Mercurial > hg > nginx-tests
annotate ssl_sni_reneg.t @ 1411:a8243ed8adcb
Tests: expect ssl_sni_reneg.t failures on stable in certain cases.
Notably, if built with OpenSSL 1.1.1 on Linux, SSL renegotiation could be
handled too late if client manages to keep recv buffer filled on server.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Wed, 05 Dec 2018 17:10:01 +0300 |
parents | 0bc5bd58d9de |
children | 4e48bf51714f |
rev | line source |
---|---|
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for http ssl module with SNI and renegotiation. |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 use Socket qw/ :DEFAULT CRLF /; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 BEGIN { use FindBin; chdir($FindBin::Bin); } |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 use lib 'lib'; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 use Test::Nginx; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 ############################################################################### |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 select STDERR; $| = 1; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 select STDOUT; $| = 1; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 eval { |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 require Net::SSLeay; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 Net::SSLeay::load_error_strings(); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 Net::SSLeay::SSLeay_add_ssl_algorithms(); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 Net::SSLeay::randomize(); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 }; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 plan(skip_all => 'Net::SSLeay not installed') if $@; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 eval { |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 my $ctx = Net::SSLeay::CTX_new() or die; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 my $ssl = Net::SSLeay::new($ctx) or die; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 }; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 |
1387
ad3cb6f451a5
Tests: skip ssl_sni_reneg.t with TLS 1.3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1380
diff
changeset
|
42 my $t = Test::Nginx->new()->has(qw/http http_ssl/)->has_daemon('openssl'); |
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 $t->write_file_expand('nginx.conf', <<'EOF'); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 %%TEST_GLOBALS%% |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 daemon off; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 events { |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 } |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 http { |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 %%TEST_GLOBALS_HTTP%% |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 ssl_certificate_key localhost.key; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 ssl_certificate localhost.crt; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
60 listen 127.0.0.1:8080 ssl; |
1380
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
61 listen 127.0.0.1:8081 ssl; |
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 server_name localhost; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 location / { } |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 } |
1380
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
66 |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
67 server { |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
68 listen 127.0.0.1:8081 ssl; |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
69 server_name localhost2; |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
70 |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
71 location / { } |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
72 } |
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 } |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 EOF |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 $t->write_file('openssl.conf', <<EOF); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 [ req ] |
1116
8ef51dbb5d69
Tests: reduced OpenSSL default key length to 1024.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1102
diff
changeset
|
79 default_bits = 1024 |
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 encrypt_key = no |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 distinguished_name = req_distinguished_name |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 [ req_distinguished_name ] |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 EOF |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 my $d = $t->testdir(); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 foreach my $name ('localhost') { |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 system('openssl req -x509 -new ' |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1173
diff
changeset
|
89 . "-config $d/openssl.conf -subj /CN=$name/ " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1173
diff
changeset
|
90 . "-out $d/$name.crt -keyout $d/$name.key " |
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 . ">>$d/openssl.out 2>&1") == 0 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 or die "Can't create certificate for $name: $!\n"; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 } |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 $t->run(); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 |
1387
ad3cb6f451a5
Tests: skip ssl_sni_reneg.t with TLS 1.3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1380
diff
changeset
|
97 { |
ad3cb6f451a5
Tests: skip ssl_sni_reneg.t with TLS 1.3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1380
diff
changeset
|
98 my (undef, $ssl) = get_ssl_socket(8080); |
ad3cb6f451a5
Tests: skip ssl_sni_reneg.t with TLS 1.3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1380
diff
changeset
|
99 plan(skip_all => "TLS 1.3 forbids renegotiation") |
ad3cb6f451a5
Tests: skip ssl_sni_reneg.t with TLS 1.3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1380
diff
changeset
|
100 if Net::SSLeay::version($ssl) > 0x0303; |
ad3cb6f451a5
Tests: skip ssl_sni_reneg.t with TLS 1.3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1380
diff
changeset
|
101 } |
ad3cb6f451a5
Tests: skip ssl_sni_reneg.t with TLS 1.3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1380
diff
changeset
|
102 |
ad3cb6f451a5
Tests: skip ssl_sni_reneg.t with TLS 1.3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1380
diff
changeset
|
103 $t->plan(8); |
ad3cb6f451a5
Tests: skip ssl_sni_reneg.t with TLS 1.3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1380
diff
changeset
|
104 |
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 ############################################################################### |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 |
1411
a8243ed8adcb
Tests: expect ssl_sni_reneg.t failures on stable in certain cases.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1409
diff
changeset
|
107 my ($ossl) = $t->{_configure_args} =~ /OpenSSL ([\d\.]+)/; |
a8243ed8adcb
Tests: expect ssl_sni_reneg.t failures on stable in certain cases.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1409
diff
changeset
|
108 |
1380
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
109 my ($s, $ssl) = get_ssl_socket(8080); |
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 ok($s, 'connection'); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 SKIP: { |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 skip 'connection failed', 3 unless $s; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 |
1173
1a54d45d5587
Tests: handled SIGPIPE in ssl_sni_reneg.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
115 local $SIG{PIPE} = 'IGNORE'; |
1a54d45d5587
Tests: handled SIGPIPE in ssl_sni_reneg.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
116 |
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 Net::SSLeay::write($ssl, 'GET / HTTP/1.0' . CRLF); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 ok(Net::SSLeay::renegotiate($ssl), 'renegotiation'); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 ok(Net::SSLeay::set_tlsext_host_name($ssl, 'localhost'), 'SNI'); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 Net::SSLeay::write($ssl, 'Host: localhost' . CRLF . CRLF); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 |
1411
a8243ed8adcb
Tests: expect ssl_sni_reneg.t failures on stable in certain cases.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1409
diff
changeset
|
124 TODO: { |
a8243ed8adcb
Tests: expect ssl_sni_reneg.t failures on stable in certain cases.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1409
diff
changeset
|
125 local $TODO = 'not yet' if $ossl ge '1.1.1' and $^O eq 'linux' |
a8243ed8adcb
Tests: expect ssl_sni_reneg.t failures on stable in certain cases.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1409
diff
changeset
|
126 and !$t->has_version('1.15.2'); |
a8243ed8adcb
Tests: expect ssl_sni_reneg.t failures on stable in certain cases.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1409
diff
changeset
|
127 |
1377
09c2291b2bab
Tests: relaxed test for no response on SSL renegotiation attempt.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1220
diff
changeset
|
128 ok(!Net::SSLeay::read($ssl), 'response'); |
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 } |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
131 |
1411
a8243ed8adcb
Tests: expect ssl_sni_reneg.t failures on stable in certain cases.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1409
diff
changeset
|
132 } |
a8243ed8adcb
Tests: expect ssl_sni_reneg.t failures on stable in certain cases.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1409
diff
changeset
|
133 |
1380
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
134 # virtual servers |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
135 # in [1.15.4..1.15.5) SSL_OP_NO_RENEGOTIATION is cleared in servername callback |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
136 |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
137 ($s, $ssl) = get_ssl_socket(8081); |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
138 ok($s, 'connection 2'); |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
139 |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
140 SKIP: { |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
141 skip 'connection failed', 3 unless $s; |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
142 |
1409
0bc5bd58d9de
Tests: handled SIGPIPE in ssl_sni_reneg.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1407
diff
changeset
|
143 local $SIG{PIPE} = 'IGNORE'; |
0bc5bd58d9de
Tests: handled SIGPIPE in ssl_sni_reneg.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1407
diff
changeset
|
144 |
1380
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
145 Net::SSLeay::write($ssl, 'GET / HTTP/1.0' . CRLF); |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
146 |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
147 ok(Net::SSLeay::renegotiate($ssl), 'renegotiation'); |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
148 ok(Net::SSLeay::set_tlsext_host_name($ssl, 'localhost'), 'SNI'); |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
149 |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
150 Net::SSLeay::write($ssl, 'Host: localhost' . CRLF . CRLF); |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
151 |
1411
a8243ed8adcb
Tests: expect ssl_sni_reneg.t failures on stable in certain cases.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1409
diff
changeset
|
152 TODO: { |
a8243ed8adcb
Tests: expect ssl_sni_reneg.t failures on stable in certain cases.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1409
diff
changeset
|
153 local $TODO = 'not yet' if $ossl ge '1.1.1' and $^O eq 'linux' |
a8243ed8adcb
Tests: expect ssl_sni_reneg.t failures on stable in certain cases.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1409
diff
changeset
|
154 and !$t->has_version('1.15.2'); |
a8243ed8adcb
Tests: expect ssl_sni_reneg.t failures on stable in certain cases.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1409
diff
changeset
|
155 |
1380
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
156 ok(!Net::SSLeay::read($ssl), 'virtual servers'); |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
157 |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
158 } |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
159 |
1411
a8243ed8adcb
Tests: expect ssl_sni_reneg.t failures on stable in certain cases.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1409
diff
changeset
|
160 } |
a8243ed8adcb
Tests: expect ssl_sni_reneg.t failures on stable in certain cases.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1409
diff
changeset
|
161 |
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
162 ############################################################################### |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
163 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
164 sub get_ssl_socket { |
1380
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
165 my ($port) = @_; |
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
166 my $s; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
167 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
168 my $dest_ip = inet_aton('127.0.0.1'); |
1380
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
169 my $dest_serv_params = sockaddr_in(port($port), $dest_ip); |
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
170 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
171 eval { |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
172 local $SIG{ALRM} = sub { die "timeout\n" }; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
173 local $SIG{PIPE} = sub { die "sigpipe\n" }; |
1407
8c764fd93b5e
Tests: adjusted client connect timeout in various tests with SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1387
diff
changeset
|
174 alarm(5); |
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
175 socket($s, &AF_INET, &SOCK_STREAM, 0) or die "socket: $!"; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
176 connect($s, $dest_serv_params) or die "connect: $!"; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
177 alarm(0); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
178 }; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
179 alarm(0); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
180 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
181 if ($@) { |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
182 log_in("died: $@"); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
183 return undef; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
184 } |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
185 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
186 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!"); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
187 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!"); |
1102
89d7d4d1be40
Tests: whitespace fixes.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1020
diff
changeset
|
188 Net::SSLeay::set_fd($ssl, fileno($s)); |
1380
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
189 Net::SSLeay::set_tlsext_host_name($ssl, 'localhost'); |
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
190 Net::SSLeay::connect($ssl) or die("ssl connect"); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
191 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
192 return ($s, $ssl); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
193 } |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
194 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
195 ############################################################################### |