Mercurial > hg > nginx-tests
annotate ssl_session_ticket_key.t @ 1907:034c9121b9d1
Tests: added h2_http2.t TODOs for LibreSSL and older OpenSSL.
Those libraries provide an older callback order, where ALPN callback
is invoked before SNI callback.
Additionally, OpenSSL 1.0.2 doesn't send alert on ALPN mismatch.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Thu, 08 Jun 2023 16:41:11 +0400 |
parents | 5c50786e5da9 |
children | c924ae8d7104 |
rev | line source |
---|---|
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for rotation of SSL session ticket keys. |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
18 use Test::Nginx qw/ :DEFAULT http_end /; |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 ############################################################################### |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 select STDERR; $| = 1; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDOUT; $| = 1; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
25 eval { require Net::SSLeay; die if $Net::SSLeay::VERSION < 1.86; }; |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 plan(skip_all => 'Net::SSLeay version => 1.86 required') if $@; |
1869
5c50786e5da9
Tests: unbreak ssl_session_ticket_key.t with old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1865
diff
changeset
|
27 eval { require IO::Socket::SSL; die if $IO::Socket::SSL::VERSION < 2.030; }; |
5c50786e5da9
Tests: unbreak ssl_session_ticket_key.t with old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1865
diff
changeset
|
28 plan(skip_all => 'IO::Socket::SSL version => 2.030 required') if $@; |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
30 my $t = Test::Nginx->new()->has(qw/http http_ssl socket_ssl/) |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
31 ->has_daemon('openssl')->plan(2) |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
32 ->write_file_expand('nginx.conf', <<'EOF'); |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 %%TEST_GLOBALS%% |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 daemon off; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 worker_processes 2; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 events { |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 } |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 http { |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 %%TEST_GLOBALS_HTTP%% |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 ssl_certificate_key localhost.key; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 ssl_certificate localhost.crt; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
48 add_header X-SSL-Protocol $ssl_protocol; |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
49 |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 server { |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
51 listen 127.0.0.1:8443 ssl; |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 server_name localhost; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 ssl_session_cache shared:SSL:1m; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 ssl_session_timeout 2; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 } |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 } |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 EOF |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 $t->write_file('openssl.conf', <<EOF); |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 [ req ] |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 default_bits = 2048 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 encrypt_key = no |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 distinguished_name = req_distinguished_name |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 [ req_distinguished_name ] |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 EOF |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 my $d = $t->testdir(); |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 foreach my $name ('localhost') { |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 system('openssl req -x509 -new ' |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 . "-config $d/openssl.conf -subj /CN=$name/ " |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 . "-out $d/$name.crt -keyout $d/$name.key " |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 . ">>$d/openssl.out 2>&1") == 0 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 or die "Can't create certificate for $name: $!\n"; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 } |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
79 $t->write_file('index.html', ''); |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
80 |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 $t->run(); |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 ############################################################################### |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 # the test uses multiple worker processes to check shared tickey key rotation |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 # |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 # before 1.23.2, any test can fail depending on which worker served connection: |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 # the 1st test fails if served by another worker, because keys aren't shared |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 # the 2nd test fails if served by the same worker due to the lack of rotation |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 # |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 # with a single worker process it is only the 2nd test that fails |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 local $TODO = 'not yet' unless $t->has_version('1.23.2'); |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 my $key = get_ticket_key_name(); |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 select undef, undef, undef, 0.5; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 is(get_ticket_key_name(), $key, 'ticket key match'); |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 select undef, undef, undef, 2.5; |
1840
0381a0a212e1
Tests: fixed ssl_session_ticket_key.t with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1816
diff
changeset
|
101 |
1869
5c50786e5da9
Tests: unbreak ssl_session_ticket_key.t with old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1865
diff
changeset
|
102 local $TODO = 'no TLSv1.3 sessions, old Net::SSLeay' |
5c50786e5da9
Tests: unbreak ssl_session_ticket_key.t with old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1865
diff
changeset
|
103 if $Net::SSLeay::VERSION < 1.88 && test_tls13(); |
5c50786e5da9
Tests: unbreak ssl_session_ticket_key.t with old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1865
diff
changeset
|
104 local $TODO = 'no TLSv1.3 sessions, old IO::Socket::SSL' |
5c50786e5da9
Tests: unbreak ssl_session_ticket_key.t with old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1865
diff
changeset
|
105 if $IO::Socket::SSL::VERSION < 2.061 && test_tls13(); |
1840
0381a0a212e1
Tests: fixed ssl_session_ticket_key.t with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1816
diff
changeset
|
106 local $TODO = 'no TLSv1.3 sessions in LibreSSL' |
0381a0a212e1
Tests: fixed ssl_session_ticket_key.t with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1816
diff
changeset
|
107 if $t->has_module('LibreSSL') && test_tls13(); |
0381a0a212e1
Tests: fixed ssl_session_ticket_key.t with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1816
diff
changeset
|
108 |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 cmp_ok(get_ticket_key_name(), 'ne', $key, 'ticket key next'); |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 ############################################################################### |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 sub get_ticket_key_name { |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
114 my $asn = get_ssl_session(); |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 my $any = qr/[\x00-\xff]/; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 next: |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 # tag(10) | len{2} | OCTETSTRING(4) | len{2} | ticket(key_name|..) |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 $asn =~ /\xaa\x81($any)\x04\x81($any)($any{16})/g; |
1840
0381a0a212e1
Tests: fixed ssl_session_ticket_key.t with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1816
diff
changeset
|
119 return '' if !defined $3; |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 goto next if unpack("C", $1) - unpack("C", $2) != 3; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 my $key = unpack "H*", $3; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 Test::Nginx::log_core('||', "ticket key: $key"); |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 return $key; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 } |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 sub get_ssl_session { |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
127 my $cache = IO::Socket::SSL::Session_Cache->new(100); |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
129 my $s = http_get( |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
130 '/', start => 1, |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
131 SSL => 1, |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
132 SSL_session_cache => $cache, |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
133 SSL_session_key => 1 |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
134 ); |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
136 return unless $s; |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
137 http_end($s); |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
138 |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
139 my $sess = $cache->get_session(1); |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
140 return '' unless defined $sess; |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
141 return Net::SSLeay::i2d_SSL_SESSION($sess); |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
142 } |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
143 |
1840
0381a0a212e1
Tests: fixed ssl_session_ticket_key.t with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1816
diff
changeset
|
144 sub test_tls13 { |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
145 return http_get('/', SSL => 1) =~ /TLSv1.3/; |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
146 } |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
148 ############################################################################### |