Mercurial > hg > nginx-tests

comparison ssl_sni_sessions.t @ 752:80e17d44088c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: avoid using SSL_session_key. The SSL_session_key parameter is only available in IO::Socket::SSL version 1.965 or later. Recreate SSL contexts instead.
author Maxim Dounin <mdounin@mdounin.ru>
date Fri, 23 Oct 2015 23:25:03 +0300
parents f17f83b3d8c9
children 3200d5b4ffa8
comparison
equal deleted inserted replaced
751:f17f83b3d8c9 752:80e17d44088c
129 129
130 $t->run(); 130 $t->run();
131 131
132 ############################################################################### 132 ###############################################################################
133 133
134 my $ctx = IO::Socket::SSL::SSL_Context->new(
135 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
136 SSL_session_cache_size => 100
137 );
138
139 # check that everything works fine with default server 134 # check that everything works fine with default server
135
136 my $ctx = get_ssl_context();
140 137
141 like(get('default', 8443, $ctx), qr!default:\.!, 'default server'); 138 like(get('default', 8443, $ctx), qr!default:\.!, 'default server');
142 like(get('default', 8443, $ctx), qr!default:r!, 'default server reused'); 139 like(get('default', 8443, $ctx), qr!default:r!, 'default server reused');
143 140
144 TODO: { 141 TODO: {
152 # this didn't work before nginx 1.9.6 (and caused segfaults if no session 149 # this didn't work before nginx 1.9.6 (and caused segfaults if no session
153 # cache was configured the SNI-based virtual server), because OpenSSL, when 150 # cache was configured the SNI-based virtual server), because OpenSSL, when
154 # creating new sessions, uses callbacks from the default server context, but 151 # creating new sessions, uses callbacks from the default server context, but
155 # provides access to the SNI-selected server context only (ticket #235) 152 # provides access to the SNI-selected server context only (ticket #235)
156 153
154 $ctx = get_ssl_context();
155
157 like(get('nocache', 8443, $ctx), qr!nocache:\.!, 'without cache'); 156 like(get('nocache', 8443, $ctx), qr!nocache:\.!, 'without cache');
158 like(get('nocache', 8443, $ctx), qr!nocache:r!, 'without cache reused'); 157 like(get('nocache', 8443, $ctx), qr!nocache:r!, 'without cache reused');
159 158
160 # make sure tickets can be used if an SNI-based virtual server 159 # make sure tickets can be used if an SNI-based virtual server
161 # uses a different set of session ticket keys explicitly set 160 # uses a different set of session ticket keys explicitly set
162 161
162 $ctx = get_ssl_context();
163
163 like(get('tickets', 8444, $ctx), qr!tickets:\.!, 'tickets'); 164 like(get('tickets', 8444, $ctx), qr!tickets:\.!, 'tickets');
164 like(get('tickets', 8444, $ctx), qr!tickets:r!, 'tickets reused'); 165 like(get('tickets', 8444, $ctx), qr!tickets:r!, 'tickets reused');
165 166
166 } 167 }
167 168
168 ############################################################################### 169 ###############################################################################
170
171 sub get_ssl_context {
172 return IO::Socket::SSL::SSL_Context->new(
173 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
174 SSL_session_cache_size => 100
175 );
176 }
169 177
170 sub get_ssl_socket { 178 sub get_ssl_socket {
171 my ($host, $port, $ctx) = @_; 179 my ($host, $port, $ctx) = @_;
172 my $s; 180 my $s;
173 181
178 $s = IO::Socket::SSL->new( 186 $s = IO::Socket::SSL->new(
179 Proto => 'tcp', 187 Proto => 'tcp',
180 PeerAddr => '127.0.0.1', 188 PeerAddr => '127.0.0.1',
181 PeerPort => $port, 189 PeerPort => $port,
182 SSL_hostname => $host, 190 SSL_hostname => $host,
183 SSL_session_key => "$host:$port",
184 SSL_reuse_ctx => $ctx, 191 SSL_reuse_ctx => $ctx,
185 SSL_error_trap => sub { die $_[1] } 192 SSL_error_trap => sub { die $_[1] }
186 ); 193 );
187 alarm(0); 194 alarm(0);
188 }; 195 };