Mercurial > hg > nginx-tests
annotate stream_upstream_zone_ssl.t @ 1851:0351dee227a8
Tests: unbreak tests with dynamic certificates on stable.
In 74cffa9d4c43, ticket based session reuse is enabled in addition to
using a shared SSL session cache. This changed how a session can be
resumed in a different server:
- for a session ID based resumption, it is resumed in the same context
- when using session tickets, a key name is also checked for matching
- with a ticket callback, this is skipped in favor of callback's logic
This makes 'session id context match' tests fail with session tickets
on stable since ticket key names are unique in distinct SSL contexts.
On the other hand, tests pass on 1.23.2+ due to automatic ticket keys
rotation that installs ticket callback, and using a common shared SSL
session cache.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Tue, 28 Mar 2023 01:36:32 +0400 |
| parents | 72d206b37df1 |
| children |
| rev | line source |
|---|---|
|
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Stream tests for upstream zone with ssl backend. |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
|
1195
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
19 use Test::Nginx::Stream qw/ stream /; |
|
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 ############################################################################### |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDERR; $| = 1; |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 select STDOUT; $| = 1; |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 |
|
1195
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
26 my $t = Test::Nginx->new()->has(qw/stream stream_ssl stream_return/) |
|
1197
155573499f20
Tests: more ssl session tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1195
diff
changeset
|
27 ->has(qw/stream_upstream_zone/)->has_daemon('openssl')->plan(9); |
|
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 $t->write_file_expand('nginx.conf', <<'EOF'); |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 %%TEST_GLOBALS%% |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 daemon off; |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 events { |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 } |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 stream { |
|
1609
f3ba4c74de31
Tests: added TEST_GLOBALS_STREAM variable support.
Andrei Belov <defan@nginx.com>
parents:
1488
diff
changeset
|
39 %%TEST_GLOBALS_STREAM%% |
|
f3ba4c74de31
Tests: added TEST_GLOBALS_STREAM variable support.
Andrei Belov <defan@nginx.com>
parents:
1488
diff
changeset
|
40 |
|
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 proxy_ssl on; |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 proxy_ssl_session_reuse on; |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 upstream u { |
|
982
325db3d62466
Tests: increase upstream shared memory zone sizes for large pages.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
45 zone u 1m; |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
46 server 127.0.0.1:8084; |
|
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 } |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 upstream u2 { |
|
982
325db3d62466
Tests: increase upstream shared memory zone sizes for large pages.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
50 zone u2 1m; |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
51 server 127.0.0.1:8084 backup; |
|
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
52 server 127.0.0.1:8085 down; |
|
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 } |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 server { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
56 listen 127.0.0.1:8080; |
|
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 proxy_pass u; |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 proxy_ssl_session_reuse off; |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 } |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 server { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
62 listen 127.0.0.1:8081; |
|
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 proxy_pass u; |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 } |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 server { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
67 listen 127.0.0.1:8082; |
|
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 proxy_pass u2; |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 proxy_ssl_session_reuse off; |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 } |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 server { |
|
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
73 listen 127.0.0.1:8083; |
|
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 proxy_pass u2; |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 } |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 server { |
|
1195
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
78 listen 127.0.0.1:8084 ssl; |
|
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
79 return $ssl_session_reused; |
|
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 ssl_certificate_key localhost.key; |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 ssl_certificate localhost.crt; |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 ssl_session_cache builtin; |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 } |
|
1849
72d206b37df1
Tests: fixed upstream zone ssl tests with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1609
diff
changeset
|
85 |
|
72d206b37df1
Tests: fixed upstream zone ssl tests with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1609
diff
changeset
|
86 server { |
|
72d206b37df1
Tests: fixed upstream zone ssl tests with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1609
diff
changeset
|
87 listen 127.0.0.1:8085; |
|
72d206b37df1
Tests: fixed upstream zone ssl tests with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1609
diff
changeset
|
88 proxy_pass 127.0.0.1:8086; |
|
72d206b37df1
Tests: fixed upstream zone ssl tests with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1609
diff
changeset
|
89 } |
|
72d206b37df1
Tests: fixed upstream zone ssl tests with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1609
diff
changeset
|
90 |
|
72d206b37df1
Tests: fixed upstream zone ssl tests with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1609
diff
changeset
|
91 server { |
|
72d206b37df1
Tests: fixed upstream zone ssl tests with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1609
diff
changeset
|
92 listen 127.0.0.1:8086 ssl; |
|
72d206b37df1
Tests: fixed upstream zone ssl tests with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1609
diff
changeset
|
93 return $ssl_protocol; |
|
72d206b37df1
Tests: fixed upstream zone ssl tests with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1609
diff
changeset
|
94 |
|
72d206b37df1
Tests: fixed upstream zone ssl tests with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1609
diff
changeset
|
95 ssl_certificate_key localhost.key; |
|
72d206b37df1
Tests: fixed upstream zone ssl tests with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1609
diff
changeset
|
96 ssl_certificate localhost.crt; |
|
72d206b37df1
Tests: fixed upstream zone ssl tests with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1609
diff
changeset
|
97 } |
|
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 } |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 EOF |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 $t->write_file('openssl.conf', <<EOF); |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 [ req ] |
|
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1381
diff
changeset
|
104 default_bits = 2048 |
|
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 encrypt_key = no |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 distinguished_name = req_distinguished_name |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 [ req_distinguished_name ] |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 EOF |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 my $d = $t->testdir(); |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 foreach my $name ('localhost') { |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 system('openssl req -x509 -new ' |
|
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1197
diff
changeset
|
114 . "-config $d/openssl.conf -subj /CN=$name/ " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1197
diff
changeset
|
115 . "-out $d/$name.crt -keyout $d/$name.key " |
|
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 . ">>$d/openssl.out 2>&1") == 0 |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 or die "Can't create certificate for $name: $!\n"; |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 } |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 $t->run(); |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 ############################################################################### |
|
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 |
|
1195
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
124 is(stream('127.0.0.1:' . port(8080))->read(), '.', 'ssl'); |
|
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
125 is(stream('127.0.0.1:' . port(8080))->read(), '.', 'ssl 2'); |
|
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 |
|
1195
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
127 is(stream('127.0.0.1:' . port(8081))->read(), '.', 'ssl session new'); |
|
1849
72d206b37df1
Tests: fixed upstream zone ssl tests with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1609
diff
changeset
|
128 |
|
72d206b37df1
Tests: fixed upstream zone ssl tests with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1609
diff
changeset
|
129 TODO: { |
|
72d206b37df1
Tests: fixed upstream zone ssl tests with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1609
diff
changeset
|
130 local $TODO = 'no TLSv1.3 sessions in LibreSSL' |
|
72d206b37df1
Tests: fixed upstream zone ssl tests with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1609
diff
changeset
|
131 if $t->has_module('LibreSSL') and test_tls13(); |
|
72d206b37df1
Tests: fixed upstream zone ssl tests with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1609
diff
changeset
|
132 |
|
1195
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
133 is(stream('127.0.0.1:' . port(8081))->read(), 'r', 'ssl session reused'); |
|
1197
155573499f20
Tests: more ssl session tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1195
diff
changeset
|
134 is(stream('127.0.0.1:' . port(8081))->read(), 'r', 'ssl session reused 2'); |
|
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 |
|
1849
72d206b37df1
Tests: fixed upstream zone ssl tests with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1609
diff
changeset
|
136 } |
|
72d206b37df1
Tests: fixed upstream zone ssl tests with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1609
diff
changeset
|
137 |
|
1195
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
138 is(stream('127.0.0.1:' . port(8082))->read(), '.', 'backup ssl'); |
|
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
139 is(stream('127.0.0.1:' . port(8082))->read(), '.', 'backup ssl 2'); |
|
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
140 |
|
1195
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
141 is(stream('127.0.0.1:' . port(8083))->read(), '.', 'backup ssl session new'); |
|
1849
72d206b37df1
Tests: fixed upstream zone ssl tests with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1609
diff
changeset
|
142 |
|
72d206b37df1
Tests: fixed upstream zone ssl tests with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1609
diff
changeset
|
143 TODO: { |
|
72d206b37df1
Tests: fixed upstream zone ssl tests with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1609
diff
changeset
|
144 local $TODO = 'no TLSv1.3 sessions in LibreSSL' |
|
72d206b37df1
Tests: fixed upstream zone ssl tests with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1609
diff
changeset
|
145 if $t->has_module('LibreSSL') and test_tls13(); |
|
72d206b37df1
Tests: fixed upstream zone ssl tests with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1609
diff
changeset
|
146 |
|
1195
af7feabed82a
Tests: stream proxy ssl session tests no longer use http backends.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
147 is(stream('127.0.0.1:' . port(8083))->read(), 'r', 'backup ssl session reused'); |
|
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
148 |
|
1849
72d206b37df1
Tests: fixed upstream zone ssl tests with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1609
diff
changeset
|
149 } |
|
72d206b37df1
Tests: fixed upstream zone ssl tests with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1609
diff
changeset
|
150 |
|
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
151 ############################################################################### |
|
1849
72d206b37df1
Tests: fixed upstream zone ssl tests with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1609
diff
changeset
|
152 |
|
72d206b37df1
Tests: fixed upstream zone ssl tests with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1609
diff
changeset
|
153 sub test_tls13 { |
|
72d206b37df1
Tests: fixed upstream zone ssl tests with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1609
diff
changeset
|
154 stream('127.0.0.1:' . port(8085))->read() =~ /TLSv1.3/; |
|
72d206b37df1
Tests: fixed upstream zone ssl tests with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1609
diff
changeset
|
155 } |
|
72d206b37df1
Tests: fixed upstream zone ssl tests with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1609
diff
changeset
|
156 |
|
72d206b37df1
Tests: fixed upstream zone ssl tests with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1609
diff
changeset
|
157 ############################################################################### |