Mercurial > hg > nginx-tests
comparison ssl_certificate.t @ 1851:0351dee227a8
Tests: unbreak tests with dynamic certificates on stable.
In 74cffa9d4c43, ticket based session reuse is enabled in addition to
using a shared SSL session cache. This changed how a session can be
resumed in a different server:
- for a session ID based resumption, it is resumed in the same context
- when using session tickets, a key name is also checked for matching
- with a ticket callback, this is skipped in favor of callback's logic
This makes 'session id context match' tests fail with session tickets
on stable since ticket key names are unique in distinct SSL contexts.
On the other hand, tests pass on 1.23.2+ due to automatic ticket keys
rotation that installs ticket callback, and using a common shared SSL
session cache.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 28 Mar 2023 01:36:32 +0400 |
parents | 74cffa9d4c43 |
children | 58951cf933e1 |
comparison
equal
deleted
inserted
replaced
1850:2a7fc70900a5 | 1851:0351dee227a8 |
---|---|
182 | 182 |
183 my ($s, $ssl) = get('default', 8080); | 183 my ($s, $ssl) = get('default', 8080); |
184 my $ses = Net::SSLeay::get_session($ssl); | 184 my $ses = Net::SSLeay::get_session($ssl); |
185 | 185 |
186 like(get('default', 8080, $ses), qr/default:r/, 'session reused'); | 186 like(get('default', 8080, $ses), qr/default:r/, 'session reused'); |
187 | |
188 TODO: { | |
189 # ticket key name mismatch prevents session resumption | |
190 local $TODO = 'not yet' unless $t->has_version('1.23.2'); | |
191 | |
187 like(get('default', 8081, $ses), qr/default:r/, 'session id context match'); | 192 like(get('default', 8081, $ses), qr/default:r/, 'session id context match'); |
193 | |
194 } | |
195 | |
188 like(get('default', 8082, $ses), qr/default:\./, 'session id context distinct'); | 196 like(get('default', 8082, $ses), qr/default:\./, 'session id context distinct'); |
189 | 197 |
190 # errors | 198 # errors |
191 | 199 |
192 Net::SSLeay::ERR_clear_error(); | 200 Net::SSLeay::ERR_clear_error(); |