Mercurial > hg > nginx-tests
annotate stream_ssl_session_reuse.t @ 1851:0351dee227a8
Tests: unbreak tests with dynamic certificates on stable.
In 74cffa9d4c43, ticket based session reuse is enabled in addition to
using a shared SSL session cache. This changed how a session can be
resumed in a different server:
- for a session ID based resumption, it is resumed in the same context
- when using session tickets, a key name is also checked for matching
- with a ticket callback, this is skipped in favor of callback's logic
This makes 'session id context match' tests fail with session tickets
on stable since ticket key names are unique in distinct SSL contexts.
On the other hand, tests pass on 1.23.2+ due to automatic ticket keys
rotation that installs ticket callback, and using a common shared SSL
session cache.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Tue, 28 Mar 2023 01:36:32 +0400 |
| parents | df96e9d6c095 |
| children | dbb7561a9441 |
| rev | line source |
|---|---|
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
|
1833
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
4 # (C) Maxim Dounin |
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 # (C) Nginx, Inc. |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 |
|
1833
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
7 # Tests for stream ssl module, session reuse. |
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 ############################################################################### |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use warnings; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 use strict; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 use Test::More; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 |
|
1621
fd440d324700
Tests: simplified get_ssl_socket() functions that use Net::SSLeay.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1609
diff
changeset
|
16 use Socket qw/ $CRLF /; |
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 BEGIN { use FindBin; chdir($FindBin::Bin); } |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 use lib 'lib'; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 use Test::Nginx; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 ############################################################################### |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 select STDERR; $| = 1; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 select STDOUT; $| = 1; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 eval { |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 require Net::SSLeay; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 Net::SSLeay::load_error_strings(); |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 Net::SSLeay::SSLeay_add_ssl_algorithms(); |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 Net::SSLeay::randomize(); |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 }; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 plan(skip_all => 'Net::SSLeay not installed') if $@; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 my $t = Test::Nginx->new()->has(qw/stream stream_ssl/)->has_daemon('openssl'); |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 |
|
645
ed103c38b115
Tests: more ssl_session_cache tests in stream_ssl.t.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
636
diff
changeset
|
38 $t->plan(7)->write_file_expand('nginx.conf', <<'EOF'); |
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 %%TEST_GLOBALS%% |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 daemon off; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 events { |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 } |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 stream { |
|
1609
f3ba4c74de31
Tests: added TEST_GLOBALS_STREAM variable support.
Andrei Belov <defan@nginx.com>
parents:
1488
diff
changeset
|
48 %%TEST_GLOBALS_STREAM%% |
|
f3ba4c74de31
Tests: added TEST_GLOBALS_STREAM variable support.
Andrei Belov <defan@nginx.com>
parents:
1488
diff
changeset
|
49 |
|
1833
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
50 ssl_certificate localhost.crt; |
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 ssl_certificate_key localhost.key; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 |
|
1833
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
53 server { |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
54 listen 127.0.0.1:8443 ssl; |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
55 proxy_pass 127.0.0.1:8081; |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
56 } |
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 server { |
|
1833
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
59 listen 127.0.0.1:8444 ssl; |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
60 proxy_pass 127.0.0.1:8081; |
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 |
|
1833
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
62 ssl_session_cache shared:SSL:1m; |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
63 ssl_session_tickets on; |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
64 } |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
65 |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
66 server { |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
67 listen 127.0.0.1:8445 ssl; |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
68 proxy_pass 127.0.0.1:8081; |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
69 |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
70 ssl_session_cache shared:SSL:1m; |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
71 ssl_session_tickets off; |
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 } |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 server { |
|
1833
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
75 listen 127.0.0.1:8446 ssl; |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
76 proxy_pass 127.0.0.1:8081; |
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 |
|
1833
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
78 ssl_session_cache builtin; |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
79 ssl_session_tickets off; |
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 } |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 server { |
|
1833
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
83 listen 127.0.0.1:8447 ssl; |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
84 proxy_pass 127.0.0.1:8081; |
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 |
|
645
ed103c38b115
Tests: more ssl_session_cache tests in stream_ssl.t.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
636
diff
changeset
|
86 ssl_session_cache builtin:1000; |
|
1833
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
87 ssl_session_tickets off; |
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 } |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 server { |
|
1833
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
91 listen 127.0.0.1:8448 ssl; |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
92 proxy_pass 127.0.0.1:8081; |
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 |
|
1833
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
94 ssl_session_cache none; |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
95 ssl_session_tickets off; |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
96 } |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
97 |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
98 server { |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
99 listen 127.0.0.1:8449 ssl; |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
100 proxy_pass 127.0.0.1:8081; |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
101 |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
102 ssl_session_cache off; |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
103 ssl_session_tickets off; |
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 } |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 } |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 EOF |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 $t->write_file('openssl.conf', <<EOF); |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 [ req ] |
|
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1220
diff
changeset
|
111 default_bits = 2048 |
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 encrypt_key = no |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 distinguished_name = req_distinguished_name |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 [ req_distinguished_name ] |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 EOF |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 my $d = $t->testdir(); |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 |
|
1833
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
119 foreach my $name ('localhost') { |
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 system('openssl req -x509 -new ' |
|
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1204
diff
changeset
|
121 . "-config $d/openssl.conf -subj /CN=$name/ " |
|
1833
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
122 . "-out $d/$name.crt -keyout $d/$name.key " |
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 . ">>$d/openssl.out 2>&1") == 0 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 or die "Can't create certificate for $name: $!\n"; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 } |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!"); |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 $t->run_daemon(\&http_daemon); |
|
1087
534d209f6ae4
Tests: fixed ssl_password_file test hang with missing FIFO reader.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1039
diff
changeset
|
130 |
|
1833
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
131 $t->run(); |
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
132 |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
133 $t->waitforsocket('127.0.0.1:' . port(8081)); |
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 ############################################################################### |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
136 |
|
1833
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
137 # session reuse: |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
138 # |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
139 # - only tickets, the default |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
140 # - tickets and shared cache, should work always |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
141 # - only shared cache |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
142 # - only builtin cache |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
143 # - only builtin cache with explicitly configured size |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
144 # - only cache none |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
145 # - only cache off |
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
146 |
|
1834
df96e9d6c095
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1833
diff
changeset
|
147 TODO: { |
|
df96e9d6c095
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1833
diff
changeset
|
148 local $TODO = 'no TLSv1.3 sessions in LibreSSL' |
|
df96e9d6c095
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1833
diff
changeset
|
149 if $t->has_module('LibreSSL') && test_tls13(); |
|
df96e9d6c095
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1833
diff
changeset
|
150 |
|
1833
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
151 is(test_reuse(8443), 1, 'tickets reused'); |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
152 is(test_reuse(8444), 1, 'tickets and cache reused'); |
|
1834
df96e9d6c095
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1833
diff
changeset
|
153 |
|
df96e9d6c095
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1833
diff
changeset
|
154 TODO: { |
|
df96e9d6c095
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1833
diff
changeset
|
155 local $TODO = 'no TLSv1.3 session cache in BoringSSL' |
|
df96e9d6c095
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1833
diff
changeset
|
156 if $t->has_module('BoringSSL') && test_tls13(); |
|
df96e9d6c095
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1833
diff
changeset
|
157 |
|
1833
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
158 is(test_reuse(8445), 1, 'cache shared reused'); |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
159 is(test_reuse(8446), 1, 'cache builtin reused'); |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
160 is(test_reuse(8447), 1, 'cache builtin size reused'); |
|
1834
df96e9d6c095
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1833
diff
changeset
|
161 |
|
df96e9d6c095
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1833
diff
changeset
|
162 } |
|
df96e9d6c095
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1833
diff
changeset
|
163 } |
|
df96e9d6c095
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1833
diff
changeset
|
164 |
|
1833
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
165 is(test_reuse(8448), 0, 'cache none not reused'); |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
166 is(test_reuse(8449), 0, 'cache off not reused'); |
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
167 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
168 ############################################################################### |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
169 |
|
1834
df96e9d6c095
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1833
diff
changeset
|
170 sub test_tls13 { |
|
df96e9d6c095
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1833
diff
changeset
|
171 my ($s, $ssl) = get_ssl_socket(8443); |
|
df96e9d6c095
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1833
diff
changeset
|
172 return (Net::SSLeay::version($ssl) > 0x303); |
|
df96e9d6c095
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1833
diff
changeset
|
173 } |
|
df96e9d6c095
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1833
diff
changeset
|
174 |
|
1833
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
175 sub test_reuse { |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
176 my ($port) = @_; |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
177 my ($s, $ssl) = get_ssl_socket($port); |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
178 Net::SSLeay::write($ssl, "GET / HTTP/1.0$CRLF$CRLF"); |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
179 Net::SSLeay::read($ssl); |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
180 my $ses = Net::SSLeay::get_session($ssl); |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
181 ($s, $ssl) = get_ssl_socket($port, $ses); |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
182 return Net::SSLeay::session_reused($ssl); |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
183 } |
|
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
184 |
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
185 sub get_ssl_socket { |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
186 my ($port, $ses) = @_; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
187 |
|
1833
fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
188 my $s = IO::Socket::INET->new('127.0.0.1:' . port($port)); |
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
189 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!"); |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
190 Net::SSLeay::set_session($ssl, $ses) if defined $ses; |
|
1102
89d7d4d1be40
Tests: whitespace fixes.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1087
diff
changeset
|
191 Net::SSLeay::set_fd($ssl, fileno($s)); |
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
192 Net::SSLeay::connect($ssl) or die("ssl connect"); |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
193 return ($s, $ssl); |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
194 } |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
195 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
196 ############################################################################### |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
197 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
198 sub http_daemon { |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
199 my $server = IO::Socket::INET->new( |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
200 Proto => 'tcp', |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
201 LocalHost => '127.0.0.1:' . port(8081), |
|
559
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
202 Listen => 5, |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
203 Reuse => 1 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
204 ) |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
205 or die "Can't create listening socket: $!\n"; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
206 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
207 local $SIG{PIPE} = 'IGNORE'; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
208 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
209 while (my $client = $server->accept()) { |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
210 $client->autoflush(1); |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
211 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
212 while (<$client>) { |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
213 last if (/^\x0d?\x0a?$/); |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
214 } |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
215 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
216 print $client <<EOF; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
217 HTTP/1.1 200 OK |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
218 Connection: close |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
219 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
220 EOF |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
221 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
222 close $client; |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
223 } |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
224 } |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
225 |
|
9208d8243926
Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
226 ############################################################################### |