Mercurial > hg > nginx-tests
comparison quic_retry.t @ 1915:15131dd931a0
Tests: QUIC address validation tests.
While here, fixed establishing connection after receiving a Retry packet,
broken after conversion to HTTP3 package.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 20 Jun 2023 20:01:20 +0400 |
parents | |
children | 161dc73812b3 |
comparison
equal
deleted
inserted
replaced
1914:afbf4c06c014 | 1915:15131dd931a0 |
---|---|
1 #!/usr/bin/perl | |
2 | |
3 # (C) Sergey Kandaurov | |
4 # (C) Nginx, Inc. | |
5 | |
6 # Tests for QUIC address validation. | |
7 | |
8 ############################################################################### | |
9 | |
10 use warnings; | |
11 use strict; | |
12 | |
13 use Test::More; | |
14 | |
15 BEGIN { use FindBin; chdir($FindBin::Bin); } | |
16 | |
17 use lib 'lib'; | |
18 use Test::Nginx; | |
19 use Test::Nginx::HTTP3; | |
20 | |
21 ############################################################################### | |
22 | |
23 select STDERR; $| = 1; | |
24 select STDOUT; $| = 1; | |
25 | |
26 my $t = Test::Nginx->new()->has(qw/http http_v3 cryptx/) | |
27 ->has_daemon('openssl')->plan(7) | |
28 ->write_file_expand('nginx.conf', <<'EOF'); | |
29 | |
30 %%TEST_GLOBALS%% | |
31 | |
32 daemon off; | |
33 | |
34 events { | |
35 } | |
36 | |
37 http { | |
38 %%TEST_GLOBALS_HTTP%% | |
39 | |
40 ssl_certificate_key localhost.key; | |
41 ssl_certificate localhost.crt; | |
42 quic_retry on; | |
43 | |
44 server { | |
45 listen 127.0.0.1:%%PORT_8980_UDP%% quic; | |
46 server_name localhost; | |
47 | |
48 location / { } | |
49 } | |
50 } | |
51 | |
52 EOF | |
53 | |
54 $t->write_file('openssl.conf', <<EOF); | |
55 [ req ] | |
56 default_bits = 2048 | |
57 encrypt_key = no | |
58 distinguished_name = req_distinguished_name | |
59 [ req_distinguished_name ] | |
60 EOF | |
61 | |
62 my $d = $t->testdir(); | |
63 | |
64 foreach my $name ('localhost') { | |
65 system('openssl req -x509 -new ' | |
66 . "-config $d/openssl.conf -subj /CN=$name/ " | |
67 . "-out $d/$name.crt -keyout $d/$name.key " | |
68 . ">>$d/openssl.out 2>&1") == 0 | |
69 or die "Can't create certificate for $name: $!\n"; | |
70 } | |
71 | |
72 $t->run(); | |
73 | |
74 ############################################################################### | |
75 | |
76 my ($s, $sid, $frames, $frame); | |
77 | |
78 $s = Test::Nginx::HTTP3->new(8980); | |
79 $sid = $s->new_stream(); | |
80 $frames = $s->read(all => [{ sid => $sid, fin => 1 }, { type => 'NEW_TOKEN' }]); | |
81 | |
82 ($frame) = grep { $_->{type} eq "HEADERS" } @$frames; | |
83 is($frame->{headers}->{':status'}, 403, 'retry success'); | |
84 | |
85 is(unpack("H*", $s->retry_tag()), unpack("H*", $s->retry_verify_tag()), | |
86 'retry integrity tag'); | |
87 | |
88 ($frame) = grep { $_->{type} eq "NEW_TOKEN" } @$frames; | |
89 ok(my $new_token = $frame->{token}, 'new token received'); | |
90 ok(my $retry_token = $s->retry_token(), 'retry token received'); | |
91 | |
92 # connection with new token | |
93 | |
94 $s = Test::Nginx::HTTP3->new(8980, token => $new_token); | |
95 $sid = $s->new_stream(); | |
96 $frames = $s->read(all => [{ sid => $sid, fin => 1 }]); | |
97 | |
98 ($frame) = grep { $_->{type} eq "HEADERS" } @$frames; | |
99 is($frame->{headers}->{':status'}, 403, 'new token success'); | |
100 | |
101 # connection with retry token, port won't match | |
102 | |
103 $s = Test::Nginx::HTTP3->new(8980, token => $retry_token, probe => 1); | |
104 $frames = $s->read(all => [{ type => 'CONNECTION_CLOSE' }]); | |
105 | |
106 ($frame) = grep { $_->{type} eq "CONNECTION_CLOSE" } @$frames; | |
107 is($frame->{error}, 11, 'retry token invalid'); | |
108 | |
109 # connection with retry token, corrupted | |
110 | |
111 substr($retry_token, 32) ^= "\xff"; | |
112 $s = Test::Nginx::HTTP3->new(8980, token => $retry_token, probe => 1); | |
113 $frames = $s->read(all => [{ type => 'CONNECTION_CLOSE' }]); | |
114 | |
115 ($frame) = grep { $_->{type} eq "CONNECTION_CLOSE" } @$frames; | |
116 is($frame->{error}, 11, 'retry token decrypt error'); | |
117 | |
118 ############################################################################### |