Mercurial > hg > nginx-tests

comparison stream_ssl_variables.t @ 1447:e1c64ee44212

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: added $ssl_server_name tests with SSL session reuse.
author Sergey Kandaurov <pluknet@nginx.com>
date Mon, 04 Mar 2019 13:02:36 +0300
parents 766bcbb632ee
children c1b969fc7a23
comparison
equal deleted inserted replaced
1446:44973a23b031 1447:e1c64ee44212
38 my $ssl = Net::SSLeay::new($ctx) or die; 38 my $ssl = Net::SSLeay::new($ctx) or die;
39 Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die; 39 Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die;
40 }; 40 };
41 plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@; 41 plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@;
42 42
43 my $t = Test::Nginx->new()->has(qw/stream stream_ssl sni stream_return/) 43 my $t = Test::Nginx->new()->has(qw/stream stream_ssl stream_return/)
44 ->has_daemon('openssl'); 44 ->has_daemon('openssl');
45 45
46 $t->write_file_expand('nginx.conf', <<'EOF'); 46 $t->write_file_expand('nginx.conf', <<'EOF');
47 47
48 %%TEST_GLOBALS%% 48 %%TEST_GLOBALS%%
53 } 53 }
54 54
55 stream { 55 stream {
56 ssl_certificate_key localhost.key; 56 ssl_certificate_key localhost.key;
57 ssl_certificate localhost.crt; 57 ssl_certificate localhost.crt;
58 ssl_session_cache builtin;
58 59
59 server { 60 server {
60 listen 127.0.0.1:8080; 61 listen 127.0.0.1:8080;
61 listen 127.0.0.1:8081 ssl; 62 listen 127.0.0.1:8081 ssl;
62 return $ssl_session_reused:$ssl_session_id:$ssl_cipher:$ssl_protocol; 63 return $ssl_session_reused:$ssl_session_id:$ssl_cipher:$ssl_protocol;
63
64 ssl_session_cache builtin;
65 } 64 }
66 65
67 server { 66 server {
68 listen 127.0.0.1:8082 ssl; 67 listen 127.0.0.1:8082 ssl;
69 return $ssl_server_name; 68 return $ssl_server_name;
88 . "-out $d/$name.crt -keyout $d/$name.key " 87 . "-out $d/$name.crt -keyout $d/$name.key "
89 . ">>$d/openssl.out 2>&1") == 0 88 . ">>$d/openssl.out 2>&1") == 0
90 or die "Can't create certificate for $name: $!\n"; 89 or die "Can't create certificate for $name: $!\n";
91 } 90 }
92 91
93 $t->run()->plan(5); 92 $t->run()->plan(6);
94 93
95 ############################################################################### 94 ###############################################################################
96 95
97 my ($s, $ssl); 96 my ($s, $ssl);
98 97
105 my $ses = Net::SSLeay::get_session($ssl); 104 my $ses = Net::SSLeay::get_session($ssl);
106 ($s, $ssl) = get_ssl_socket(port(8081), $ses); 105 ($s, $ssl) = get_ssl_socket(port(8081), $ses);
107 like(Net::SSLeay::read($ssl), qr/^r:\w{64}:[\w-]+:(TLS|SSL)v(\d|\.)+$/, 106 like(Net::SSLeay::read($ssl), qr/^r:\w{64}:[\w-]+:(TLS|SSL)v(\d|\.)+$/,
108 'ssl variables - session reused'); 107 'ssl variables - session reused');
109 108
109 SKIP: {
110 skip 'no sni', 3 unless $t->has_module('sni');
111
110 ($s, $ssl) = get_ssl_socket(port(8082), undef, 'example.com'); 112 ($s, $ssl) = get_ssl_socket(port(8082), undef, 'example.com');
111 is(Net::SSLeay::ssl_read_all($ssl), 'example.com', 'ssl server name'); 113 is(Net::SSLeay::ssl_read_all($ssl), 'example.com', 'ssl server name');
112 114
115 TODO: {
116 local $TODO = 'not yet' if $t->has_module('OpenSSL (1.1.1|3)')
117 && !$t->has_version('1.15.10');
118
119 my $ses = Net::SSLeay::get_session($ssl);
120 ($s, $ssl) = get_ssl_socket(port(8082), $ses);
121 is(Net::SSLeay::ssl_read_all($ssl), 'example.com', 'ssl server name - reused');
122
123 }
124
113 ($s, $ssl) = get_ssl_socket(port(8082)); 125 ($s, $ssl) = get_ssl_socket(port(8082));
114 is(Net::SSLeay::ssl_read_all($ssl), '', 'ssl server name empty'); 126 is(Net::SSLeay::ssl_read_all($ssl), '', 'ssl server name empty');
127
128 }
115 129
116 ############################################################################### 130 ###############################################################################
117 131
118 sub get_ssl_socket { 132 sub get_ssl_socket {
119 my ($port, $ses, $name) = @_; 133 my ($port, $ses, $name) = @_;