Mercurial > hg > nginx-tests
annotate ssl_sni_sessions.t @ 1974:b5036a0f9ae0 default tip
Tests: improved compatibility when using recent "openssl" app.
Starting with OpenSSL 3.0, "openssl genrsa" generates encrypted keys
in PKCS#8 format instead of previously used PKCS#1 format. Further,
since OpenSSL 1.1.0 such keys are using PBKDF2 hmacWithSHA256.
Such keys are not supported by old SSL libraries, notably by OpenSSL
before 1.0.0 (OpenSSL 0.9.8 only supports hmacWithSHA1) and by BoringSSL
before May 21, 2019 (support for hmacWithSHA256 was added in 302a4dee6c),
and trying to load such keys into nginx compiled with an old SSL library
results in "unsupported prf" errors.
To facilitate testing with old SSL libraries, keys are now generated
with "openssl genrsa -traditional" if the flag is available.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Mon, 06 May 2024 00:04:26 +0300 |
| parents | 6d3a8f4eb9b2 |
| children |
| rev | line source |
|---|---|
|
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
2 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
3 # (C) Maxim Dounin |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
4 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
5 # Tests for SSL session resumption with SNI. |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
6 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
7 ############################################################################### |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
8 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
9 use warnings; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
10 use strict; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
11 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
12 use Test::More; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
13 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
14 BEGIN { use FindBin; chdir($FindBin::Bin); } |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
15 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
16 use lib 'lib'; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
17 use Test::Nginx; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
18 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
19 ############################################################################### |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
20 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
21 select STDERR; $| = 1; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
22 select STDOUT; $| = 1; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
23 |
|
1858
cdcd75657e52
Tests: added has_feature() tests for IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1838
diff
changeset
|
24 my $t = Test::Nginx->new()->has(qw/http http_ssl sni rewrite socket_ssl_sni/) |
|
cdcd75657e52
Tests: added has_feature() tests for IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1838
diff
changeset
|
25 ->has_daemon('openssl') |
|
cdcd75657e52
Tests: added has_feature() tests for IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1838
diff
changeset
|
26 ->write_file_expand('nginx.conf', <<'EOF'); |
|
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
27 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
28 %%TEST_GLOBALS%% |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
29 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
30 daemon off; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
31 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
32 events { |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
33 } |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
34 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
35 http { |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
36 %%TEST_GLOBALS_HTTP%% |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
37 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
38 ssl_certificate_key localhost.key; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
39 ssl_certificate localhost.crt; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
40 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
41 server { |
|
1837
0c5f0c016d2b
Tests: restored proper port numbers in ssl_sni_sessions.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
42 listen 127.0.0.1:8443 ssl; |
|
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
43 server_name default; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
44 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
45 ssl_session_tickets off; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
46 ssl_session_cache shared:cache1:1m; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
47 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
48 location / { |
|
1478
f9718a0773b9
Tests: skip TLS 1.3 session reuse tests with older Perl modules.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1421
diff
changeset
|
49 return 200 $ssl_server_name:$ssl_session_reused:$ssl_protocol; |
|
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
50 } |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
51 } |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
52 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
53 server { |
|
1837
0c5f0c016d2b
Tests: restored proper port numbers in ssl_sni_sessions.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
54 listen 127.0.0.1:8443; |
|
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
55 server_name nocache; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
56 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
57 ssl_session_tickets off; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
58 ssl_session_cache shared:cache2:1m; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
59 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
60 location / { |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
61 return 200 $ssl_server_name:$ssl_session_reused; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
62 } |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
63 } |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
64 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
65 server { |
|
1837
0c5f0c016d2b
Tests: restored proper port numbers in ssl_sni_sessions.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
66 listen 127.0.0.1:8444 ssl; |
|
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
67 server_name default; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
68 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
69 ssl_session_ticket_key ticket1.key; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
70 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
71 location / { |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
72 return 200 $ssl_server_name:$ssl_session_reused; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
73 } |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
74 } |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
75 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
76 server { |
|
1837
0c5f0c016d2b
Tests: restored proper port numbers in ssl_sni_sessions.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
77 listen 127.0.0.1:8444; |
|
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
78 server_name tickets; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
79 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
80 ssl_session_ticket_key ticket2.key; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
81 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
82 location / { |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
83 return 200 $ssl_server_name:$ssl_session_reused; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
84 } |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
85 } |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
86 } |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
87 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
88 EOF |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
89 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
90 $t->write_file('openssl.conf', <<EOF); |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
91 [ req ] |
|
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1478
diff
changeset
|
92 default_bits = 2048 |
|
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
93 encrypt_key = no |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
94 distinguished_name = req_distinguished_name |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
95 [ req_distinguished_name ] |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
96 EOF |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
97 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
98 my $d = $t->testdir(); |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
99 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
100 foreach my $name ('localhost') { |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
101 system('openssl req -x509 -new ' |
|
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1132
diff
changeset
|
102 . "-config $d/openssl.conf -subj /CN=$name/ " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1132
diff
changeset
|
103 . "-out $d/$name.crt -keyout $d/$name.key " |
|
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
104 . ">>$d/openssl.out 2>&1") == 0 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
105 or die "Can't create certificate for $name: $!\n"; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
106 } |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
107 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
108 $t->write_file('ticket1.key', '1' x 48); |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
109 $t->write_file('ticket2.key', '2' x 48); |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
110 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
111 $t->run(); |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
112 |
|
1866
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
113 plan(skip_all => 'no TLSv1.3 sessions, old Net::SSLeay') |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
114 if $Net::SSLeay::VERSION < 1.88 && test_tls13(); |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
115 plan(skip_all => 'no TLSv1.3 sessions, old IO::Socket::SSL') |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
116 if $IO::Socket::SSL::VERSION < 2.061 && test_tls13(); |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
117 plan(skip_all => 'no TLSv1.3 sessions in LibreSSL') |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
118 if $t->has_module('LibreSSL') && test_tls13(); |
|
1966
c924ae8d7104
Tests: session reuse handling with Net::SSLeay with LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1866
diff
changeset
|
119 plan(skip_all => 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)') |
|
c924ae8d7104
Tests: session reuse handling with Net::SSLeay with LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1866
diff
changeset
|
120 if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13(); |
|
1838
a68d1313c3fc
Tests: disabled ssl_sni_sessions.t with LibreSSL and BoringSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1837
diff
changeset
|
121 plan(skip_all => 'no TLS 1.3 session cache in BoringSSL') |
|
1866
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
122 if $t->has_module('BoringSSL') && test_tls13(); |
|
1478
f9718a0773b9
Tests: skip TLS 1.3 session reuse tests with older Perl modules.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1421
diff
changeset
|
123 |
|
f9718a0773b9
Tests: skip TLS 1.3 session reuse tests with older Perl modules.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1421
diff
changeset
|
124 $t->plan(6); |
|
f9718a0773b9
Tests: skip TLS 1.3 session reuse tests with older Perl modules.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1421
diff
changeset
|
125 |
|
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
126 ############################################################################### |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
127 |
|
752
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
128 # check that everything works fine with default server |
|
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
129 |
|
752
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
130 my $ctx = get_ssl_context(); |
|
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
131 |
|
1866
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
132 like(get('default', 8443, $ctx), qr!default:\.!, 'default server'); |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
133 like(get('default', 8443, $ctx), qr!default:r!, 'default server reused'); |
|
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
134 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
135 # check that sessions are still properly saved and restored |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
136 # when using an SNI-based virtual server with different session cache; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
137 # as session resumption happens before SNI, only default server |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
138 # settings are expected to matter |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
139 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
140 # this didn't work before nginx 1.9.6 (and caused segfaults if no session |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
141 # cache was configured the SNI-based virtual server), because OpenSSL, when |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
142 # creating new sessions, uses callbacks from the default server context, but |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
143 # provides access to the SNI-selected server context only (ticket #235) |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
144 |
|
752
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
145 $ctx = get_ssl_context(); |
|
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
146 |
|
1866
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
147 like(get('nocache', 8443, $ctx), qr!nocache:\.!, 'without cache'); |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
148 like(get('nocache', 8443, $ctx), qr!nocache:r!, 'without cache reused'); |
|
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
149 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
150 # make sure tickets can be used if an SNI-based virtual server |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
151 # uses a different set of session ticket keys explicitly set |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
152 |
|
752
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
153 $ctx = get_ssl_context(); |
|
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
154 |
|
1866
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
155 like(get('tickets', 8444, $ctx), qr!tickets:\.!, 'tickets'); |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
156 like(get('tickets', 8444, $ctx), qr!tickets:r!, 'tickets reused'); |
|
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
157 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
158 ############################################################################### |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
159 |
|
752
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
160 sub get_ssl_context { |
|
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
161 return IO::Socket::SSL::SSL_Context->new( |
|
1970
6d3a8f4eb9b2
Tests: relaxed SSL version used in testing.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1966
diff
changeset
|
162 SSL_version => 'SSLv23', |
|
752
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
163 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
|
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
164 SSL_session_cache_size => 100 |
|
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
165 ); |
|
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
166 } |
|
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
167 |
|
1866
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
168 sub get { |
|
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
169 my ($host, $port, $ctx) = @_; |
|
1866
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
170 return http( |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
171 "GET / HTTP/1.0\nHost: $host\n\n", |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
172 PeerAddr => '127.0.0.1:' . port($port), |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
173 SSL => 1, |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
174 SSL_hostname => $host, |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
175 SSL_reuse_ctx => $ctx |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
176 ); |
|
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
177 } |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
178 |
|
1866
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
179 sub test_tls13 { |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
180 return get('default', 8443) =~ /TLSv1.3/; |
|
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
181 } |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
182 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
183 ############################################################################### |