Mercurial > hg > nginx-tests
comparison ssl_sni_sessions.t @ 752:80e17d44088c
Tests: avoid using SSL_session_key.
The SSL_session_key parameter is only available in IO::Socket::SSL
version 1.965 or later. Recreate SSL contexts instead.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Fri, 23 Oct 2015 23:25:03 +0300 |
parents | f17f83b3d8c9 |
children | 3200d5b4ffa8 |
comparison
equal
deleted
inserted
replaced
751:f17f83b3d8c9 | 752:80e17d44088c |
---|---|
129 | 129 |
130 $t->run(); | 130 $t->run(); |
131 | 131 |
132 ############################################################################### | 132 ############################################################################### |
133 | 133 |
134 my $ctx = IO::Socket::SSL::SSL_Context->new( | |
135 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), | |
136 SSL_session_cache_size => 100 | |
137 ); | |
138 | |
139 # check that everything works fine with default server | 134 # check that everything works fine with default server |
135 | |
136 my $ctx = get_ssl_context(); | |
140 | 137 |
141 like(get('default', 8443, $ctx), qr!default:\.!, 'default server'); | 138 like(get('default', 8443, $ctx), qr!default:\.!, 'default server'); |
142 like(get('default', 8443, $ctx), qr!default:r!, 'default server reused'); | 139 like(get('default', 8443, $ctx), qr!default:r!, 'default server reused'); |
143 | 140 |
144 TODO: { | 141 TODO: { |
152 # this didn't work before nginx 1.9.6 (and caused segfaults if no session | 149 # this didn't work before nginx 1.9.6 (and caused segfaults if no session |
153 # cache was configured the SNI-based virtual server), because OpenSSL, when | 150 # cache was configured the SNI-based virtual server), because OpenSSL, when |
154 # creating new sessions, uses callbacks from the default server context, but | 151 # creating new sessions, uses callbacks from the default server context, but |
155 # provides access to the SNI-selected server context only (ticket #235) | 152 # provides access to the SNI-selected server context only (ticket #235) |
156 | 153 |
154 $ctx = get_ssl_context(); | |
155 | |
157 like(get('nocache', 8443, $ctx), qr!nocache:\.!, 'without cache'); | 156 like(get('nocache', 8443, $ctx), qr!nocache:\.!, 'without cache'); |
158 like(get('nocache', 8443, $ctx), qr!nocache:r!, 'without cache reused'); | 157 like(get('nocache', 8443, $ctx), qr!nocache:r!, 'without cache reused'); |
159 | 158 |
160 # make sure tickets can be used if an SNI-based virtual server | 159 # make sure tickets can be used if an SNI-based virtual server |
161 # uses a different set of session ticket keys explicitly set | 160 # uses a different set of session ticket keys explicitly set |
162 | 161 |
162 $ctx = get_ssl_context(); | |
163 | |
163 like(get('tickets', 8444, $ctx), qr!tickets:\.!, 'tickets'); | 164 like(get('tickets', 8444, $ctx), qr!tickets:\.!, 'tickets'); |
164 like(get('tickets', 8444, $ctx), qr!tickets:r!, 'tickets reused'); | 165 like(get('tickets', 8444, $ctx), qr!tickets:r!, 'tickets reused'); |
165 | 166 |
166 } | 167 } |
167 | 168 |
168 ############################################################################### | 169 ############################################################################### |
170 | |
171 sub get_ssl_context { | |
172 return IO::Socket::SSL::SSL_Context->new( | |
173 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), | |
174 SSL_session_cache_size => 100 | |
175 ); | |
176 } | |
169 | 177 |
170 sub get_ssl_socket { | 178 sub get_ssl_socket { |
171 my ($host, $port, $ctx) = @_; | 179 my ($host, $port, $ctx) = @_; |
172 my $s; | 180 my $s; |
173 | 181 |
178 $s = IO::Socket::SSL->new( | 186 $s = IO::Socket::SSL->new( |
179 Proto => 'tcp', | 187 Proto => 'tcp', |
180 PeerAddr => '127.0.0.1', | 188 PeerAddr => '127.0.0.1', |
181 PeerPort => $port, | 189 PeerPort => $port, |
182 SSL_hostname => $host, | 190 SSL_hostname => $host, |
183 SSL_session_key => "$host:$port", | |
184 SSL_reuse_ctx => $ctx, | 191 SSL_reuse_ctx => $ctx, |
185 SSL_error_trap => sub { die $_[1] } | 192 SSL_error_trap => sub { die $_[1] } |
186 ); | 193 ); |
187 alarm(0); | 194 alarm(0); |
188 }; | 195 }; |