
-            default_type text/plain;
-            echo $ssl_client_ee_s_dn;
-            echo $ssl_client_ee_i_dn;
-        }
-    }
--- config
-    location = / {
-        error_log logs/error-proxy.log debug;
-        proxy_pass https://localhost:8443/;
-        proxy_ssl_certificate ../../certs/0.cert.pem;
-        proxy_ssl_certificate_key ../../certs/0.key.pem;
-    }
--- request
-GET / 
--- response_body
-CN=test0,O=IGI,C=IT
-CN=Test CA,O=IGI,C=IT
--- error_code: 200
-
-=== TEST 2: standard x.509 certificate 
--- main_config
-    env X509_VOMS_DIR=t/vomsdir;
-    env X509_CERT_DIR=t/trust-anchors;
--- http_config
-    server {
-        error_log logs/error.log debug;
-        listen 8443 ssl;
-        ssl_certificate ../../certs/nginx_voms_example.cert.pem;
-        ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
-        ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
-        ssl_verify_depth 10;
-        ssl_verify_client on;
-	location = / {
-            default_type text/plain;
-            echo $ssl_client_ee_s_dn;
-            echo $ssl_client_s_dn;
-            echo $ssl_client_ee_i_dn;
-            echo $ssl_client_i_dn;
-        }
-    }
--- config
-    location = / {
-        error_log logs/error-proxy.log debug;
-        proxy_pass https://localhost:8443/;
-        proxy_ssl_certificate ../../certs/nginx_voms_example.cert.pem;
-        proxy_ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
-    }
--- request
-GET / 
--- response_body
-CN=nginx-voms.example,O=IGI,C=IT
-CN=nginx-voms.example,O=IGI,C=IT
-CN=Test CA,O=IGI,C=IT
-CN=Test CA,O=IGI,C=IT
--- error_code: 200
-
-=== TEST 3: three delegations proxy
--- main_config
-    env X509_VOMS_DIR=t/vomsdir;
-    env X509_CERT_DIR=t/trust-anchors;
--- http_config
-    server {
-        error_log logs/error.log debug;
-        listen 8443 ssl;
-        ssl_certificate ../../certs/nginx_voms_example.cert.pem;
-        ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
-        ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
-        ssl_verify_depth 10;
-        ssl_verify_client on;
-	location = / {
-            default_type text/plain;
-            echo $ssl_client_ee_s_dn;
-            echo $ssl_client_ee_i_dn;
-        }
-    }
--- config
-    location = / {
-        error_log logs/error-proxy.log debug;
-        proxy_pass https://localhost:8443/;
-        proxy_ssl_certificate ../../certs/7.cert.pem;
-        proxy_ssl_certificate_key ../../certs/7.key.pem;
-    }
--- request
-GET / 
--- response_body
-CN=test0,O=IGI,C=IT
-CN=Test CA,O=IGI,C=IT
--- error_code: 200
-
-
-=== TEST 4: three delegations proxy + CA cert
--- main_config
-    env X509_VOMS_DIR=t/vomsdir;
-    env X509_CERT_DIR=t/trust-anchors;
--- http_config
-    server {
-        error_log logs/error.log debug;
-        listen 8443 ssl;
-        ssl_certificate ../../certs/nginx_voms_example.cert.pem;
-        ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
-        ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
-        ssl_verify_depth 10;
-        ssl_verify_client on;
-	location = / {
-            default_type text/plain;
-            echo $ssl_client_ee_s_dn;
-            echo $ssl_client_ee_i_dn;
-        }
-    }
--- config
-    location = / {
-        error_log logs/error-proxy.log debug;
-        proxy_pass https://localhost:8443/;
-        proxy_ssl_certificate ../../certs/8.cert.pem;
-        proxy_ssl_certificate_key ../../certs/8.key.pem;
-    }
--- request
-GET / 
--- response_body
-CN=test0,O=IGI,C=IT
-CN=Test CA,O=IGI,C=IT
--- error_code: 200
--- a/t/eec_subject2.t
+++ b/t/eec_subject2.t
+use Test::Nginx::Socket 'no_plan';
+
+run_tests();
+
+__DATA__
+
+=== TEST 1: End-entity X.509 certificate 
+--- main_config
+    env X509_VOMS_DIR=t/vomsdir;
+    env X509_CERT_DIR=t/trust-anchors;
+    load_module /etc/nginx/modules/ngx_http_voms_module.so;
+--- http_config
+    client_body_temp_path /tmp/client_temp;
+    proxy_temp_path       /tmp/proxy_temp_path;
+    fastcgi_temp_path     /tmp/fastcgi_temp;
+    uwsgi_temp_path       /tmp/uwsgi_temp;
+    scgi_temp_path        /tmp/scgi_temp;
+    server {
+        error_log logs/error.log debug;
+        listen 8443 ssl;
+        ssl_certificate ../../certs/star_test_example.cert.pem;
+        ssl_certificate_key ../../certs/star_test_example.key.pem;
+        ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
+        ssl_verify_depth 10;
+        ssl_verify_client on;
+        location = / {
+            default_type text/plain;
+            return 200 "$ssl_client_ee_s_dn\n$ssl_client_s_dn\n$ssl_client_ee_i_dn\n$ssl_client_i_dn\n";
+        }
+    }
+--- config
+    location = / {
+        error_log logs/error-proxy.log debug;
+        proxy_pass https://localhost:8443/;
+        proxy_ssl_certificate ../../certs/test0.cert.pem;
+        proxy_ssl_certificate_key ../../certs/test0.key.pem;
+    }
+--- request
+GET / 
+--- response_body eval
+my $c_s = `openssl x509 -in t/certs/test0.cert.pem -noout -subject -nameopt RFC2253` =~ s/^subject=//r;
+my $c_i = `openssl x509 -in t/certs/test0.cert.pem -noout -issuer -nameopt RFC2253` =~ s/^issuer=//r;
+"$c_s$c_s$c_i$c_i";
+--- error_code: 200
--- a/t/eec_subject3.t
+++ b/t/eec_subject3.t
+use Test::Nginx::Socket 'no_plan';
+
+run_tests();
+
+__DATA__
+
+=== TEST 1: three delegations proxy
+--- main_config
+    env X509_VOMS_DIR=t/vomsdir;
+    env X509_CERT_DIR=t/trust-anchors;
+    load_module /etc/nginx/modules/ngx_http_voms_module.so;
+--- http_config
+    client_body_temp_path /tmp/client_temp;
+    proxy_temp_path       /tmp/proxy_temp_path;
+    fastcgi_temp_path     /tmp/fastcgi_temp;
+    uwsgi_temp_path       /tmp/uwsgi_temp;
+    scgi_temp_path        /tmp/scgi_temp;
+    server {
+        error_log logs/error.log debug;
+        listen 8443 ssl;
+        ssl_certificate ../../certs/star_test_example.cert.pem;
+        ssl_certificate_key ../../certs/star_test_example.key.pem;
+        ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
+        ssl_verify_depth 10;
+        ssl_verify_client on;
+	location = / {
+            default_type text/plain;
+            return 200 "$ssl_client_ee_s_dn\n$ssl_client_ee_i_dn\n";
+        }
+    }
+--- config
+    location = / {
+        error_log logs/error-proxy.log debug;
+        proxy_pass https://localhost:8443/;
+        proxy_ssl_certificate ../../certs/6.cert.pem;
+        proxy_ssl_certificate_key ../../certs/6.key.pem;
+    }
+--- request
+GET / 
+--- response_body eval
+my $c_s = `openssl x509 -in t/certs/test0.cert.pem -noout -subject -nameopt RFC2253` =~ s/^subject=//r;
+my $c_i = `openssl x509 -in t/certs/test0.cert.pem -noout -issuer -nameopt RFC2253` =~ s/^issuer=//r;
+"$c_s$c_i";
+--- error_code: 200
--- a/t/encoding.t
+++ b/t/encoding.t
-
 use Test::Nginx::Socket 'no_plan';

 run_tests();
@@ -9,18 +8,24 @@ __DATA__
 --- main_config
    env X509_VOMS_DIR=t/vomsdir;
    env X509_CERT_DIR=t/trust-anchors;
+    load_module /etc/nginx/modules/ngx_http_voms_module.so;
 --- http_config
+    client_body_temp_path /tmp/client_temp;
+    proxy_temp_path       /tmp/proxy_temp_path;
+    fastcgi_temp_path     /tmp/fastcgi_temp;
+    uwsgi_temp_path       /tmp/uwsgi_temp;
+    scgi_temp_path        /tmp/scgi_temp;
    server {
        error_log logs/error.log debug;
        listen 8443 ssl;
-        ssl_certificate ../../certs/nginx_voms_example.cert.pem;
-        ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
-        ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
+        ssl_certificate ../../certs/star_test_example.cert.pem;
+        ssl_certificate_key ../../certs/star_test_example.key.pem;
+        ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
        ssl_verify_depth 10;
        ssl_verify_client on;
-	location = / {
+        location = / {
            default_type text/plain;
-            echo $voms_generic_attributes;
+            return 200 "$voms_generic_attributes\n";
        }
    }
 --- config
@@ -33,5 +38,5 @@ __DATA__
 --- request
 GET / 
 --- response_body
-n=nickname v=newland86 q=test.vo,n=title v=assegnista%25di%25ricerca%40CNAF q=test.vo
+n=nickname v=sd q=test.vo,n=title v=assegnista%25di%25ricerca%40CNAF q=test.vo
 --- error_code: 200
--- a/t/expired.t
+++ b/t/expired.t
@@ -7,18 +7,24 @@ __DATA__

 === TEST 1: https with x509 client authentication, expired client certificate
 --- main_config
+    load_module /etc/nginx/modules/ngx_http_voms_module.so;
 --- http_config
+    client_body_temp_path /tmp/client_temp;
+    proxy_temp_path       /tmp/proxy_temp_path;
+    fastcgi_temp_path     /tmp/fastcgi_temp;
+    uwsgi_temp_path       /tmp/uwsgi_temp;
+    scgi_temp_path        /tmp/scgi_temp;
    server {
        error_log logs/error.log debug;
        listen 8443 ssl;
-        ssl_certificate ../../certs/nginx_voms_example.cert.pem;
-        ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
-        ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
+        ssl_certificate ../../certs/star_test_example.cert.pem;
+        ssl_certificate_key ../../certs/star_test_example.key.pem;
+        ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
        ssl_verify_depth 10;
        ssl_verify_client on;
-	location = / {
+        location = / {
            default_type text/plain;
-            echo $ssl_client_s_dn;
+            return 200 "$ssl_client_s_dn\n";
        }
    }
 --- config

--- a/t/expired_ac.t
+++ b/t/expired_ac.t
@@ -9,19 +9,24 @@ __DATA__
 --- main_config
    env X509_VOMS_DIR=t/vomsdir;
    env X509_CERT_DIR=t/trust-anchors;
+    load_module /etc/nginx/modules/ngx_http_voms_module.so;
 --- http_config
+    client_body_temp_path /tmp/client_temp;
+    proxy_temp_path       /tmp/proxy_temp_path;
+    fastcgi_temp_path     /tmp/fastcgi_temp;
+    uwsgi_temp_path       /tmp/uwsgi_temp;
+    scgi_temp_path        /tmp/scgi_temp;
    server {
        error_log logs/error.log debug;
        listen 8443 ssl;
-        ssl_certificate ../../certs/nginx_voms_example.cert.pem;
-        ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
-        ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
+        ssl_certificate ../../certs/star_test_example.cert.pem;
+        ssl_certificate_key ../../certs/star_test_example.key.pem;
+        ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
        ssl_verify_depth 10;
        ssl_verify_client on;
-	location = / {
+        location = / {
            default_type text/plain;
-            echo $voms_fqans;
-            echo $voms_user;
+            return 200 "$voms_fqans\n$voms_user\n";
        }
    }
 --- config
@@ -32,7 +37,7 @@ __DATA__
        proxy_ssl_certificate_key ../../certs/1.key.pem;
    }
 --- request
-GET / 
+GET /
 --- response_body_like eval
 qr/\n\n/
 --- error_log

--- a/t/no_ac.t
+++ b/t/no_ac.t
-
 use Test::Nginx::Socket 'no_plan';

 run_tests();

 __DATA__

-=== TEST 1: https with x509 client authentication, valid proxy certificate with no VOMS attributes 
+=== TEST 1: HTTPS with X.509 client authentication, valid proxy certificate with no VOMS attributes
 --- main_config
    env X509_VOMS_DIR=t/vomsdir;
+    load_module /etc/nginx/modules/ngx_http_voms_module.so;
 --- http_config
+    client_body_temp_path /tmp/client_temp;
+    proxy_temp_path       /tmp/proxy_temp_path;
+    fastcgi_temp_path     /tmp/fastcgi_temp;
+    uwsgi_temp_path       /tmp/uwsgi_temp;
+    scgi_temp_path        /tmp/scgi_temp;
    server {
        error_log logs/error.log debug;
        listen 8443 ssl;
-        ssl_certificate ../../certs/nginx_voms_example.cert.pem;
-        ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
-        ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
+        ssl_certificate ../../certs/star_test_example.cert.pem;
+        ssl_certificate_key ../../certs/star_test_example.key.pem;
+        ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
        ssl_verify_depth 10;
        ssl_verify_client on;
-	location = / {
+        location = / {
            default_type text/plain;
-            echo $voms_fqans;
-            echo $voms_user;
+            return 200 "$voms_fqans\n$voms_user\n";
        }
    }
 --- config
@@ -31,7 +35,7 @@ __DATA__
        proxy_ssl_certificate_key ../../certs/0.key.pem;
    }
 --- request
-GET / 
+GET /
 --- response_body_like eval
 qr/\n\n/
 --- error_log

--- a/t/no_ssl.t
+++ b/t/no_ssl.t
@@ -7,14 +7,19 @@ __DATA__

 === TEST 1: HTTP connection, no SSL
 --- main_config
-    env X509_VOMS_DIR=t/vomsdir;
+    load_module /etc/nginx/modules/ngx_http_voms_module.so;
 --- http_config
+    client_body_temp_path /tmp/client_temp;
+    proxy_temp_path       /tmp/proxy_temp_path;
+    fastcgi_temp_path     /tmp/fastcgi_temp;
+    uwsgi_temp_path       /tmp/uwsgi_temp;
+    scgi_temp_path        /tmp/scgi_temp;
    server {
        error_log logs/error.log debug;
        listen 8443;
        location = / {
            default_type text/plain;
-            echo $voms_user;
+            return 200 "$voms_user\n";
        }
    }
 --- config
@@ -23,7 +28,7 @@ __DATA__
        proxy_pass http://localhost:8443/;
    }
 --- request
-GET / 
+GET /
 --- response_body_like eval
 qr/\n/
 --- error_log

--- a/t/no_ta.t
+++ b/t/no_ta.t
-
 use Test::Nginx::Socket 'no_plan';

 run_tests();

 __DATA__

-=== TEST 1: Valid proxy, wrong client trust-anchor 
+=== TEST 1: Valid proxy, wrong client trust-anchor
 --- main_config
    env X509_VOMS_DIR=t/vomsdir;
    env X509_CERT_DIR=t/trust-anchors;
+    load_module /etc/nginx/modules/ngx_http_voms_module.so;
 --- http_config
+    client_body_temp_path /tmp/client_temp;
+    proxy_temp_path       /tmp/proxy_temp_path;
+    fastcgi_temp_path     /tmp/fastcgi_temp;
+    uwsgi_temp_path       /tmp/uwsgi_temp;
+    scgi_temp_path        /tmp/scgi_temp;
    server {
        error_log logs/error.log debug;
        listen 8443 ssl;
-        ssl_certificate ../../certs/nginx_voms_example.cert.pem;
-        ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
-        ssl_client_certificate ../../trust-anchors/igi-test-ca-2.pem;
+        ssl_certificate ../../certs/star_test_example.cert.pem;
+        ssl_certificate_key ../../certs/star_test_example.key.pem;
+        ssl_client_certificate ../../trust-anchors/igi_test_ca2.pem;
        ssl_verify_depth 10;
        ssl_verify_client on;
-	location = / {
+        location = / {
            default_type text/plain;
-            echo $voms_fqans;
+            return 200 "$voms_fqans\n";
        }
    }
 --- config
@@ -31,7 +36,7 @@ __DATA__
        proxy_ssl_certificate_key ../../certs/3.key.pem;
    }
 --- request
-GET / 
+GET /
 --- error_code: 400


--- a/t/openssl.conf
+++ b/t/openssl.conf
+
+config_diagnostics     = 1
+
+[ ca ]
+
+default_ca             = ${ENV::CA_NAME}
+
+.include conf.d
--- a/t/proxies.d/1.conf
+++ b/t/proxies.d/1.conf
+-voms=test.vo
+-cert=certs/test0.cert.pem
+-key=certs/test0.key.pem
+-hostcert=certs/star_test_example.cert.pem
+-hostkey=certs/star_test_example.key.pem
+-certdir=trust-anchors
+-uri=voms.example:15000
+-fqan="/test.vo"
+-pastproxy=24:0
+-hours=100
+-pastac=24:0
+-vomslife=12
--- a/t/proxies.d/2.conf
+++ b/t/proxies.d/2.conf
+-voms=test.vo
+-cert=certs/test0.cert.pem
+-key=certs/test0.key.pem
+-hostcert=certs/star_test_example.cert.pem
+-hostkey=certs/star_test_example.key.pem
+-certdir=trust-anchors
+-uri=voms.example:15000
+-fqan="/test.vo"
+-pastproxy=24:0
+-hours=12
+-pastac=24:0
+-vomslife=12
--- a/t/proxies.d/3.conf
+++ b/t/proxies.d/3.conf
+-voms=test.vo
+-cert=certs/test0.cert.pem
+-key=certs/test0.key.pem
+-hostcert=certs/star_test_example.cert.pem
+-hostkey=certs/star_test_example.key.pem
+-certdir=trust-anchors
+-uri=voms.example:15000
+-fqan=/test.vo/exp1
+-fqan=/test.vo/exp2
+-fqan=/test.vo/exp3/Role=PIPPO
+-ga=nickname=sd
+-ga=nickname=cnaf
+-hours=12
+-vomslife=12
+-newserial=abcdef
--- a/t/proxies.d/4.conf
+++ b/t/proxies.d/4.conf
+-voms=test.vo
+-cert=certs/test0.cert.pem
+-key=certs/test0.key.pem
+-hostcert=certs/star_test_example.cert.pem
+-hostkey=certs/star_test_example.key.pem
+-certdir=trust-anchors
+-uri=voms.example:15000
+-fqan=/test.vo
+-ga=nickname=sd
+-ga=title=assegnista%di%ricerca@CNAF
+-hours=12
+-vomslife=12
--- a/t/proxies.d/5.conf
+++ b/t/proxies.d/5.conf
+-voms=test.vo
+-cert=certs/test0.cert.pem
+-key=certs/test0.key.pem
+-hostcert=certs/untrusted_voms.cert.pem
+-hostkey=certs/untrusted_voms.key.pem
+-certdir=trust-anchors
+-uri=voms.example:15000
+-fqan=/test.vo/exp1
+-fqan=/test.vo/exp2
+-fqan=/test.vo/exp3/Role=PIPPO
+-ga=nickname=sd
+-ga=nickname=cnaf
+-hours=12
+-vomslife=12
--- a/t/setup.sh
+++ b/t/setup.sh
+#!/bin/bash
+
+set -e
+
+if [ ! -e "openssl.conf" ]; then
+  >&2 echo "The configuration file 'openssl.conf' doesn't exist in this directory"
+  exit 1
+fi
+
+base_dir=$(cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd)
+certs_dir="${base_dir}"/certs
+ta_dir="${base_dir}"/trust-anchors
+vomsdir="${base_dir}"/vomsdir
+
+rm -rf "${certs_dir}"
+mkdir -p "${certs_dir}"
+rm -rf "${ta_dir}"
+mkdir -p "${ta_dir}"
+rm -rf "${vomsdir}"
+mkdir -p "${vomsdir}"
+
+[ -d "igi_test_ca2" ] && remove_ca.sh igi_test_ca2
+export CA_NAME=igi_test_ca2
+make_ca.sh
+make_crl.sh
+install_ca.sh igi_test_ca2 "${ta_dir}"
+
+make_cert.sh untrusted_voms
+cp igi_test_ca2/certs/untrusted_voms.* "${certs_dir}"
+
+[ -d "igi_test_ca" ] && remove_ca.sh igi_test_ca
+export CA_NAME=igi_test_ca
+make_ca.sh
+make_crl.sh
+install_ca.sh igi_test_ca "${ta_dir}"
+
+export X509_CERT_DIR="${ta_dir}"
+
+make_cert.sh test0
+cp igi_test_ca/certs/test0.* "${certs_dir}"
+
+make_cert.sh star_test_example
+cp igi_test_ca/certs/star_test_example.* "${certs_dir}"
+mkdir -p "${vomsdir}"/test.vo
+openssl x509 -in "${certs_dir}"/star_test_example.cert.pem -noout -subject -issuer -nameopt compat \
+  | sed -e 's/subject=//' -e 's/issuer=//' > "${vomsdir}"/test.vo/voms.example.lsc
+
+# test 1
+echo | voms-proxy-init -cert "${certs_dir}"/test0.p12 --valid 10:0 --out "${certs_dir}"/0.pem --pwstdin
+awk '/BEGIN RSA PRIVATE KEY/,/END RSA PRIVATE KEY/' "${certs_dir}"/0.pem > "${certs_dir}"/0.key.pem
+awk '/BEGIN CERTIFICATE/,/END CERTIFICATE/' "${certs_dir}"/0.pem > "${certs_dir}"/0.cert.pem
+
+# test 3
+cat "${certs_dir}"/test0.cert.pem "${ta_dir}"/igi_test_ca.pem > "${certs_dir}"/test0+ca.pem
+
+# long-lived proxy certificate, with an expired AC
+proxy_name=1
+voms-proxy-fake --debug -conf proxies.d/${proxy_name}.conf -out "${certs_dir}"/${proxy_name}.pem
+awk '/BEGIN CERTIFICATE/,/END CERTIFICATE/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.cert.pem
+awk '/BEGIN RSA PRIVATE KEY/,/END RSA PRIVATE KEY/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.key.pem
+chmod 600 "${certs_dir}"/${proxy_name}.key.pem
+
+# expired proxy certificate
+proxy_name=2
+voms-proxy-fake --debug -conf proxies.d/${proxy_name}.conf -out "${certs_dir}"/${proxy_name}.pem
+awk '/BEGIN CERTIFICATE/,/END CERTIFICATE/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.cert.pem
+awk '/BEGIN RSA PRIVATE KEY/,/END RSA PRIVATE KEY/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.key.pem
+chmod 600 "${certs_dir}"/${proxy_name}.key.pem
+
+# valid proxy certificate with valid AC
+proxy_name=3
+voms-proxy-fake --debug -conf proxies.d/${proxy_name}.conf -out "${certs_dir}"/${proxy_name}.pem
+awk '/BEGIN CERTIFICATE/,/END CERTIFICATE/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.cert.pem
+awk '/BEGIN RSA PRIVATE KEY/,/END RSA PRIVATE KEY/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.key.pem
+chmod 600 "${certs_dir}"/${proxy_name}.key.pem
+
+# proxy with VOMS generic attributes containing special characters
+proxy_name=4
+voms-proxy-fake --debug -conf proxies.d/${proxy_name}.conf -out "${certs_dir}"/${proxy_name}.pem
+awk '/BEGIN CERTIFICATE/,/END CERTIFICATE/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.cert.pem
+awk '/BEGIN RSA PRIVATE KEY/,/END RSA PRIVATE KEY/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.key.pem
+chmod 600 "${certs_dir}"/${proxy_name}.key.pem
+
+# proxy with valid VOMS attributes, untrusted AC signature (LSC missing) and VOMS trust-anchor missing
+proxy_name=5
+voms-proxy-fake --debug -conf proxies.d/${proxy_name}.conf -out "${certs_dir}"/${proxy_name}.pem
+awk '/BEGIN CERTIFICATE/,/END CERTIFICATE/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.cert.pem
+awk '/BEGIN RSA PRIVATE KEY/,/END RSA PRIVATE KEY/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.key.pem
+chmod 600 "${certs_dir}"/${proxy_name}.key.pem
+
+# proxy chain with 3 delegations, without VOMS attributes
+proxy_name=6
+env X509_USER_PROXY="${certs_dir}/3.pem" X509_CERT_DIR="${ta_dir}" voms-proxy-init2 --out "${certs_dir}"/${proxy_name}.pem -noregen -dont-verify-ac
+awk '/BEGIN CERTIFICATE/,/END CERTIFICATE/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.cert.pem
+awk '/BEGIN RSA PRIVATE KEY/,/END RSA PRIVATE KEY/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.key.pem
+chmod 600 "${certs_dir}"/${proxy_name}.key.pem
--- a/t/socket.js
+++ b/t/socket.js
+function connect(r) {
+    r.log("vivo");
+    var sock = new TCPSocket("127.0.0.1", 8443);
+    if (!sock.status) {
+        r.log("failed to connect to upstream: ");
+        r.return(500);
+    }
+    r.log("successfully connected to upstream!");
+    sock.writeable.write("G");
+    sock.close();
+    r.return(200);
+}
+  
+export default {connect}
\ No newline at end of file
No results found