Mercurial > hg > nginx-tests
annotate stream_ssl_preread_protocol.t @ 1829:a78c32419f02
Tests: separate SSL session reuse tests.
Instead of being mixed with generic SSL tests, session reuse variants
are now tested in a separate file.
In the generic SSL tests only basic session reuse is now tested,
notably with session tickets enabled and a shared SSL session cache.
This should make it possible to reuse sessions in all cases (except
when it's not supported, such as with LibreSSL with TLSv1.3).
Note that session reuse with tickets implies that $ssl_session_id
is selected by the client and therefore is not available on the
initial connection. Relevant test is modified to handle this.
Further, BoringSSL does not use legacy session ID with TLSv1.3 even
if it is sent by the client. In contrast, OpenSSL always generates
an unique legacy session id, so it is available with TLSv1.3 even if
session resumption does not work (such as with old Net::SSLeay and
IO::Socket::SSL modules).
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 23 Mar 2023 19:49:47 +0300 |
parents | f3ba4c74de31 |
children |
rev | line source |
---|---|
1357
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for stream_ssl_preread module, protocol preread. |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 ############################################################################### |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 select STDERR; $| = 1; |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDOUT; $| = 1; |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 my $t = Test::Nginx->new()->has(qw/stream stream_ssl_preread stream_return/) |
1535
144c6ce732e4
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1358
diff
changeset
|
26 ->write_file_expand('nginx.conf', <<'EOF')->plan(7)->run(); |
1357
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 %%TEST_GLOBALS%% |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 daemon off; |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 events { |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 } |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 stream { |
1609
f3ba4c74de31
Tests: added TEST_GLOBALS_STREAM variable support.
Andrei Belov <defan@nginx.com>
parents:
1535
diff
changeset
|
36 %%TEST_GLOBALS_STREAM%% |
f3ba4c74de31
Tests: added TEST_GLOBALS_STREAM variable support.
Andrei Belov <defan@nginx.com>
parents:
1535
diff
changeset
|
37 |
1357
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 server { |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 listen 127.0.0.1:8080; |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 ssl_preread on; |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 return $ssl_preread_protocol; |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 } |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 } |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 EOF |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 ############################################################################### |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 is(get('SSLv3'), 'SSLv3', 'client hello SSLv3'); |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 is(get('TLSv1'), 'TLSv1', 'client hello TLSv1'); |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 is(get('TLSv1.1'), 'TLSv1.1', 'client hello TLSv1.1'); |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 is(get('TLSv1.2'), 'TLSv1.2', 'client hello TLSv1.2'); |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 is(get_tls13(), 'TLSv1.3', 'client hello supported_versions'); |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 |
1358
71f964c077bf
Tests: adjusted ssl_preread_protocol tests with V2ClientHello.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1357
diff
changeset
|
56 is(get_ssl2('SSLv2'), 'SSLv2', 'client hello version 2'); |
71f964c077bf
Tests: adjusted ssl_preread_protocol tests with V2ClientHello.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1357
diff
changeset
|
57 is(get_ssl2('TLSv1'), 'TLSv1', 'client hello version 2 - TLSv1'); |
1357
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 ############################################################################### |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 sub get { |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 my $v = shift; |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 my ($re, $ch); |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 $re = 0x0300, $ch = 0x0300 if $v eq 'SSLv3'; |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 $re = 0x0301, $ch = 0x0301 if $v eq 'TLSv1'; |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 $re = 0x0301, $ch = 0x0302 if $v eq 'TLSv1.1'; |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 $re = 0x0301, $ch = 0x0303 if $v eq 'TLSv1.2'; |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 my $r = pack("CnNn2C", 0x16, $re, 0x00380100, 0x0034, $ch, 0xeb); |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 $r .= pack("N*", 0x6357cdba, 0xa6b8d853, 0xf1f6ac0f); |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 $r .= pack("N*", 0xdf03178c, 0x0ae41824, 0xe7643682); |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 $r .= pack("N*", 0x3c1b273f, 0xbfde4b00, 0x00000000); |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 $r .= pack("CN3", 0x0c, 0x00000008, 0x00060000, 0x03666f6f); |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 http($r); |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 } |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 sub get_tls13 { |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 my $r = pack("N*", 0x16030100, 0x33010000, 0x2f0303eb); |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 $r .= pack("N*", 0x6357cdba, 0xa6b8d853, 0xf1f6ac0f); |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 $r .= pack("N*", 0xdf03178c, 0x0ae41824, 0xe7643682); |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 $r .= pack("N*", 0x3c1b273f, 0xbfde4b00, 0x00000000); |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 $r .= pack("CNCn", 0x07, 0x002b0007, 0x02, 0x7f1c); |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 http($r); |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 } |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 sub get_ssl2 { |
1358
71f964c077bf
Tests: adjusted ssl_preread_protocol tests with V2ClientHello.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1357
diff
changeset
|
90 my $v = shift; |
71f964c077bf
Tests: adjusted ssl_preread_protocol tests with V2ClientHello.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1357
diff
changeset
|
91 my $ch; |
71f964c077bf
Tests: adjusted ssl_preread_protocol tests with V2ClientHello.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1357
diff
changeset
|
92 |
71f964c077bf
Tests: adjusted ssl_preread_protocol tests with V2ClientHello.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1357
diff
changeset
|
93 $ch = 0x0002 if $v eq 'SSLv2'; |
71f964c077bf
Tests: adjusted ssl_preread_protocol tests with V2ClientHello.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1357
diff
changeset
|
94 $ch = 0x0301 if $v eq 'TLSv1'; |
71f964c077bf
Tests: adjusted ssl_preread_protocol tests with V2ClientHello.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1357
diff
changeset
|
95 |
71f964c077bf
Tests: adjusted ssl_preread_protocol tests with V2ClientHello.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1357
diff
changeset
|
96 my $r = pack("nCn4", 0x801c, 0x01, $ch, 0x0003, 0x0000, 0x0010); |
1357
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 $r .= pack("C3", 0x01, 0x00, 0x80); |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 $r .= pack("N4", 0x322dd95c, 0x4749ef17, 0x3d5f0916, 0xf0b730f8); |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 http($r); |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 } |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 ############################################################################### |