Mercurial > hg > nginx-tests
annotate h3_ssl_reject_handshake.t @ 1887:1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Notably, LibreSSL fails to properly implement QUIC send_alert callback.
It uses to return send_alert result as the result of TLS handshake.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Thu, 23 Feb 2023 17:25:57 +0400 |
| parents | |
| children | 8b74936ff2ac |
| rev | line source |
|---|---|
|
1887
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for HTTP/3 protocol, ssl_reject_handshake. |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 use Test::Nginx::HTTP3; |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 ############################################################################### |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDERR; $| = 1; |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 select STDOUT; $| = 1; |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 eval { require Crypt::Misc; die if $Crypt::Misc::VERSION < 0.067; }; |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 plan(skip_all => 'CryptX version >= 0.067 required') if $@; |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 my $t = Test::Nginx->new()->has(qw/http http_v3/) |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 ->has_daemon('openssl')->plan(7) |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 ->write_file_expand('nginx.conf', <<'EOF'); |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 %%TEST_GLOBALS%% |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 daemon off; |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 events { |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 } |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 http { |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 %%TEST_GLOBALS_HTTP%% |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 add_header X-Name $ssl_server_name; |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 server { |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 listen 127.0.0.1:%%PORT_8980_UDP%% quic; |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 server_name localhost; |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 ssl_reject_handshake on; |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 } |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 server { |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 listen 127.0.0.1:%%PORT_8980_UDP%% quic; |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 server_name virtual; |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 ssl_certificate localhost.crt; |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 ssl_certificate_key localhost.key; |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 } |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 server { |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 listen 127.0.0.1:%%PORT_8982_UDP%% quic; |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 server_name localhost; |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 ssl_certificate localhost.crt; |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 ssl_certificate_key localhost.key; |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 } |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 server { |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 listen 127.0.0.1:%%PORT_8982_UDP%% quic; |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 server_name virtual1; |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 } |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 server { |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 listen 127.0.0.1:%%PORT_8982_UDP%% quic; |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 server_name virtual2; |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 ssl_reject_handshake on; |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 } |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 } |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 EOF |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 $t->write_file('openssl.conf', <<EOF); |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 [ req ] |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 default_bits = 2048 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 encrypt_key = no |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 distinguished_name = req_distinguished_name |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 [ req_distinguished_name ] |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 EOF |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 my $d = $t->testdir(); |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 foreach my $name ('localhost') { |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 system('openssl req -x509 -new ' |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 . "-config $d/openssl.conf -subj /CN=$name/ " |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 . "-out $d/$name.crt -keyout $d/$name.key " |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 . ">>$d/openssl.out 2>&1") == 0 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 or die "Can't create certificate for $name: $!\n"; |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 } |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 $t->write_file('index.html', ''); |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 $t->run(); |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 ############################################################################### |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 my $alert = 0x100 + 112; # "unrecognized_name" |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 SKIP: { |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 # OpenSSL < 1.1.1j requires TLSv1.3-capable certificates in the default server |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 # See commit "Modify is_tls13_capable() to take account of the servername cb" |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 # Additionally, it was seen with OpenSSL 1.1.1k FIPS as found on RHEL 8.1 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 my $got = bad('default', 8980); |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 skip "OpenSSL too old", 3 if $got && $got == 0x100 + 70; # "protocol_version" |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 # default virtual server rejected |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 TODO: { |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 local $TODO = 'broken send_alert in LibreSSL' if $t->has_module('LibreSSL'); |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 is(bad('default', 8980), $alert, 'default rejected'); |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 is(bad(undef, 8980), $alert, 'absent sni rejected'); |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 } |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 like(get('virtual', 8980), qr/virtual/, 'virtual accepted'); |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 } |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
131 # non-default server "virtual2" rejected |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
132 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
133 like(get('default', 8982), qr/default/, 'default accepted'); |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 like(get(undef, 8982), qr/200/, 'absent sni accepted'); |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 like(get('virtual1', 8982), qr/virtual1/, 'virtual 1 accepted'); |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
136 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
137 TODO: { |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
138 local $TODO = 'broken send_alert in LibreSSL' if $t->has_module('LibreSSL'); |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
140 is(bad('virtual2', 8982), $alert, 'virtual 2 rejected'); |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
141 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
142 } |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
143 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
144 ############################################################################### |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
145 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
146 sub get { |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 my ($sni, $port) = @_; |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
148 my $s = Test::Nginx::HTTP3->new($port, sni => $sni); |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
149 my $sid = $s->new_stream({ host => $sni }); |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
150 my $frames = $s->read(all => [{ sid => $sid, fin => 1 }]); |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
151 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
152 my ($frame) = grep { $_->{type} eq "HEADERS" } @$frames; |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
153 return $frame->{headers}->{':status'} |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
154 . ($frame->{headers}->{'x-name'} || ''); |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
155 } |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
156 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
157 sub bad { |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
158 my ($sni, $port) = @_; |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
159 my $s = Test::Nginx::HTTP3->new($port, sni => $sni, probe => 1); |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
160 my $frames = $s->read(all => [{ type => "CONNECTION_CLOSE" }]); |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
161 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
162 my ($frame) = grep { $_->{type} eq "CONNECTION_CLOSE" } @$frames; |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
163 return $frame->{error}; |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
164 } |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
165 |
|
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
166 ############################################################################### |