Compare revisions

3c4a7183 · 3c4a7183 · 3c4a7183 · 3c4a7183 · 3c4a7183 · 3c4a7183
--- a/t/conf.d/igi_test_ca.conf
+++ b/t/conf.d/igi_test_ca.conf
+
+[ igi_test_ca ]
+
+dir                    = ${ENV::CA_NAME}
+certs                  = $dir/certs
+database               = $dir/index.txt
+serial                 = $dir/serial
+certificate            = $dir/ca.crt
+private_key            = $dir/private/ca.key
+default_crl_days       = 30
+default_md             = sha512
+
+[ igi_test_ca_cert ]
+
+default_bits           = 2048
+default_keyfile        = ${ENV::CA_NAME}/private/ca.key
+distinguished_name     = ${ENV::CA_NAME}_dn
+prompt                 = no
+encrypt_key            = no
+default_md             = sha512
+x509_extensions        = ${ENV::CA_NAME}_extensions
+
+[ igi_test_ca_dn ]
+
+C                      = IT
+O                      = IGI
+CN                     = Test CA
+
+[ igi_test_ca_extensions ]
+
+subjectKeyIdentifier   = hash
+authorityKeyIdentifier = keyid:always, issuer:always
+basicConstraints       = critical, CA:true
+keyUsage               = critical, cRLSign, keyCertSign
--- a/t/conf.d/igi_test_ca2.conf
+++ b/t/conf.d/igi_test_ca2.conf
+
+[ igi_test_ca2 ]
+
+dir                    = ${ENV::CA_NAME}
+certs                  = $dir/certs
+database               = $dir/index.txt
+serial                 = $dir/serial
+certificate            = $dir/ca.crt
+private_key            = $dir/private/ca.key
+default_crl_days       = 30
+default_md             = sha512
+
+[ igi_test_ca2_cert ]
+
+default_bits           = 2048
+default_keyfile        = ${ENV::CA_NAME}/private/ca.key
+distinguished_name     = ${ENV::CA_NAME}_dn
+prompt                 = no
+encrypt_key            = no
+default_md             = sha512
+x509_extensions        = ${ENV::CA_NAME}_extensions
+
+[ igi_test_ca2_dn ]
+
+C                      = IT
+O                      = IGI
+CN                     = Test CA 2
+
+[ igi_test_ca2_extensions ]
+
+subjectKeyIdentifier   = hash
+authorityKeyIdentifier = keyid:always, issuer:always
+basicConstraints       = critical, CA:true
+keyUsage               = critical, cRLSign, keyCertSign
--- a/t/conf.d/revoked.conf
+++ b/t/conf.d/revoked.conf
+
+[ revoked ]
+
+default_bits           = 2048
+default_keyfile        = ${ENV::CA_NAME}/certs/revoked.key.pem
+distinguished_name     = revoked_dn
+prompt                 = no
+output_password        = pass
+default_md             = sha512
+x509_extensions        = revoked_extensions
+
+[ revoked_dn ]
+
+C                      = IT
+O                      = IGI
+CN                     = Revoked
+
+[ revoked_extensions ]
+
+basicConstraints       = critical,CA:FALSE
+subjectKeyIdentifier   = hash
+keyUsage               = critical, nonRepudiation, digitalSignature, keyEncipherment
+authorityKeyIdentifier = keyid, issuer
+subjectAltName         = email:revoked@cnaf.infn.it
+
+
--- a/t/conf.d/star_test_example.conf
+++ b/t/conf.d/star_test_example.conf
+
+[ star_test_example ]
+
+default_bits           = 2048
+default_keyfile        = ${ENV::CA_NAME}/certs/star_test_example.key.pem
+distinguished_name     = star_test_example_dn
+prompt                 = no
+encrypt_key            = no
+default_md             = sha512
+x509_extensions        = star_test_example_extensions
+
+[ star_test_example_dn ]
+
+C                      = IT
+O                      = IGI
+CN                     = *.test.example
+
+[ star_test_example_extensions ]
+
+basicConstraints       = critical,CA:FALSE
+subjectKeyIdentifier   = hash
+keyUsage               = critical, digitalSignature
+extendedKeyUsage       = serverAuth, clientAuth
+authorityKeyIdentifier = keyid, issuer
+subjectAltName         = DNS:*.test.example
--- a/t/conf.d/test0.conf
+++ b/t/conf.d/test0.conf
+
+[ test0 ]
+
+default_bits           = 2048
+default_keyfile        = ${ENV::CA_NAME}/certs/test0.key.pem
+distinguished_name     = test0_dn
+prompt                 = no
+encrypt_key            = no
+default_md             = sha512
+x509_extensions        = test0_extensions
+
+[ test0_dn ]
+
+C                      = IT
+O                      = IGI
+CN                     = Test0
+
+[ test0_extensions ]
+
+basicConstraints       = critical,CA:FALSE
+subjectKeyIdentifier   = hash
+keyUsage               = critical, nonRepudiation, digitalSignature, keyEncipherment
+authorityKeyIdentifier = keyid, issuer
+subjectAltName         = email:test0@cnaf.infn.it
+
+
--- a/t/conf.d/test1.conf
+++ b/t/conf.d/test1.conf
+
+[ test1 ]
+
+default_bits           = 2048
+default_keyfile        = ${ENV::CA_NAME}/certs/test1.key.pem
+distinguished_name     = test1_dn
+prompt                 = no
+encrypt_key            = no
+default_md             = sha512
+x509_extensions        = test1_extensions
+
+[ test1_dn ]
+
+C                      = IT
+O                      = IGI
+CN                     = Test1
+
+[ test1_extensions ]
+
+basicConstraints       = critical,CA:FALSE
+subjectKeyIdentifier   = hash
+keyUsage               = critical, nonRepudiation, digitalSignature, keyEncipherment
+authorityKeyIdentifier = keyid, issuer
+subjectAltName         = email:test1@cnaf.infn.it
+
+
--- a/t/conf.d/untrusted_voms.conf
+++ b/t/conf.d/untrusted_voms.conf
+
+[ untrusted_voms ]
+
+default_bits           = 2048
+default_keyfile        = ${ENV::CA_NAME}/certs/untrusted_voms.key.pem
+distinguished_name     = untrusted_voms_dn
+prompt                 = no
+encrypt_key            = no
+default_md             = sha512
+x509_extensions        = untrusted_voms_extensions
+
+[ untrusted_voms_dn ]
+
+C                      = IT
+O                      = IGI
+CN                     = untrusted-voms.example
+
+[ untrusted_voms_extensions ]
+
+basicConstraints       = critical,CA:FALSE
+subjectKeyIdentifier   = hash
+keyUsage               = critical, digitalSignature
+extendedKeyUsage       = serverAuth, clientAuth
+authorityKeyIdentifier = keyid, issuer
+subjectAltName         = DNS:untrusted-voms.example
--- a/t/eec_cert1.t
+++ b/t/eec_cert1.t
@@ -4,23 +4,28 @@ run_tests();

 __DATA__

-=== TEST 1: rfc proxy certificate, no AC
+=== TEST 1: RFC proxy certificate, no AC
 --- main_config
    env X509_VOMS_DIR=t/vomsdir;
    env X509_CERT_DIR=t/trust-anchors;
    load_module /etc/nginx/modules/ngx_http_voms_module.so;
 --- http_config
+    client_body_temp_path /tmp/client_temp;
+    proxy_temp_path       /tmp/proxy_temp_path;
+    fastcgi_temp_path     /tmp/fastcgi_temp;
+    uwsgi_temp_path       /tmp/uwsgi_temp;
+    scgi_temp_path        /tmp/scgi_temp;	
    server {
        error_log logs/error.log debug;
        listen 8443 ssl;
-        ssl_certificate ../../certs/nginx_voms_example.cert.pem;
-        ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
-        ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
+        ssl_certificate ../../certs/star_test_example.cert.pem;
+        ssl_certificate_key ../../certs/star_test_example.key.pem;
+        ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
        ssl_verify_depth 10;
        ssl_verify_client on;
 	location = / {
            default_type text/plain;
-            return 200 "$ssl_client_ee_cert\n";
+            return 200 "$ssl_client_ee_s_dn\n$ssl_client_ee_i_dn\n$ssl_client_s_dn\n$ssl_client_i_dn\n";
        }
    }
 --- config
@@ -32,27 +37,10 @@ __DATA__
    }
 --- request
 GET / 
--- response_body
-----BEGIN CERTIFICATE-----
-	MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM
-	MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX
-	DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG
-	A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw
-	hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R
-	BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc
-	CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK
-	2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al
-	xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop
-	kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
-	fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG
-	CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF
-	BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe
-	gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB
-	AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx
-	d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu
-	SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf
-	49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg
-	C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N
-	vDxcPMc/wmnMa+smNal0sJ6m
-	-----END CERTIFICATE-----
+--- response_body eval
+my $ee_s = `openssl x509 -in t/certs/test0.cert.pem -noout -subject -nameopt RFC2253` =~ s/^subject=//r;
+my $ee_i = `openssl x509 -in t/certs/test0.cert.pem -noout -issuer -nameopt RFC2253` =~ s/^issuer=//r;
+my $pr_s = `openssl x509 -in t/certs/0.cert.pem -noout -subject -nameopt RFC2253` =~ s/^subject=//r;
+my $pr_i = `openssl x509 -in t/certs/0.cert.pem -noout -issuer -nameopt RFC2253` =~ s/^issuer=//r;
+"$ee_s$ee_i$pr_s$pr_i";
 --- error_code: 200
--- a/t/eec_cert2.t
+++ b/t/eec_cert2.t
-use Test::Nginx::Socket 'no_plan';
-
-run_tests();
-
-__DATA__
-
-=== TEST 2: EEC
--- main_config
-    env X509_VOMS_DIR=t/vomsdir;
-    env X509_CERT_DIR=t/trust-anchors;
-    load_module /etc/nginx/modules/ngx_http_voms_module.so;
--- http_config
-    server {
-        error_log logs/error.log debug;
-        listen 8443 ssl;
-        ssl_certificate ../../certs/nginx_voms_example.cert.pem;
-        ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
-        ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
-        ssl_verify_depth 10;
-        ssl_verify_client on;
-	location = / {
-            default_type text/plain;
-            return 200 "$ssl_client_ee_cert\n";
-        }
-    }
--- config
-    location = / {
-        error_log logs/error-proxy.log debug;
-        proxy_pass https://localhost:8443/;
-        proxy_ssl_certificate ../../certs/test0.cert.pem;
-        proxy_ssl_certificate_key ../../certs/9.key.pem;
-    }
--- request
-GET / 
--- response_body
-----BEGIN CERTIFICATE-----
-	MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM
-	MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX
-	DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG
-	A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw
-	hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R
-	BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc
-	CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK
-	2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al
-	xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop
-	kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
-	fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG
-	CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF
-	BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe
-	gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB
-	AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx
-	d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu
-	SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf
-	49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg
-	C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N
-	vDxcPMc/wmnMa+smNal0sJ6m
-	-----END CERTIFICATE-----
--- error_code: 200
--- a/t/eec_chain.t
+++ b/t/eec_chain.t
@@ -10,49 +10,33 @@ __DATA__
    env X509_CERT_DIR=t/trust-anchors;
 	load_module /etc/nginx/modules/ngx_http_voms_module.so;
 --- http_config
+    client_body_temp_path /tmp/client_temp;
+    proxy_temp_path       /tmp/proxy_temp_path;
+    fastcgi_temp_path     /tmp/fastcgi_temp;
+    uwsgi_temp_path       /tmp/uwsgi_temp;
+    scgi_temp_path        /tmp/scgi_temp;
    server {
        error_log logs/error.log debug;
        listen 8443 ssl;
-        ssl_certificate ../../certs/nginx_voms_example.cert.pem;
-        ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
-        ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
+        ssl_certificate ../../certs/star_test_example.cert.pem;
+        ssl_certificate_key ../../certs/star_test_example.key.pem;
+        ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
        ssl_verify_depth 10;
        ssl_verify_client on;
-	location = / {
+	    location = / {
            default_type text/plain;
-			return 200 "$ssl_client_ee_cert\n";
+			return 200 "$ssl_client_ee_s_dn\n";
        }
    }
 --- config
    location = / {
        error_log logs/error-proxy.log debug;
        proxy_pass https://localhost:8443/;
-        proxy_ssl_certificate ../../certs/9.pem;
-        proxy_ssl_certificate_key ../../certs/9.key.pem;
+        proxy_ssl_certificate ../../certs/test0+ca.pem;
+        proxy_ssl_certificate_key ../../certs/test0.key.pem;
    }
 --- request
-GET / 
--- response_body
-----BEGIN CERTIFICATE-----
-	MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM
-	MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX
-	DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG
-	A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw
-	hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R
-	BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc
-	CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK
-	2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al
-	xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop
-	kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
-	fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG
-	CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF
-	BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe
-	gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB
-	AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx
-	d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu
-	SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf
-	49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg
-	C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N
-	vDxcPMc/wmnMa+smNal0sJ6m
-	-----END CERTIFICATE-----
+GET /
+--- response_body eval
+`openssl x509 -in t/certs/test0.cert.pem -noout -subject -nameopt RFC2253` =~ s/^subject=//r;
 --- error_code: 200
--- a/t/eec_subject1.t
+++ b/t/eec_subject1.t
-use Test::Nginx::Socket 'no_plan';
-
-run_tests();
-
-__DATA__
-
-=== TEST 1: rfc proxy certificate, no AC
--- main_config
-    env X509_VOMS_DIR=t/vomsdir;
-    env X509_CERT_DIR=t/trust-anchors;
-    load_module /etc/nginx/modules/ngx_http_voms_module.so;
--- http_config
-    server {
-        error_log logs/error.log debug;
-        listen 8443 ssl;
-        ssl_certificate ../../certs/nginx_voms_example.cert.pem;
-        ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
-        ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
-        ssl_verify_depth 10;
-        ssl_verify_client on;
-	location = / {
-            default_type text/plain;
-            return 200 "$ssl_client_ee_s_dn\n$ssl_client_ee_i_dn\n";
-        }
-    }
--- config
-    location = / {
-        error_log logs/error-proxy.log debug;
-        proxy_pass https://localhost:8443/;
-        proxy_ssl_certificate ../../certs/0.cert.pem;
-        proxy_ssl_certificate_key ../../certs/0.key.pem;
-    }
--- request
-GET / 
--- response_body
-CN=test0,O=IGI,C=IT
-CN=Test CA,O=IGI,C=IT
--- error_code: 200
--- a/t/eec_subject2.t
+++ b/t/eec_subject2.t
@@ -4,21 +4,26 @@ run_tests();

 __DATA__

-=== TEST 1: standard x.509 certificate 
+=== TEST 1: End-entity X.509 certificate 
 --- main_config
    env X509_VOMS_DIR=t/vomsdir;
    env X509_CERT_DIR=t/trust-anchors;
    load_module /etc/nginx/modules/ngx_http_voms_module.so;
 --- http_config
+    client_body_temp_path /tmp/client_temp;
+    proxy_temp_path       /tmp/proxy_temp_path;
+    fastcgi_temp_path     /tmp/fastcgi_temp;
+    uwsgi_temp_path       /tmp/uwsgi_temp;
+    scgi_temp_path        /tmp/scgi_temp;
    server {
        error_log logs/error.log debug;
        listen 8443 ssl;
-        ssl_certificate ../../certs/nginx_voms_example.cert.pem;
-        ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
-        ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
+        ssl_certificate ../../certs/star_test_example.cert.pem;
+        ssl_certificate_key ../../certs/star_test_example.key.pem;
+        ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
        ssl_verify_depth 10;
        ssl_verify_client on;
-	location = / {
+        location = / {
            default_type text/plain;
            return 200 "$ssl_client_ee_s_dn\n$ssl_client_s_dn\n$ssl_client_ee_i_dn\n$ssl_client_i_dn\n";
        }
@@ -27,14 +32,13 @@ __DATA__
    location = / {
        error_log logs/error-proxy.log debug;
        proxy_pass https://localhost:8443/;
-        proxy_ssl_certificate ../../certs/nginx_voms_example.cert.pem;
-        proxy_ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
+        proxy_ssl_certificate ../../certs/test0.cert.pem;
+        proxy_ssl_certificate_key ../../certs/test0.key.pem;
    }
 --- request
 GET / 
--- response_body
-CN=nginx-voms.example,O=IGI,C=IT
-CN=nginx-voms.example,O=IGI,C=IT
-CN=Test CA,O=IGI,C=IT
-CN=Test CA,O=IGI,C=IT
+--- response_body eval
+my $c_s = `openssl x509 -in t/certs/test0.cert.pem -noout -subject -nameopt RFC2253` =~ s/^subject=//r;
+my $c_i = `openssl x509 -in t/certs/test0.cert.pem -noout -issuer -nameopt RFC2253` =~ s/^issuer=//r;
+"$c_s$c_s$c_i$c_i";
 --- error_code: 200
--- a/t/eec_subject3.t
+++ b/t/eec_subject3.t
@@ -10,12 +10,17 @@ __DATA__
    env X509_CERT_DIR=t/trust-anchors;
    load_module /etc/nginx/modules/ngx_http_voms_module.so;
 --- http_config
+    client_body_temp_path /tmp/client_temp;
+    proxy_temp_path       /tmp/proxy_temp_path;
+    fastcgi_temp_path     /tmp/fastcgi_temp;
+    uwsgi_temp_path       /tmp/uwsgi_temp;
+    scgi_temp_path        /tmp/scgi_temp;
    server {
        error_log logs/error.log debug;
        listen 8443 ssl;
-        ssl_certificate ../../certs/nginx_voms_example.cert.pem;
-        ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
-        ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
+        ssl_certificate ../../certs/star_test_example.cert.pem;
+        ssl_certificate_key ../../certs/star_test_example.key.pem;
+        ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
        ssl_verify_depth 10;
        ssl_verify_client on;
 	location = / {
@@ -27,12 +32,13 @@ __DATA__
    location = / {
        error_log logs/error-proxy.log debug;
        proxy_pass https://localhost:8443/;
-        proxy_ssl_certificate ../../certs/7.cert.pem;
-        proxy_ssl_certificate_key ../../certs/7.key.pem;
+        proxy_ssl_certificate ../../certs/6.cert.pem;
+        proxy_ssl_certificate_key ../../certs/6.key.pem;
    }
 --- request
 GET / 
--- response_body
-CN=test0,O=IGI,C=IT
-CN=Test CA,O=IGI,C=IT
+--- response_body eval
+my $c_s = `openssl x509 -in t/certs/test0.cert.pem -noout -subject -nameopt RFC2253` =~ s/^subject=//r;
+my $c_i = `openssl x509 -in t/certs/test0.cert.pem -noout -issuer -nameopt RFC2253` =~ s/^issuer=//r;
+"$c_s$c_i";
 --- error_code: 200
--- a/t/eec_subject4.t
+++ b/t/eec_subject4.t
-use Test::Nginx::Socket 'no_plan';
-
-run_tests();
-
-__DATA__
-
-=== TEST 1: three delegations proxy + CA cert
--- main_config
-    env X509_VOMS_DIR=t/vomsdir;
-    env X509_CERT_DIR=t/trust-anchors;
-    load_module /etc/nginx/modules/ngx_http_voms_module.so;
--- http_config
-    server {
-        error_log logs/error.log debug;
-        listen 8443 ssl;
-        ssl_certificate ../../certs/nginx_voms_example.cert.pem;
-        ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
-        ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
-        ssl_verify_depth 10;
-        ssl_verify_client on;
-	location = / {
-            default_type text/plain;
-            return 200 "$ssl_client_ee_s_dn\n$ssl_client_ee_i_dn\n"; 
-        }
-    }
--- config
-    location = / {
-        error_log logs/error-proxy.log debug;
-        proxy_pass https://localhost:8443/;
-        proxy_ssl_certificate ../../certs/8.cert.pem;
-        proxy_ssl_certificate_key ../../certs/8.key.pem;
-    }
--- request
-GET / 
--- response_body
-CN=test0,O=IGI,C=IT
-CN=Test CA,O=IGI,C=IT
--- error_code: 200
--- a/t/encoding.t
+++ b/t/encoding.t
-
 use Test::Nginx::Socket 'no_plan';

 run_tests();
@@ -11,15 +10,20 @@ __DATA__
    env X509_CERT_DIR=t/trust-anchors;
    load_module /etc/nginx/modules/ngx_http_voms_module.so;
 --- http_config
+    client_body_temp_path /tmp/client_temp;
+    proxy_temp_path       /tmp/proxy_temp_path;
+    fastcgi_temp_path     /tmp/fastcgi_temp;
+    uwsgi_temp_path       /tmp/uwsgi_temp;
+    scgi_temp_path        /tmp/scgi_temp;
    server {
        error_log logs/error.log debug;
        listen 8443 ssl;
-        ssl_certificate ../../certs/nginx_voms_example.cert.pem;
-        ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
-        ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
+        ssl_certificate ../../certs/star_test_example.cert.pem;
+        ssl_certificate_key ../../certs/star_test_example.key.pem;
+        ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
        ssl_verify_depth 10;
        ssl_verify_client on;
-	location = / {
+        location = / {
            default_type text/plain;
            return 200 "$voms_generic_attributes\n";
        }
@@ -34,5 +38,5 @@ __DATA__
 --- request
 GET / 
 --- response_body
-n=nickname v=newland86 q=test.vo,n=title v=assegnista%25di%25ricerca%40CNAF q=test.vo
+n=nickname v=sd q=test.vo,n=title v=assegnista%25di%25ricerca%40CNAF q=test.vo
 --- error_code: 200
--- a/t/expired.t
+++ b/t/expired.t
@@ -9,15 +9,20 @@ __DATA__
 --- main_config
    load_module /etc/nginx/modules/ngx_http_voms_module.so;
 --- http_config
+    client_body_temp_path /tmp/client_temp;
+    proxy_temp_path       /tmp/proxy_temp_path;
+    fastcgi_temp_path     /tmp/fastcgi_temp;
+    uwsgi_temp_path       /tmp/uwsgi_temp;
+    scgi_temp_path        /tmp/scgi_temp;
    server {
        error_log logs/error.log debug;
        listen 8443 ssl;
-        ssl_certificate ../../certs/nginx_voms_example.cert.pem;
-        ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
-        ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
+        ssl_certificate ../../certs/star_test_example.cert.pem;
+        ssl_certificate_key ../../certs/star_test_example.key.pem;
+        ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
        ssl_verify_depth 10;
        ssl_verify_client on;
-	location = / {
+        location = / {
            default_type text/plain;
            return 200 "$ssl_client_s_dn\n";
        }

--- a/t/expired_ac.t
+++ b/t/expired_ac.t
@@ -11,15 +11,20 @@ __DATA__
    env X509_CERT_DIR=t/trust-anchors;
    load_module /etc/nginx/modules/ngx_http_voms_module.so;
 --- http_config
+    client_body_temp_path /tmp/client_temp;
+    proxy_temp_path       /tmp/proxy_temp_path;
+    fastcgi_temp_path     /tmp/fastcgi_temp;
+    uwsgi_temp_path       /tmp/uwsgi_temp;
+    scgi_temp_path        /tmp/scgi_temp;
    server {
        error_log logs/error.log debug;
        listen 8443 ssl;
-        ssl_certificate ../../certs/nginx_voms_example.cert.pem;
-        ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
-        ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
+        ssl_certificate ../../certs/star_test_example.cert.pem;
+        ssl_certificate_key ../../certs/star_test_example.key.pem;
+        ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
        ssl_verify_depth 10;
        ssl_verify_client on;
-	location = / {
+        location = / {
            default_type text/plain;
            return 200 "$voms_fqans\n$voms_user\n";
        }
@@ -32,7 +37,7 @@ __DATA__
        proxy_ssl_certificate_key ../../certs/1.key.pem;
    }
 --- request
-GET / 
+GET /
 --- response_body_like eval
 qr/\n\n/
 --- error_log

--- a/t/my-njs-test.t
+++ b/t/my-njs-test.t
-
-use Test::Nginx::Socket 'no_plan';
-
-run_tests();
-
-__DATA__
-
-=== TEST 1: hello world
--- main_config
-load_module /etc/nginx/modules/ngx_http_js_module.so;
-load_module /etc/nginx/modules/ngx_stream_js_module.so;
-
--- http_config
-js_path "/home/nginx/t";
-js_import main from testvoms.js;
-
--- config
-location = /hello {
-    js_content main.hello;
-}
-
--- request
-GET /hello
-
--- response_body
-Hello world!
--- a/t/no_ac.t
+++ b/t/no_ac.t
-
 use Test::Nginx::Socket 'no_plan';

 run_tests();

 __DATA__

-=== TEST 1: https with x509 client authentication, valid proxy certificate with no VOMS attributes 
+=== TEST 1: HTTPS with X.509 client authentication, valid proxy certificate with no VOMS attributes
 --- main_config
    env X509_VOMS_DIR=t/vomsdir;
    load_module /etc/nginx/modules/ngx_http_voms_module.so;
 --- http_config
+    client_body_temp_path /tmp/client_temp;
+    proxy_temp_path       /tmp/proxy_temp_path;
+    fastcgi_temp_path     /tmp/fastcgi_temp;
+    uwsgi_temp_path       /tmp/uwsgi_temp;
+    scgi_temp_path        /tmp/scgi_temp;
    server {
        error_log logs/error.log debug;
        listen 8443 ssl;
-        ssl_certificate ../../certs/nginx_voms_example.cert.pem;
-        ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
-        ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
+        ssl_certificate ../../certs/star_test_example.cert.pem;
+        ssl_certificate_key ../../certs/star_test_example.key.pem;
+        ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
        ssl_verify_depth 10;
        ssl_verify_client on;
-	location = / {
+        location = / {
            default_type text/plain;
            return 200 "$voms_fqans\n$voms_user\n";
        }
@@ -31,7 +35,7 @@ __DATA__
        proxy_ssl_certificate_key ../../certs/0.key.pem;
    }
 --- request
-GET / 
+GET /
 --- response_body_like eval
 qr/\n\n/
 --- error_log

--- a/t/no_ssl.t
+++ b/t/no_ssl.t
@@ -7,9 +7,13 @@ __DATA__

 === TEST 1: HTTP connection, no SSL
 --- main_config
-    env X509_VOMS_DIR=t/vomsdir;
    load_module /etc/nginx/modules/ngx_http_voms_module.so;
 --- http_config
+    client_body_temp_path /tmp/client_temp;
+    proxy_temp_path       /tmp/proxy_temp_path;
+    fastcgi_temp_path     /tmp/fastcgi_temp;
+    uwsgi_temp_path       /tmp/uwsgi_temp;
+    scgi_temp_path        /tmp/scgi_temp;
    server {
        error_log logs/error.log debug;
        listen 8443;
@@ -24,7 +28,7 @@ __DATA__
        proxy_pass http://localhost:8443/;
    }
 --- request
-GET / 
+GET /
 --- response_body_like eval
 qr/\n/
 --- error_log
No results found