Mercurial > hg > nginx-tests
annotate h3_ssl_reject_handshake.t @ 1974:b5036a0f9ae0
Tests: improved compatibility when using recent "openssl" app.
Starting with OpenSSL 3.0, "openssl genrsa" generates encrypted keys
in PKCS#8 format instead of previously used PKCS#1 format. Further,
since OpenSSL 1.1.0 such keys are using PBKDF2 hmacWithSHA256.
Such keys are not supported by old SSL libraries, notably by OpenSSL
before 1.0.0 (OpenSSL 0.9.8 only supports hmacWithSHA1) and by BoringSSL
before May 21, 2019 (support for hmacWithSHA256 was added in 302a4dee6c),
and trying to load such keys into nginx compiled with an old SSL library
results in "unsupported prf" errors.
To facilitate testing with old SSL libraries, keys are now generated
with "openssl genrsa -traditional" if the flag is available.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 06 May 2024 00:04:26 +0300 |
parents | 8b74936ff2ac |
children |
rev | line source |
---|---|
1887
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for HTTP/3 protocol, ssl_reject_handshake. |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 use Test::Nginx::HTTP3; |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 ############################################################################### |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDERR; $| = 1; |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 select STDOUT; $| = 1; |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 |
1896
8b74936ff2ac
Tests: added has_feature() test for CryptX.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1887
diff
changeset
|
26 my $t = Test::Nginx->new()->has(qw/http http_v3 cryptx/) |
1887
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 ->has_daemon('openssl')->plan(7) |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 ->write_file_expand('nginx.conf', <<'EOF'); |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 %%TEST_GLOBALS%% |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 daemon off; |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 events { |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 } |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 http { |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 %%TEST_GLOBALS_HTTP%% |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 add_header X-Name $ssl_server_name; |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 server { |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 listen 127.0.0.1:%%PORT_8980_UDP%% quic; |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 server_name localhost; |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 ssl_reject_handshake on; |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 } |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 server { |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 listen 127.0.0.1:%%PORT_8980_UDP%% quic; |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 server_name virtual; |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 ssl_certificate localhost.crt; |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 ssl_certificate_key localhost.key; |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 } |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 server { |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 listen 127.0.0.1:%%PORT_8982_UDP%% quic; |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 server_name localhost; |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 ssl_certificate localhost.crt; |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 ssl_certificate_key localhost.key; |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 } |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 server { |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 listen 127.0.0.1:%%PORT_8982_UDP%% quic; |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 server_name virtual1; |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 } |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 server { |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 listen 127.0.0.1:%%PORT_8982_UDP%% quic; |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 server_name virtual2; |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 ssl_reject_handshake on; |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 } |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 } |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 EOF |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 $t->write_file('openssl.conf', <<EOF); |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 [ req ] |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 default_bits = 2048 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 encrypt_key = no |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 distinguished_name = req_distinguished_name |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 [ req_distinguished_name ] |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 EOF |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 my $d = $t->testdir(); |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 foreach my $name ('localhost') { |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 system('openssl req -x509 -new ' |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 . "-config $d/openssl.conf -subj /CN=$name/ " |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 . "-out $d/$name.crt -keyout $d/$name.key " |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 . ">>$d/openssl.out 2>&1") == 0 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 or die "Can't create certificate for $name: $!\n"; |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 } |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 $t->write_file('index.html', ''); |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 $t->run(); |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 ############################################################################### |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 my $alert = 0x100 + 112; # "unrecognized_name" |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 SKIP: { |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 # OpenSSL < 1.1.1j requires TLSv1.3-capable certificates in the default server |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 # See commit "Modify is_tls13_capable() to take account of the servername cb" |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 # Additionally, it was seen with OpenSSL 1.1.1k FIPS as found on RHEL 8.1 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 my $got = bad('default', 8980); |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 skip "OpenSSL too old", 3 if $got && $got == 0x100 + 70; # "protocol_version" |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 # default virtual server rejected |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 TODO: { |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 local $TODO = 'broken send_alert in LibreSSL' if $t->has_module('LibreSSL'); |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 is(bad('default', 8980), $alert, 'default rejected'); |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 is(bad(undef, 8980), $alert, 'absent sni rejected'); |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 } |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 like(get('virtual', 8980), qr/virtual/, 'virtual accepted'); |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 } |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 # non-default server "virtual2" rejected |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 like(get('default', 8982), qr/default/, 'default accepted'); |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
131 like(get(undef, 8982), qr/200/, 'absent sni accepted'); |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
132 like(get('virtual1', 8982), qr/virtual1/, 'virtual 1 accepted'); |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
133 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 TODO: { |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 local $TODO = 'broken send_alert in LibreSSL' if $t->has_module('LibreSSL'); |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
136 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
137 is(bad('virtual2', 8982), $alert, 'virtual 2 rejected'); |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
138 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 } |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
140 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
141 ############################################################################### |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
142 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
143 sub get { |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
144 my ($sni, $port) = @_; |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
145 my $s = Test::Nginx::HTTP3->new($port, sni => $sni); |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
146 my $sid = $s->new_stream({ host => $sni }); |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 my $frames = $s->read(all => [{ sid => $sid, fin => 1 }]); |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
148 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
149 my ($frame) = grep { $_->{type} eq "HEADERS" } @$frames; |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
150 return $frame->{headers}->{':status'} |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
151 . ($frame->{headers}->{'x-name'} || ''); |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
152 } |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
153 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
154 sub bad { |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
155 my ($sni, $port) = @_; |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
156 my $s = Test::Nginx::HTTP3->new($port, sni => $sni, probe => 1); |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
157 my $frames = $s->read(all => [{ type => "CONNECTION_CLOSE" }]); |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
158 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
159 my ($frame) = grep { $_->{type} eq "CONNECTION_CLOSE" } @$frames; |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
160 return $frame->{error}; |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
161 } |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
162 |
1023354f3a41
Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
163 ############################################################################### |