Mercurial > hg > nginx-tests
annotate ssl_session_reuse.t @ 1830:8dec885fa3da
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3.
LibreSSL does not support session reuse with TLSv1.3 at all. BoringSSL
with TLSv1.3 only supports session tickets, but not server-side session
cache.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Thu, 23 Mar 2023 19:49:49 +0300 |
| parents | a78c32419f02 |
| children | cdcd75657e52 |
| rev | line source |
|---|---|
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
|
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
3 # (C) Andrey Zelenkov |
|
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
4 # (C) Maxim Dounin |
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 # (C) Nginx, Inc. |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 |
|
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
7 # Tests for http ssl module, session reuse. |
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 ############################################################################### |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use warnings; |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 use strict; |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 use Test::More; |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 BEGIN { use FindBin; chdir($FindBin::Bin); } |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use lib 'lib'; |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 use Test::Nginx; |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 ############################################################################### |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDERR; $| = 1; |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 select STDOUT; $| = 1; |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 |
|
430
a82b02635614
Tests: skip ssl tests with ancient IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
397
diff
changeset
|
26 eval { require IO::Socket::SSL; }; |
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 plan(skip_all => 'IO::Socket::SSL not installed') if $@; |
|
430
a82b02635614
Tests: skip ssl tests with ancient IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
397
diff
changeset
|
28 eval { IO::Socket::SSL::SSL_VERIFY_NONE(); }; |
|
a82b02635614
Tests: skip ssl tests with ancient IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
397
diff
changeset
|
29 plan(skip_all => 'IO::Socket::SSL too old') if $@; |
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 |
|
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
31 my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite/) |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
32 ->has_daemon('openssl')->plan(8); |
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 |
|
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
34 $t->write_file_expand('nginx.conf', <<'EOF'); |
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 %%TEST_GLOBALS%% |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 daemon off; |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 events { |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 } |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 http { |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 %%TEST_GLOBALS_HTTP%% |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 |
|
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
46 ssl_certificate_key localhost.key; |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
47 ssl_certificate localhost.crt; |
|
1675
0d1cec688111
Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1655
diff
changeset
|
48 |
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 server { |
|
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
50 listen 127.0.0.1:8443 ssl; |
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 server_name localhost; |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 |
|
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
53 location / { |
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 return 200 "body $ssl_session_reused"; |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 } |
|
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
56 location /protocol { |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
57 return 200 "body $ssl_protocol"; |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
58 } |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
59 } |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
60 |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
61 server { |
|
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
62 listen 127.0.0.1:8444 ssl; |
|
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
63 server_name localhost; |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
64 |
|
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
65 ssl_session_cache shared:SSL:1m; |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
66 ssl_session_tickets on; |
|
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
67 |
|
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
68 location / { |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
69 return 200 "body $ssl_session_reused"; |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
70 } |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
71 } |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
72 |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
73 server { |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
74 listen 127.0.0.1:8445 ssl; |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
75 server_name localhost; |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
76 |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
77 ssl_session_cache shared:SSL:1m; |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
78 ssl_session_tickets off; |
|
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
79 |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
80 location / { |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
81 return 200 "body $ssl_session_reused"; |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
82 } |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
83 } |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
84 |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
85 server { |
|
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
86 listen 127.0.0.1:8446 ssl; |
|
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
87 server_name localhost; |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
88 |
|
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
89 ssl_session_cache builtin; |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
90 ssl_session_tickets off; |
|
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
91 |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
92 location / { |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
93 return 200 "body $ssl_session_reused"; |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
94 } |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
95 } |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
96 |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
97 server { |
|
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
98 listen 127.0.0.1:8447 ssl; |
|
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
99 server_name localhost; |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
100 |
|
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
101 ssl_session_cache builtin:1000; |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
102 ssl_session_tickets off; |
|
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
103 |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
104 location / { |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
105 return 200 "body $ssl_session_reused"; |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
106 } |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
107 } |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
108 |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
109 server { |
|
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
110 listen 127.0.0.1:8448 ssl; |
|
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
111 server_name localhost; |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
112 |
|
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
113 ssl_session_cache none; |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
114 ssl_session_tickets off; |
|
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
115 |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
116 location / { |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
117 return 200 "body $ssl_session_reused"; |
|
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
118 } |
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 } |
|
1655
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
120 |
|
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
121 server { |
|
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
122 listen 127.0.0.1:8449 ssl; |
|
1655
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
123 server_name localhost; |
|
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
124 |
|
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
125 ssl_session_cache off; |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
126 ssl_session_tickets off; |
|
1655
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
127 |
|
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
128 location / { |
|
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
129 return 200 "body $ssl_session_reused"; |
|
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
130 } |
|
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
131 } |
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
132 } |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
133 |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 EOF |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
136 $t->write_file('openssl.conf', <<EOF); |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
137 [ req ] |
|
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1478
diff
changeset
|
138 default_bits = 2048 |
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 encrypt_key = no |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
140 distinguished_name = req_distinguished_name |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
141 [ req_distinguished_name ] |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
142 EOF |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
143 |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
144 my $d = $t->testdir(); |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
145 |
|
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
146 foreach my $name ('localhost') { |
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 system('openssl req -x509 -new ' |
|
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1139
diff
changeset
|
148 . "-config $d/openssl.conf -subj /CN=$name/ " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1139
diff
changeset
|
149 . "-out $d/$name.crt -keyout $d/$name.key " |
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
150 . ">>$d/openssl.out 2>&1") == 0 |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
151 or die "Can't create certificate for $name: $!\n"; |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
152 } |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
153 |
|
1139
e7e968e3eb74
Tests: split ssl.t to run relevant tests on stable versions again.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1132
diff
changeset
|
154 $t->run(); |
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
155 |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
156 ############################################################################### |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
157 |
|
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
158 # session reuse: |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
159 # |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
160 # - only tickets, the default |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
161 # - tickets and shared cache, should work always |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
162 # - only shared cache |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
163 # - only builtin cache |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
164 # - only builtin cache with explicitly configured size |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
165 # - only cache none |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
166 # - only cache off |
|
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
167 |
|
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
168 TODO: { |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
169 local $TODO = 'no TLSv1.3 sessions, old Net::SSLeay' |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
170 if $Net::SSLeay::VERSION < 1.88 && test_tls13(); |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
171 local $TODO = 'no TLSv1.3 sessions, old IO::Socket::SSL' |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
172 if $IO::Socket::SSL::VERSION < 2.061 && test_tls13(); |
|
1830
8dec885fa3da
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1829
diff
changeset
|
173 local $TODO = 'no TLSv1.3 sessions in LibreSSL' |
|
8dec885fa3da
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1829
diff
changeset
|
174 if $t->has_module('LibreSSL') && test_tls13(); |
|
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
175 |
|
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
176 is(test_reuse(8443), 1, 'tickets reused'); |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
177 is(test_reuse(8444), 1, 'tickets and cache reused'); |
|
1830
8dec885fa3da
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1829
diff
changeset
|
178 |
|
8dec885fa3da
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1829
diff
changeset
|
179 TODO: { |
|
8dec885fa3da
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1829
diff
changeset
|
180 local $TODO = 'no TLSv1.3 session cache in BoringSSL' |
|
8dec885fa3da
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1829
diff
changeset
|
181 if $t->has_module('BoringSSL') && test_tls13(); |
|
8dec885fa3da
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1829
diff
changeset
|
182 |
|
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
183 is(test_reuse(8445), 1, 'cache shared reused'); |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
184 is(test_reuse(8446), 1, 'cache builtin reused'); |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
185 is(test_reuse(8447), 1, 'cache builtin size reused'); |
|
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
186 |
|
1478
f9718a0773b9
Tests: skip TLS 1.3 session reuse tests with older Perl modules.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1449
diff
changeset
|
187 } |
|
1830
8dec885fa3da
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1829
diff
changeset
|
188 } |
|
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
189 |
|
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
190 is(test_reuse(8448), 0, 'cache none not reused'); |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
191 is(test_reuse(8449), 0, 'cache off not reused'); |
|
1608
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
192 |
|
1675
0d1cec688111
Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1655
diff
changeset
|
193 $t->stop(); |
|
0d1cec688111
Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1655
diff
changeset
|
194 |
|
1723
3581dc3c1937
Tests: added ssl test for "unexpected eof while reading".
Sergey Kandaurov <pluknet@nginx.com>
parents:
1695
diff
changeset
|
195 like(`grep -F '[crit]' ${\($t->testdir())}/error.log`, qr/^$/s, 'no crit'); |
|
3581dc3c1937
Tests: added ssl test for "unexpected eof while reading".
Sergey Kandaurov <pluknet@nginx.com>
parents:
1695
diff
changeset
|
196 |
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
197 ############################################################################### |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
198 |
|
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
199 sub test_tls13 { |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
200 return get('/protocol', 8443) =~ /TLSv1.3/; |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
201 } |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
202 |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
203 sub test_reuse { |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
204 my ($port) = @_; |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
205 my $ctx = get_ssl_context(); |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
206 get('/', $port, $ctx); |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
207 return (get('/', $port, $ctx) =~ qr/^body r$/m) ? 1 : 0; |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
208 } |
|
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
209 |
|
1067
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
210 sub get { |
|
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
211 my ($uri, $port, $ctx) = @_; |
|
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
212 my $s = get_ssl_socket($port, $ctx) or return; |
|
1132
3d312b6a1a19
Tests: avoid $ssl_session_reused tests failure with OpenSSL 1.1.0.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
213 my $r = http_get($uri, socket => $s); |
|
3d312b6a1a19
Tests: avoid $ssl_session_reused tests failure with OpenSSL 1.1.0.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
214 $s->close(); |
|
3d312b6a1a19
Tests: avoid $ssl_session_reused tests failure with OpenSSL 1.1.0.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
215 return $r; |
|
1067
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
216 } |
|
4606a2ec3d7c
Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
217 |
|
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
218 sub get_ssl_context { |
|
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
219 return IO::Socket::SSL::SSL_Context->new( |
|
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
220 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
|
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
221 SSL_session_cache_size => 100 |
|
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
222 ); |
|
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
223 } |
|
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
224 |
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
225 sub get_ssl_socket { |
|
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
226 my ($port, $ctx, %extra) = @_; |
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
227 my $s; |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
228 |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
229 eval { |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
230 local $SIG{ALRM} = sub { die "timeout\n" }; |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
231 local $SIG{PIPE} = sub { die "sigpipe\n" }; |
|
1421
4e48bf51714f
Tests: aligned various generic read timeouts to http_end().
Sergey Kandaurov <pluknet@nginx.com>
parents:
1407
diff
changeset
|
232 alarm(8); |
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
233 $s = IO::Socket::SSL->new( |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
234 Proto => 'tcp', |
|
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
235 PeerAddr => '127.0.0.1', |
|
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
236 PeerPort => port($port), |
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
237 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
238 SSL_reuse_ctx => $ctx, |
|
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
239 SSL_error_trap => sub { die $_[1] }, |
|
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
240 %extra |
|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
241 ); |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
242 alarm(0); |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
243 }; |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
244 alarm(0); |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
245 |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
246 if ($@) { |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
247 log_in("died: $@"); |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
248 return undef; |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
249 } |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
250 |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
251 return $s; |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
252 } |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
253 |
|
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
254 ############################################################################### |