return merged
end
+function load_cert(certname, keyname)
+ local f, err = io.open(certname, 'r')
+ if not f then
+ panic('[http] unable to read TLS certificate file %s: %s', certname, err)
+ end
+ crt = x509.new(f:read('*all'))
+ f:close()
+ if not crt then
+ panic('[http] unable to parse TLS certificate file %s', certname)
+ end
+
+ f, err = io.open(keyname, 'r')
+ if not f then
+ panic('[http] unable to open TLS key file %s: %s', keyname, err)
+ end
+ key = pkey.new(f:read('*all'))
+ f:close()
+ if not key then
+ panic('[http] unable to parse TLS key file %s', keyname)
+ end
+ return crt, key
+end
+
-- @function Listen on given socket
-- using configuration for specific "kind" of HTTP server
function add_socket(fd, kind)
if conf.tls ~= false then
-- Check if a cert file was specified
-- Read or create self-signed x509 certificate
- local f = io.open(conf.cert, 'r')
- if f then
- crt = assert(x509.new(f:read('*all')))
- f:close()
- -- Continue reading key file
- if crt then
- f = io.open(conf.key, 'r')
- if not f then
- panic('enable to open HTTP key file %s',
- conf.key)
- end
- key = assert(pkey.new(f:read('*all')))
- f:close()
- end
- elseif conf.ephemeral then
+ if conf.ephemeral then
crt, key = updatecert(conf.cert, conf.key)
+ else
+ crt, key = load_cert(conf.cert, conf.key)
end
-- Check loaded certificate
if not crt or not key then
if conf.cert then
conf.ephemeral = false
if not conf.key then
- error('certificate provided, but missing key')
+ panic('[http] certificate provided, but missing key')
end
+ -- test if it can be loaded or not
+ load_cert(conf.cert, conf.key)
end
if conf.geoip then
if has_mmdb then
modules.load('http')
same(http.config(config), nil, desc .. ' can be configured')
- local server = http.servers[1]
- ok(server ~= nil, desc .. ' creates server instance')
- local _, host, port = server:localname()
- ok(host and port, desc .. ' binds to an interface')
+ local bound
+ for i = 1,1000 do
+ bound = net.listen('127.0.0.1', math.random(1025,65535), { kind = 'webmgmt'} )
+ if bound then
+ break
+ end
+ end
+ assert(bound, 'unable to bind a port for HTTP module (1000 attempts)')
+
+ local server_fd = next(http.servers)
+ assert(server_fd)
+ local server = http.servers[server_fd].server
+ ok(server ~= nil, 'creates server instance')
+ _, host, port = server:localname()
+ ok(host and port, 'binds to an interface')
return host, port
end
end
local function test_defaults()
- local host, port = setup_module('HTTP module default config', {})
+ local host, port = setup_module('HTTP module default config', nil)
local uri = string.format('http://%s:%d', host, port)
check_protocol(uri, 'HTTP is enabled by default', true)
local desc = 'HTTP-only config'
local host, port = setup_module(desc,
{
- port = 0, -- Select random port
tls = false,
})
local desc = 'HTTPS-only config'
local host, port = setup_module(desc,
{
- port = 0, -- Select random port
tls = true,
})
local function test_custom_cert()
desc = 'config with custom certificate'
local host, port = setup_module(desc, {{
- host = host,
- port = port,
cert = 'test.crt',
key = 'test.key'
}})
local function test_nonexistent_cert()
desc = 'config with non-existing certificate file'
boom(http.config, {{
- port = 0,
cert = '/tmp/surely_nonexistent_cert_1532432095',
key = 'test.key'
}}, desc)
local function test_nonexistent_key()
desc = 'config with non-existing key file'
boom(http.config, {{
- port = 0,
cert = 'test.crt',
key = '/tmp/surely_nonexistent_cert_1532432095'
}}, desc)
local function test_missing_key_param()
desc = 'config with missing key= param'
boom(http.config, {{
- port = 0,
cert = 'test.crt'
}}, desc)
end
local function test_broken_cert()
desc = 'config with broken file in cert= param'
boom(http.config, {{
- port = 0,
cert = 'broken.crt',
key = 'test.key'
}}, desc)
local function test_broken_key()
desc = 'config with broken file in key= param'
boom(http.config, {{
- port = 0,
cert = 'test.crt',
key = 'broken.key'
}}, desc)
projects / thirdparty / knot-resolver.git / commitdiff
