Mercurial > hg > nginx-tests
comparison quic_ciphers.t @ 1911:2c5ae1e75db4
Tests: tests for TLSv1.3 ciphers in QUIC connections.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 13 Jun 2023 18:43:10 +0400 |
parents | |
children | f61d1b4ac638 |
comparison
equal
deleted
inserted
replaced
1910:e0b53fbdb5cf | 1911:2c5ae1e75db4 |
---|---|
1 #!/usr/bin/perl | |
2 | |
3 # (C) Sergey Kandaurov | |
4 # (C) Nginx, Inc. | |
5 | |
6 # Tests for various TLSv1.3 ciphers in QUIC. | |
7 | |
8 ############################################################################### | |
9 | |
10 use warnings; | |
11 use strict; | |
12 | |
13 use Test::More; | |
14 | |
15 BEGIN { use FindBin; chdir($FindBin::Bin); } | |
16 | |
17 use lib 'lib'; | |
18 use Test::Nginx; | |
19 use Test::Nginx::HTTP3; | |
20 | |
21 ############################################################################### | |
22 | |
23 select STDERR; $| = 1; | |
24 select STDOUT; $| = 1; | |
25 | |
26 my $t = Test::Nginx->new()->has(qw/http http_v3 cryptx/) | |
27 ->has_daemon('openssl')->plan(5); | |
28 | |
29 $t->write_file_expand('nginx.conf', <<'EOF'); | |
30 | |
31 %%TEST_GLOBALS%% | |
32 | |
33 daemon off; | |
34 | |
35 events { | |
36 } | |
37 | |
38 http { | |
39 %%TEST_GLOBALS_HTTP%% | |
40 | |
41 ssl_certificate_key localhost.key; | |
42 ssl_certificate localhost.crt; | |
43 | |
44 server { | |
45 listen 127.0.0.1:%%PORT_8980_UDP%% quic; | |
46 server_name localhost; | |
47 | |
48 location / { | |
49 add_header x-cipher $ssl_cipher; | |
50 add_header x-ciphers $ssl_ciphers; | |
51 } | |
52 } | |
53 } | |
54 | |
55 EOF | |
56 | |
57 $t->write_file('openssl.conf', <<EOF); | |
58 [ req ] | |
59 default_bits = 2048 | |
60 encrypt_key = no | |
61 distinguished_name = req_distinguished_name | |
62 [ req_distinguished_name ] | |
63 EOF | |
64 | |
65 my $d = $t->testdir(); | |
66 | |
67 foreach my $name ('localhost') { | |
68 system('openssl req -x509 -new ' | |
69 . "-config $d/openssl.conf -subj /CN=$name/ " | |
70 . "-out $d/$name.crt -keyout $d/$name.key " | |
71 . ">>$d/openssl.out 2>&1") == 0 | |
72 or die "Can't create certificate for $name: $!\n"; | |
73 } | |
74 | |
75 $t->write_file('index.html', ''); | |
76 $t->run(); | |
77 | |
78 ############################################################################### | |
79 | |
80 my ($s, $sid, $frames, $frame); | |
81 | |
82 is(get("\x13\x01"), 'TLS_AES_128_GCM_SHA256', 'TLS_AES_128_GCM_SHA256'); | |
83 is(get("\x13\x02"), 'TLS_AES_256_GCM_SHA384', 'TLS_AES_256_GCM_SHA384'); | |
84 is(get("\x13\x03"), 'TLS_CHACHA20_POLY1305_SHA256', | |
85 'TLS_CHACHA20_POLY1305_SHA256'); | |
86 | |
87 # TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256 | |
88 | |
89 is(get("\x13\x02\x13\x01"), 'TLS_AES_256_GCM_SHA384', 'ciphers many'); | |
90 | |
91 TODO: { | |
92 local $TODO = 'CCM cipher disabled'; | |
93 | |
94 is(get("\x13\x04\x13\x01"), 'TLS_AES_128_CCM_SHA256', 'TLS_AES_128_CCM_SHA256'); | |
95 | |
96 } | |
97 | |
98 ############################################################################### | |
99 | |
100 sub get { | |
101 my ($ciphers) = @_; | |
102 my $s = Test::Nginx::HTTP3->new(8980, ciphers => $ciphers); | |
103 my $frames = $s->read(all => [{ sid => $s->new_stream(), fin => 1 }]); | |
104 | |
105 ($frame) = grep { $_->{type} eq "HEADERS" } @$frames; | |
106 return $frame->{headers}->{'x-cipher'}; | |
107 } | |
108 | |
109 ############################################################################### |