Mercurial > hg > nginx-tests

comparison quic_retry.t @ 1915:15131dd931a0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: QUIC address validation tests. While here, fixed establishing connection after receiving a Retry packet, broken after conversion to HTTP3 package.
author Sergey Kandaurov <pluknet@nginx.com>
date Tue, 20 Jun 2023 20:01:20 +0400
parents
children 161dc73812b3
comparison
equal deleted inserted replaced
1914:afbf4c06c014 1915:15131dd931a0
1 #!/usr/bin/perl
2
3 # (C) Sergey Kandaurov
4 # (C) Nginx, Inc.
5
6 # Tests for QUIC address validation.
7
8 ###############################################################################
9
10 use warnings;
11 use strict;
12
13 use Test::More;
14
15 BEGIN { use FindBin; chdir($FindBin::Bin); }
16
17 use lib 'lib';
18 use Test::Nginx;
19 use Test::Nginx::HTTP3;
20
21 ###############################################################################
22
23 select STDERR; $| = 1;
24 select STDOUT; $| = 1;
25
26 my $t = Test::Nginx->new()->has(qw/http http_v3 cryptx/)
27 ->has_daemon('openssl')->plan(7)
28 ->write_file_expand('nginx.conf', <<'EOF');
29
30 %%TEST_GLOBALS%%
31
32 daemon off;
33
34 events {
35 }
36
37 http {
38 %%TEST_GLOBALS_HTTP%%
39
40 ssl_certificate_key localhost.key;
41 ssl_certificate localhost.crt;
42 quic_retry on;
43
44 server {
45 listen 127.0.0.1:%%PORT_8980_UDP%% quic;
46 server_name localhost;
47
48 location / { }
49 }
50 }
51
52 EOF
53
54 $t->write_file('openssl.conf', <<EOF);
55 [ req ]
56 default_bits = 2048
57 encrypt_key = no
58 distinguished_name = req_distinguished_name
59 [ req_distinguished_name ]
60 EOF
61
62 my $d = $t->testdir();
63
64 foreach my $name ('localhost') {
65 system('openssl req -x509 -new '
66 . "-config $d/openssl.conf -subj /CN=$name/ "
67 . "-out $d/$name.crt -keyout $d/$name.key "
68 . ">>$d/openssl.out 2>&1") == 0
69 or die "Can't create certificate for $name: $!\n";
70 }
71
72 $t->run();
73
74 ###############################################################################
75
76 my ($s, $sid, $frames, $frame);
77
78 $s = Test::Nginx::HTTP3->new(8980);
79 $sid = $s->new_stream();
80 $frames = $s->read(all => [{ sid => $sid, fin => 1 }, { type => 'NEW_TOKEN' }]);
81
82 ($frame) = grep { $_->{type} eq "HEADERS" } @$frames;
83 is($frame->{headers}->{':status'}, 403, 'retry success');
84
85 is(unpack("H*", $s->retry_tag()), unpack("H*", $s->retry_verify_tag()),
86 'retry integrity tag');
87
88 ($frame) = grep { $_->{type} eq "NEW_TOKEN" } @$frames;
89 ok(my $new_token = $frame->{token}, 'new token received');
90 ok(my $retry_token = $s->retry_token(), 'retry token received');
91
92 # connection with new token
93
94 $s = Test::Nginx::HTTP3->new(8980, token => $new_token);
95 $sid = $s->new_stream();
96 $frames = $s->read(all => [{ sid => $sid, fin => 1 }]);
97
98 ($frame) = grep { $_->{type} eq "HEADERS" } @$frames;
99 is($frame->{headers}->{':status'}, 403, 'new token success');
100
101 # connection with retry token, port won't match
102
103 $s = Test::Nginx::HTTP3->new(8980, token => $retry_token, probe => 1);
104 $frames = $s->read(all => [{ type => 'CONNECTION_CLOSE' }]);
105
106 ($frame) = grep { $_->{type} eq "CONNECTION_CLOSE" } @$frames;
107 is($frame->{error}, 11, 'retry token invalid');
108
109 # connection with retry token, corrupted
110
111 substr($retry_token, 32) ^= "\xff";
112 $s = Test::Nginx::HTTP3->new(8980, token => $retry_token, probe => 1);
113 $frames = $s->read(all => [{ type => 'CONNECTION_CLOSE' }]);
114
115 ($frame) = grep { $_->{type} eq "CONNECTION_CLOSE" } @$frames;
116 is($frame->{error}, 11, 'retry token decrypt error');
117
118 ###############################################################################