Mercurial > hg > nginx-tests

annotate h3_ssl_reject_handshake.t @ 1938:e1059682aeef

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: fixed ClientHello with resending Initial QUIC packets. Previously it was rebuilt each time using distinct ClientHello.random resulting in different CRYPTO payload. As such, it led to TLS digest hash and derived secrets mismatch when resending Initial packet. Now ClientHello is built once and reused when resending Initial packets. Additionally, this required to preserve a generated secret value used in shared secret calculation as part of TLS key schedule. Previously it was regenerated when receiving a Retry packet, but this won't work with reused ClientHello as the resulting shared secrets won't match.
author Sergey Kandaurov <pluknet@nginx.com>
date Wed, 30 Aug 2023 02:22:58 +0400
parents 8b74936ff2ac
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1887
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
1 #!/usr/bin/perl
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
2
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
3 # (C) Sergey Kandaurov
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
4 # (C) Nginx, Inc.
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
5
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
6 # Tests for HTTP/3 protocol, ssl_reject_handshake.
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
7
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
8 ###############################################################################
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
9
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
10 use warnings;
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
11 use strict;
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
12
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
13 use Test::More;
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
14
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
15 BEGIN { use FindBin; chdir($FindBin::Bin); }
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
16
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
17 use lib 'lib';
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
18 use Test::Nginx;
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
19 use Test::Nginx::HTTP3;
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
20
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
21 ###############################################################################
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
22
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
23 select STDERR; $| = 1;
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
24 select STDOUT; $| = 1;
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
25
1896
8b74936ff2ac Tests: added has_feature() test for CryptX.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1887
diff changeset
26 my $t = Test::Nginx->new()->has(qw/http http_v3 cryptx/)
1887
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
27 ->has_daemon('openssl')->plan(7)
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
28 ->write_file_expand('nginx.conf', <<'EOF');
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
29
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
30 %%TEST_GLOBALS%%
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
31
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
32 daemon off;
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
33
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
34 events {
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
35 }
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
36
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
37 http {
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
38 %%TEST_GLOBALS_HTTP%%
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
39
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
40 add_header X-Name $ssl_server_name;
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
41
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
42 server {
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
43 listen 127.0.0.1:%%PORT_8980_UDP%% quic;
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
44 server_name localhost;
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
45
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
46 ssl_reject_handshake on;
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
47 }
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
48
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
49 server {
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
50 listen 127.0.0.1:%%PORT_8980_UDP%% quic;
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
51 server_name virtual;
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
52
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
53 ssl_certificate localhost.crt;
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
54 ssl_certificate_key localhost.key;
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
55 }
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
56
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
57 server {
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
58 listen 127.0.0.1:%%PORT_8982_UDP%% quic;
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
59 server_name localhost;
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
60
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
61 ssl_certificate localhost.crt;
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
62 ssl_certificate_key localhost.key;
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
63 }
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
64
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
65 server {
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
66 listen 127.0.0.1:%%PORT_8982_UDP%% quic;
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
67 server_name virtual1;
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
68 }
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
69
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
70 server {
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
71 listen 127.0.0.1:%%PORT_8982_UDP%% quic;
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
72 server_name virtual2;
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
73
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
74 ssl_reject_handshake on;
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
75 }
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
76 }
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
77
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
78 EOF
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
79
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
80 $t->write_file('openssl.conf', <<EOF);
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
81 [ req ]
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
82 default_bits = 2048
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
83 encrypt_key = no
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
84 distinguished_name = req_distinguished_name
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
85 [ req_distinguished_name ]
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
86 EOF
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
87
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
88 my $d = $t->testdir();
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
89
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
90 foreach my $name ('localhost') {
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
91 system('openssl req -x509 -new '
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
92 . "-config $d/openssl.conf -subj /CN=$name/ "
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
93 . "-out $d/$name.crt -keyout $d/$name.key "
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
94 . ">>$d/openssl.out 2>&1") == 0
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
95 or die "Can't create certificate for $name: $!\n";
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
96 }
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
97
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
98 $t->write_file('index.html', '');
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
99
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
100 $t->run();
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
101
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
102 ###############################################################################
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
103
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
104 my $alert = 0x100 + 112; # "unrecognized_name"
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
105
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
106 SKIP: {
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
107 # OpenSSL < 1.1.1j requires TLSv1.3-capable certificates in the default server
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
108 # See commit "Modify is_tls13_capable() to take account of the servername cb"
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
109 # Additionally, it was seen with OpenSSL 1.1.1k FIPS as found on RHEL 8.1
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
110
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
111 my $got = bad('default', 8980);
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
112 skip "OpenSSL too old", 3 if $got && $got == 0x100 + 70; # "protocol_version"
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
113
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
114 # default virtual server rejected
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
115
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
116 TODO: {
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
117 local $TODO = 'broken send_alert in LibreSSL' if $t->has_module('LibreSSL');
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
118
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
119 is(bad('default', 8980), $alert, 'default rejected');
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
120 is(bad(undef, 8980), $alert, 'absent sni rejected');
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
121
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
122 }
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
123
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
124 like(get('virtual', 8980), qr/virtual/, 'virtual accepted');
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
125
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
126 }
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
127
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
128 # non-default server "virtual2" rejected
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
129
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
130 like(get('default', 8982), qr/default/, 'default accepted');
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
131 like(get(undef, 8982), qr/200/, 'absent sni accepted');
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
132 like(get('virtual1', 8982), qr/virtual1/, 'virtual 1 accepted');
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
133
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
134 TODO: {
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
135 local $TODO = 'broken send_alert in LibreSSL' if $t->has_module('LibreSSL');
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
136
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
137 is(bad('virtual2', 8982), $alert, 'virtual 2 rejected');
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
138
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
139 }
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
140
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
141 ###############################################################################
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
142
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
143 sub get {
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
144 my ($sni, $port) = @_;
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
145 my $s = Test::Nginx::HTTP3->new($port, sni => $sni);
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
146 my $sid = $s->new_stream({ host => $sni });
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
147 my $frames = $s->read(all => [{ sid => $sid, fin => 1 }]);
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
148
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
149 my ($frame) = grep { $_->{type} eq "HEADERS" } @$frames;
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
150 return $frame->{headers}->{':status'}
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
151 . ($frame->{headers}->{'x-name'} || '');
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
152 }
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
153
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
154 sub bad {
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
155 my ($sni, $port) = @_;
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
156 my $s = Test::Nginx::HTTP3->new($port, sni => $sni, probe => 1);
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
157 my $frames = $s->read(all => [{ type => "CONNECTION_CLOSE" }]);
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
158
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
159 my ($frame) = grep { $_->{type} eq "CONNECTION_CLOSE" } @$frames;
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
160 return $frame->{error};
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
161 }
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
162
1023354f3a41 Tests: ssl_reject_handshake tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
163 ###############################################################################