Mercurial > hg > nginx-tests
comparison ssl_sni_sessions.t @ 1866:a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
The http SSL tests which previously used IO::Socket::SSL were converted
to use improved IO::Socket::SSL infrastructure in Test::Nginx.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 18 May 2023 18:07:19 +0300 |
parents | cdcd75657e52 |
children | c924ae8d7104 |
comparison
equal
deleted
inserted
replaced
1865:0e1865aa9b33 | 1866:a797d7428fa5 |
---|---|
108 $t->write_file('ticket1.key', '1' x 48); | 108 $t->write_file('ticket1.key', '1' x 48); |
109 $t->write_file('ticket2.key', '2' x 48); | 109 $t->write_file('ticket2.key', '2' x 48); |
110 | 110 |
111 $t->run(); | 111 $t->run(); |
112 | 112 |
113 plan(skip_all => 'no TLS 1.3 sessions') | 113 plan(skip_all => 'no TLSv1.3 sessions, old Net::SSLeay') |
114 if get('default', port(8443), get_ssl_context()) =~ /TLSv1.3/ | 114 if $Net::SSLeay::VERSION < 1.88 && test_tls13(); |
115 && ($Net::SSLeay::VERSION < 1.88 || $IO::Socket::SSL::VERSION < 2.061); | 115 plan(skip_all => 'no TLSv1.3 sessions, old IO::Socket::SSL') |
116 plan(skip_all => 'no TLS 1.3 sessions in LibreSSL') | 116 if $IO::Socket::SSL::VERSION < 2.061 && test_tls13(); |
117 if get('default', port(8443), get_ssl_context()) =~ /TLSv1.3/ | 117 plan(skip_all => 'no TLSv1.3 sessions in LibreSSL') |
118 && $t->has_module('LibreSSL'); | 118 if $t->has_module('LibreSSL') && test_tls13(); |
119 plan(skip_all => 'no TLS 1.3 session cache in BoringSSL') | 119 plan(skip_all => 'no TLS 1.3 session cache in BoringSSL') |
120 if get('default', port(8443), get_ssl_context()) =~ /TLSv1.3/ | 120 if $t->has_module('BoringSSL') && test_tls13(); |
121 && $t->has_module('BoringSSL'); | |
122 | 121 |
123 $t->plan(6); | 122 $t->plan(6); |
124 | 123 |
125 ############################################################################### | 124 ############################################################################### |
126 | 125 |
127 # check that everything works fine with default server | 126 # check that everything works fine with default server |
128 | 127 |
129 my $ctx = get_ssl_context(); | 128 my $ctx = get_ssl_context(); |
130 | 129 |
131 like(get('default', port(8443), $ctx), qr!default:\.!, 'default server'); | 130 like(get('default', 8443, $ctx), qr!default:\.!, 'default server'); |
132 like(get('default', port(8443), $ctx), qr!default:r!, 'default server reused'); | 131 like(get('default', 8443, $ctx), qr!default:r!, 'default server reused'); |
133 | 132 |
134 # check that sessions are still properly saved and restored | 133 # check that sessions are still properly saved and restored |
135 # when using an SNI-based virtual server with different session cache; | 134 # when using an SNI-based virtual server with different session cache; |
136 # as session resumption happens before SNI, only default server | 135 # as session resumption happens before SNI, only default server |
137 # settings are expected to matter | 136 # settings are expected to matter |
141 # creating new sessions, uses callbacks from the default server context, but | 140 # creating new sessions, uses callbacks from the default server context, but |
142 # provides access to the SNI-selected server context only (ticket #235) | 141 # provides access to the SNI-selected server context only (ticket #235) |
143 | 142 |
144 $ctx = get_ssl_context(); | 143 $ctx = get_ssl_context(); |
145 | 144 |
146 like(get('nocache', port(8443), $ctx), qr!nocache:\.!, 'without cache'); | 145 like(get('nocache', 8443, $ctx), qr!nocache:\.!, 'without cache'); |
147 like(get('nocache', port(8443), $ctx), qr!nocache:r!, 'without cache reused'); | 146 like(get('nocache', 8443, $ctx), qr!nocache:r!, 'without cache reused'); |
148 | 147 |
149 # make sure tickets can be used if an SNI-based virtual server | 148 # make sure tickets can be used if an SNI-based virtual server |
150 # uses a different set of session ticket keys explicitly set | 149 # uses a different set of session ticket keys explicitly set |
151 | 150 |
152 $ctx = get_ssl_context(); | 151 $ctx = get_ssl_context(); |
153 | 152 |
154 like(get('tickets', port(8444), $ctx), qr!tickets:\.!, 'tickets'); | 153 like(get('tickets', 8444, $ctx), qr!tickets:\.!, 'tickets'); |
155 like(get('tickets', port(8444), $ctx), qr!tickets:r!, 'tickets reused'); | 154 like(get('tickets', 8444, $ctx), qr!tickets:r!, 'tickets reused'); |
156 | 155 |
157 ############################################################################### | 156 ############################################################################### |
158 | 157 |
159 sub get_ssl_context { | 158 sub get_ssl_context { |
160 return IO::Socket::SSL::SSL_Context->new( | 159 return IO::Socket::SSL::SSL_Context->new( |
161 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), | 160 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
162 SSL_session_cache_size => 100 | 161 SSL_session_cache_size => 100 |
163 ); | 162 ); |
164 } | 163 } |
165 | 164 |
166 sub get_ssl_socket { | 165 sub get { |
167 my ($host, $port, $ctx) = @_; | 166 my ($host, $port, $ctx) = @_; |
168 my $s; | 167 return http( |
169 | 168 "GET / HTTP/1.0\nHost: $host\n\n", |
170 eval { | 169 PeerAddr => '127.0.0.1:' . port($port), |
171 local $SIG{ALRM} = sub { die "timeout\n" }; | 170 SSL => 1, |
172 local $SIG{PIPE} = sub { die "sigpipe\n" }; | 171 SSL_hostname => $host, |
173 alarm(8); | 172 SSL_reuse_ctx => $ctx |
174 $s = IO::Socket::SSL->new( | 173 ); |
175 Proto => 'tcp', | |
176 PeerAddr => '127.0.0.1', | |
177 PeerPort => $port, | |
178 SSL_hostname => $host, | |
179 SSL_reuse_ctx => $ctx, | |
180 SSL_error_trap => sub { die $_[1] } | |
181 ); | |
182 alarm(0); | |
183 }; | |
184 alarm(0); | |
185 | |
186 if ($@) { | |
187 log_in("died: $@"); | |
188 return undef; | |
189 } | |
190 | |
191 return $s; | |
192 } | 174 } |
193 | 175 |
194 sub get { | 176 sub test_tls13 { |
195 my ($host, $port, $ctx) = @_; | 177 return get('default', 8443) =~ /TLSv1.3/; |
196 | |
197 my $s = get_ssl_socket($host, $port, $ctx) or return; | |
198 my $r = http(<<EOF, socket => $s); | |
199 GET / HTTP/1.0 | |
200 Host: $host | |
201 | |
202 EOF | |
203 | |
204 $s->close(); | |
205 return $r; | |
206 } | 178 } |
207 | 179 |
208 ############################################################################### | 180 ############################################################################### |