Set up nginx integration test

This uses the system nginx (assumed to be available) to start a
server, then grabs a small html file and a larger 5MB download
with the system curl (using system openssl).

Author: ctz

rustls-libssl/tests/nginx.conf

@@ -0,0 +1,47 @@
+daemon off;
+master_process off;
+pid nginx.pid;
+
+events {
+}
+
+http {
+    ssl_protocols TLSv1.2 TLSv1.3;
+    access_log access.log;
+
+    server {
+        listen 8443 ssl;
+        server_name localhost;
+        ssl_certificate ../../../test-ca/rsa/server.cert;
+        ssl_certificate_key ../../../test-ca/rsa/server.key;
+
+        location = / {
+            return 200 \"hello world\n\";
+        }
+
+        location /ssl-agreed {
+            return 200 \"protocol:$ssl_protocol,cipher:$ssl_cipher\n\";
+        }
+
+        location /ssl-server-name {
+            return 200 \"server-name:$ssl_server_name\n\";
+        }
+
+        location /ssl-was-reused {
+            return 200 \"reused:$ssl_session_reused\n\";
+        }
+
+        # not currently implemented:
+        location /ssl-offer {
+            return 200 \"ciphers:$ssl_ciphers,curves:$ssl_curves\n\";
+        }
+
+        location /ssl-early-data {
+            return 200 \"early-data:$ssl_early_data\n\";
+        }
+
+        location /ssl-client-auth {
+            return 200 \"s-dn:$ssl_client_s_dn\ni-dn:$ssl_client_i_dn\nserial:$ssl_client_serial\nfp:$ssl_client_fingerprint\nverify:$ssl_client_verify\nv-start:$ssl_client_v_start\nv-end:$ssl_client_v_end\nv-remain:$ssl_client_v_remain\ncert:\n$ssl_client_cert\n\";
+        }
+    }
+}

rustls-libssl/tests/runner.rs

@@ -1,6 +1,6 @@
 use std::io::Read;
 use std::process::{Child, Command, Output, Stdio};
-use std::{net, thread, time};
+use std::{fs, net, thread, time};
 
 /* Note:
  *
@@ -327,6 +327,71 @@ fn server() {
     assert_eq!(openssl_output, rustls_output);
 }
 
+const NGINX_LOG_LEVEL: &str = "info";
+
+#[test]
+#[ignore]
+fn nginx() {
+    fs::create_dir_all("target/nginx-tmp/basic/html").unwrap();
+    fs::write(
+        "target/nginx-tmp/basic/server.conf",
+        include_str!("nginx.conf"),
+    )
+    .unwrap();
+
+    let big_file = vec![b'a'; 5 * 1024 * 1024];
+    fs::write("target/nginx-tmp/basic/html/large.html", &big_file).unwrap();
+
+    let nginx_server = KillOnDrop(Some(
+        Command::new("tests/maybe-valgrind.sh")
+            .args([
+                "nginx",
+                "-g",
+                &format!("error_log stderr {NGINX_LOG_LEVEL};"),
+                "-p",
+                "./target/nginx-tmp/basic",
+                "-c",
+                "server.conf",
+            ])
+            .spawn()
+            .unwrap(),
+    ));
+    wait_for_port(8443);
+
+    // basic single request
+    assert_eq!(
+        Command::new("curl")
+            .env("LD_LIBRARY_PATH", "")
+            .args(["--cacert", "test-ca/rsa/ca.cert", "https://localhost:8443/"])
+            .stdout(Stdio::piped())
+            .output()
+            .map(print_output)
+            .unwrap()
+            .stdout,
+        b"hello world\n"
+    );
+
+    // big download (throttled by curl to ensure non-blocking writes work)
+    assert_eq!(
+        Command::new("curl")
+            .env("LD_LIBRARY_PATH", "")
+            .args([
+                "--cacert",
+                "test-ca/rsa/ca.cert",
+                "--limit-rate",
+                "1M",
+                "https://localhost:8443/large.html"
+            ])
+            .stdout(Stdio::piped())
+            .output()
+            .unwrap()
+            .stdout,
+        big_file
+    );
+
+    drop(nginx_server);
+}
+
 struct KillOnDrop(Option<Child>);
 
 impl KillOnDrop {