Mercurial > hg > nginx-tests
comparison stream_ssl_variables.t @ 1447:e1c64ee44212
Tests: added $ssl_server_name tests with SSL session reuse.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Mon, 04 Mar 2019 13:02:36 +0300 |
parents | 766bcbb632ee |
children | c1b969fc7a23 |
comparison
equal
deleted
inserted
replaced
1446:44973a23b031 | 1447:e1c64ee44212 |
---|---|
38 my $ssl = Net::SSLeay::new($ctx) or die; | 38 my $ssl = Net::SSLeay::new($ctx) or die; |
39 Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die; | 39 Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die; |
40 }; | 40 }; |
41 plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@; | 41 plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@; |
42 | 42 |
43 my $t = Test::Nginx->new()->has(qw/stream stream_ssl sni stream_return/) | 43 my $t = Test::Nginx->new()->has(qw/stream stream_ssl stream_return/) |
44 ->has_daemon('openssl'); | 44 ->has_daemon('openssl'); |
45 | 45 |
46 $t->write_file_expand('nginx.conf', <<'EOF'); | 46 $t->write_file_expand('nginx.conf', <<'EOF'); |
47 | 47 |
48 %%TEST_GLOBALS%% | 48 %%TEST_GLOBALS%% |
53 } | 53 } |
54 | 54 |
55 stream { | 55 stream { |
56 ssl_certificate_key localhost.key; | 56 ssl_certificate_key localhost.key; |
57 ssl_certificate localhost.crt; | 57 ssl_certificate localhost.crt; |
58 ssl_session_cache builtin; | |
58 | 59 |
59 server { | 60 server { |
60 listen 127.0.0.1:8080; | 61 listen 127.0.0.1:8080; |
61 listen 127.0.0.1:8081 ssl; | 62 listen 127.0.0.1:8081 ssl; |
62 return $ssl_session_reused:$ssl_session_id:$ssl_cipher:$ssl_protocol; | 63 return $ssl_session_reused:$ssl_session_id:$ssl_cipher:$ssl_protocol; |
63 | |
64 ssl_session_cache builtin; | |
65 } | 64 } |
66 | 65 |
67 server { | 66 server { |
68 listen 127.0.0.1:8082 ssl; | 67 listen 127.0.0.1:8082 ssl; |
69 return $ssl_server_name; | 68 return $ssl_server_name; |
88 . "-out $d/$name.crt -keyout $d/$name.key " | 87 . "-out $d/$name.crt -keyout $d/$name.key " |
89 . ">>$d/openssl.out 2>&1") == 0 | 88 . ">>$d/openssl.out 2>&1") == 0 |
90 or die "Can't create certificate for $name: $!\n"; | 89 or die "Can't create certificate for $name: $!\n"; |
91 } | 90 } |
92 | 91 |
93 $t->run()->plan(5); | 92 $t->run()->plan(6); |
94 | 93 |
95 ############################################################################### | 94 ############################################################################### |
96 | 95 |
97 my ($s, $ssl); | 96 my ($s, $ssl); |
98 | 97 |
105 my $ses = Net::SSLeay::get_session($ssl); | 104 my $ses = Net::SSLeay::get_session($ssl); |
106 ($s, $ssl) = get_ssl_socket(port(8081), $ses); | 105 ($s, $ssl) = get_ssl_socket(port(8081), $ses); |
107 like(Net::SSLeay::read($ssl), qr/^r:\w{64}:[\w-]+:(TLS|SSL)v(\d|\.)+$/, | 106 like(Net::SSLeay::read($ssl), qr/^r:\w{64}:[\w-]+:(TLS|SSL)v(\d|\.)+$/, |
108 'ssl variables - session reused'); | 107 'ssl variables - session reused'); |
109 | 108 |
109 SKIP: { | |
110 skip 'no sni', 3 unless $t->has_module('sni'); | |
111 | |
110 ($s, $ssl) = get_ssl_socket(port(8082), undef, 'example.com'); | 112 ($s, $ssl) = get_ssl_socket(port(8082), undef, 'example.com'); |
111 is(Net::SSLeay::ssl_read_all($ssl), 'example.com', 'ssl server name'); | 113 is(Net::SSLeay::ssl_read_all($ssl), 'example.com', 'ssl server name'); |
112 | 114 |
115 TODO: { | |
116 local $TODO = 'not yet' if $t->has_module('OpenSSL (1.1.1|3)') | |
117 && !$t->has_version('1.15.10'); | |
118 | |
119 my $ses = Net::SSLeay::get_session($ssl); | |
120 ($s, $ssl) = get_ssl_socket(port(8082), $ses); | |
121 is(Net::SSLeay::ssl_read_all($ssl), 'example.com', 'ssl server name - reused'); | |
122 | |
123 } | |
124 | |
113 ($s, $ssl) = get_ssl_socket(port(8082)); | 125 ($s, $ssl) = get_ssl_socket(port(8082)); |
114 is(Net::SSLeay::ssl_read_all($ssl), '', 'ssl server name empty'); | 126 is(Net::SSLeay::ssl_read_all($ssl), '', 'ssl server name empty'); |
127 | |
128 } | |
115 | 129 |
116 ############################################################################### | 130 ############################################################################### |
117 | 131 |
118 sub get_ssl_socket { | 132 sub get_ssl_socket { |
119 my ($port, $ses, $name) = @_; | 133 my ($port, $ses, $name) = @_; |