Mercurial > hg > nginx-tests

annotate ssl_session_ticket_key.t @ 1938:e1059682aeef

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: fixed ClientHello with resending Initial QUIC packets. Previously it was rebuilt each time using distinct ClientHello.random resulting in different CRYPTO payload. As such, it led to TLS digest hash and derived secrets mismatch when resending Initial packet. Now ClientHello is built once and reused when resending Initial packets. Additionally, this required to preserve a generated secret value used in shared secret calculation as part of TLS key schedule. Previously it was regenerated when receiving a Retry packet, but this won't work with reused ClientHello as the resulting shared secrets won't match.
author Sergey Kandaurov <pluknet@nginx.com>
date Wed, 30 Aug 2023 02:22:58 +0400
parents 5c50786e5da9
children c924ae8d7104
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1816
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
1 #!/usr/bin/perl
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
2
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
3 # (C) Sergey Kandaurov
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
4 # (C) Nginx, Inc.
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
5
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
6 # Tests for rotation of SSL session ticket keys.
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
7
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
8 ###############################################################################
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
9
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
10 use warnings;
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
11 use strict;
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
12
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
13 use Test::More;
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
14
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
15 BEGIN { use FindBin; chdir($FindBin::Bin); }
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
16
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
17 use lib 'lib';
1865
0e1865aa9b33 Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1840
diff changeset
18 use Test::Nginx qw/ :DEFAULT http_end /;
1816
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
19
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
20 ###############################################################################
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
21
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
22 select STDERR; $| = 1;
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
23 select STDOUT; $| = 1;
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
24
1865
0e1865aa9b33 Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1840
diff changeset
25 eval { require Net::SSLeay; die if $Net::SSLeay::VERSION < 1.86; };
1816
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
26 plan(skip_all => 'Net::SSLeay version => 1.86 required') if $@;
1869
5c50786e5da9 Tests: unbreak ssl_session_ticket_key.t with old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1865
diff changeset
27 eval { require IO::Socket::SSL; die if $IO::Socket::SSL::VERSION < 2.030; };
5c50786e5da9 Tests: unbreak ssl_session_ticket_key.t with old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1865
diff changeset
28 plan(skip_all => 'IO::Socket::SSL version => 2.030 required') if $@;
1816
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
29
1865
0e1865aa9b33 Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1840
diff changeset
30 my $t = Test::Nginx->new()->has(qw/http http_ssl socket_ssl/)
0e1865aa9b33 Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1840
diff changeset
31 ->has_daemon('openssl')->plan(2)
0e1865aa9b33 Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1840
diff changeset
32 ->write_file_expand('nginx.conf', <<'EOF');
1816
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
33
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
34 %%TEST_GLOBALS%%
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
35
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
36 daemon off;
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
37 worker_processes 2;
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
38
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
39 events {
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
40 }
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
41
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
42 http {
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
43 %%TEST_GLOBALS_HTTP%%
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
44
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
45 ssl_certificate_key localhost.key;
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
46 ssl_certificate localhost.crt;
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
47
1865
0e1865aa9b33 Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1840
diff changeset
48 add_header X-SSL-Protocol $ssl_protocol;
0e1865aa9b33 Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1840
diff changeset
49
1816
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
50 server {
1865
0e1865aa9b33 Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1840
diff changeset
51 listen 127.0.0.1:8443 ssl;
1816
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
52 server_name localhost;
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
53
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
54 ssl_session_cache shared:SSL:1m;
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
55 ssl_session_timeout 2;
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
56 }
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
57 }
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
58
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
59 EOF
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
60
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
61 $t->write_file('openssl.conf', <<EOF);
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
62 [ req ]
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
63 default_bits = 2048
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
64 encrypt_key = no
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
65 distinguished_name = req_distinguished_name
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
66 [ req_distinguished_name ]
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
67 EOF
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
68
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
69 my $d = $t->testdir();
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
70
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
71 foreach my $name ('localhost') {
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
72 system('openssl req -x509 -new '
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
73 . "-config $d/openssl.conf -subj /CN=$name/ "
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
74 . "-out $d/$name.crt -keyout $d/$name.key "
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
75 . ">>$d/openssl.out 2>&1") == 0
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
76 or die "Can't create certificate for $name: $!\n";
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
77 }
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
78
1865
0e1865aa9b33 Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1840
diff changeset
79 $t->write_file('index.html', '');
0e1865aa9b33 Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1840
diff changeset
80
1816
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
81 $t->run();
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
82
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
83 ###############################################################################
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
84
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
85 # the test uses multiple worker processes to check shared tickey key rotation
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
86 #
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
87 # before 1.23.2, any test can fail depending on which worker served connection:
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
88 # the 1st test fails if served by another worker, because keys aren't shared
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
89 # the 2nd test fails if served by the same worker due to the lack of rotation
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
90 #
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
91 # with a single worker process it is only the 2nd test that fails
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
92
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
93 local $TODO = 'not yet' unless $t->has_version('1.23.2');
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
94
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
95 my $key = get_ticket_key_name();
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
96
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
97 select undef, undef, undef, 0.5;
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
98 is(get_ticket_key_name(), $key, 'ticket key match');
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
99
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
100 select undef, undef, undef, 2.5;
1840
0381a0a212e1 Tests: fixed ssl_session_ticket_key.t with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1816
diff changeset
101
1869
5c50786e5da9 Tests: unbreak ssl_session_ticket_key.t with old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1865
diff changeset
102 local $TODO = 'no TLSv1.3 sessions, old Net::SSLeay'
5c50786e5da9 Tests: unbreak ssl_session_ticket_key.t with old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1865
diff changeset
103 if $Net::SSLeay::VERSION < 1.88 && test_tls13();
5c50786e5da9 Tests: unbreak ssl_session_ticket_key.t with old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1865
diff changeset
104 local $TODO = 'no TLSv1.3 sessions, old IO::Socket::SSL'
5c50786e5da9 Tests: unbreak ssl_session_ticket_key.t with old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1865
diff changeset
105 if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
1840
0381a0a212e1 Tests: fixed ssl_session_ticket_key.t with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1816
diff changeset
106 local $TODO = 'no TLSv1.3 sessions in LibreSSL'
0381a0a212e1 Tests: fixed ssl_session_ticket_key.t with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1816
diff changeset
107 if $t->has_module('LibreSSL') && test_tls13();
0381a0a212e1 Tests: fixed ssl_session_ticket_key.t with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1816
diff changeset
108
1816
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
109 cmp_ok(get_ticket_key_name(), 'ne', $key, 'ticket key next');
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
110
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
111 ###############################################################################
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
112
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
113 sub get_ticket_key_name {
1865
0e1865aa9b33 Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1840
diff changeset
114 my $asn = get_ssl_session();
1816
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
115 my $any = qr/[\x00-\xff]/;
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
116 next:
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
117 # tag(10) | len{2} | OCTETSTRING(4) | len{2} | ticket(key_name|..)
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
118 $asn =~ /\xaa\x81($any)\x04\x81($any)($any{16})/g;
1840
0381a0a212e1 Tests: fixed ssl_session_ticket_key.t with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1816
diff changeset
119 return '' if !defined $3;
1816
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
120 goto next if unpack("C", $1) - unpack("C", $2) != 3;
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
121 my $key = unpack "H*", $3;
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
122 Test::Nginx::log_core('||', "ticket key: $key");
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
123 return $key;
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
124 }
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
125
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
126 sub get_ssl_session {
1865
0e1865aa9b33 Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1840
diff changeset
127 my $cache = IO::Socket::SSL::Session_Cache->new(100);
1816
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
128
1865
0e1865aa9b33 Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1840
diff changeset
129 my $s = http_get(
0e1865aa9b33 Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1840
diff changeset
130 '/', start => 1,
0e1865aa9b33 Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1840
diff changeset
131 SSL => 1,
0e1865aa9b33 Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1840
diff changeset
132 SSL_session_cache => $cache,
0e1865aa9b33 Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1840
diff changeset
133 SSL_session_key => 1
0e1865aa9b33 Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1840
diff changeset
134 );
1816
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
135
1865
0e1865aa9b33 Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1840
diff changeset
136 return unless $s;
0e1865aa9b33 Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1840
diff changeset
137 http_end($s);
0e1865aa9b33 Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1840
diff changeset
138
0e1865aa9b33 Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1840
diff changeset
139 my $sess = $cache->get_session(1);
0e1865aa9b33 Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1840
diff changeset
140 return '' unless defined $sess;
0e1865aa9b33 Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1840
diff changeset
141 return Net::SSLeay::i2d_SSL_SESSION($sess);
1816
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
142 }
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
143
1840
0381a0a212e1 Tests: fixed ssl_session_ticket_key.t with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1816
diff changeset
144 sub test_tls13 {
1865
0e1865aa9b33 Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1840
diff changeset
145 return http_get('/', SSL => 1) =~ /TLSv1.3/;
1816
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
146 }
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
147
5817625792bd Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
148 ###############################################################################