Mercurial > hg > nginx-tests
comparison mail_ssl_session_reuse.t @ 1831:f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Instead of being mixed with generic SSL tests, session reuse variants
are now tested in a separate file.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Thu, 23 Mar 2023 19:49:51 +0300 |
| parents | mail_ssl.t@1f125771f1a1 |
| children | 2e541778e5d8 |
comparison
equal
deleted
inserted
replaced
| 1830:8dec885fa3da | 1831:f6d1f82f314b |
|---|---|
| 1 #!/usr/bin/perl | |
| 2 | |
| 3 # (C) Andrey Zelenkov | |
| 4 # (C) Maxim Dounin | |
| 5 # (C) Nginx, Inc. | |
| 6 | |
| 7 # Tests for mail ssl module, session reuse. | |
| 8 | |
| 9 ############################################################################### | |
| 10 | |
| 11 use warnings; | |
| 12 use strict; | |
| 13 | |
| 14 use Test::More; | |
| 15 | |
| 16 BEGIN { use FindBin; chdir($FindBin::Bin); } | |
| 17 | |
| 18 use lib 'lib'; | |
| 19 use Test::Nginx; | |
| 20 | |
| 21 ############################################################################### | |
| 22 | |
| 23 select STDERR; $| = 1; | |
| 24 select STDOUT; $| = 1; | |
| 25 | |
| 26 eval { | |
| 27 require Net::SSLeay; | |
| 28 Net::SSLeay::load_error_strings(); | |
| 29 Net::SSLeay::SSLeay_add_ssl_algorithms(); | |
| 30 Net::SSLeay::randomize(); | |
| 31 }; | |
| 32 plan(skip_all => 'Net::SSLeay not installed') if $@; | |
| 33 | |
| 34 my $t = Test::Nginx->new()->has(qw/mail mail_ssl imap/) | |
| 35 ->has_daemon('openssl')->plan(7); | |
| 36 | |
| 37 $t->write_file_expand('nginx.conf', <<'EOF'); | |
| 38 | |
| 39 %%TEST_GLOBALS%% | |
| 40 | |
| 41 daemon off; | |
| 42 | |
| 43 events { | |
| 44 } | |
| 45 | |
| 46 mail { | |
| 47 auth_http http://127.0.0.1:8080; | |
| 48 | |
| 49 ssl_certificate localhost.crt; | |
| 50 ssl_certificate_key localhost.key; | |
| 51 | |
| 52 server { | |
| 53 listen 127.0.0.1:8993 ssl; | |
| 54 protocol imap; | |
| 55 } | |
| 56 | |
| 57 server { | |
| 58 listen 127.0.0.1:8994 ssl; | |
| 59 protocol imap; | |
| 60 | |
| 61 ssl_session_cache shared:SSL:1m; | |
| 62 ssl_session_tickets on; | |
| 63 } | |
| 64 | |
| 65 server { | |
| 66 listen 127.0.0.1:8995 ssl; | |
| 67 protocol imap; | |
| 68 | |
| 69 ssl_session_cache shared:SSL:1m; | |
| 70 ssl_session_tickets off; | |
| 71 } | |
| 72 | |
| 73 server { | |
| 74 listen 127.0.0.1:8996 ssl; | |
| 75 protocol imap; | |
| 76 | |
| 77 ssl_session_cache builtin; | |
| 78 ssl_session_tickets off; | |
| 79 } | |
| 80 | |
| 81 server { | |
| 82 listen 127.0.0.1:8997 ssl; | |
| 83 protocol imap; | |
| 84 | |
| 85 ssl_session_cache builtin:1000; | |
| 86 ssl_session_tickets off; | |
| 87 } | |
| 88 | |
| 89 server { | |
| 90 listen 127.0.0.1:8998 ssl; | |
| 91 protocol imap; | |
| 92 | |
| 93 ssl_session_cache none; | |
| 94 ssl_session_tickets off; | |
| 95 } | |
| 96 | |
| 97 server { | |
| 98 listen 127.0.0.1:8999 ssl; | |
| 99 protocol imap; | |
| 100 | |
| 101 ssl_session_cache off; | |
| 102 ssl_session_tickets off; | |
| 103 } | |
| 104 } | |
| 105 | |
| 106 EOF | |
| 107 | |
| 108 $t->write_file('openssl.conf', <<EOF); | |
| 109 [ req ] | |
| 110 default_bits = 2048 | |
| 111 encrypt_key = no | |
| 112 distinguished_name = req_distinguished_name | |
| 113 [ req_distinguished_name ] | |
| 114 EOF | |
| 115 | |
| 116 my $d = $t->testdir(); | |
| 117 | |
| 118 foreach my $name ('localhost') { | |
| 119 system('openssl req -x509 -new ' | |
| 120 . "-config $d/openssl.conf -subj /CN=$name/ " | |
| 121 . "-out $d/$name.crt -keyout $d/$name.key " | |
| 122 . ">>$d/openssl.out 2>&1") == 0 | |
| 123 or die "Can't create certificate for $name: $!\n"; | |
| 124 } | |
| 125 | |
| 126 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!"); | |
| 127 | |
| 128 $t->run(); | |
| 129 | |
| 130 ############################################################################### | |
| 131 | |
| 132 # session reuse: | |
| 133 # | |
| 134 # - only tickets, the default | |
| 135 # - tickets and shared cache, should work always | |
| 136 # - only shared cache | |
| 137 # - only builtin cache | |
| 138 # - only builtin cache with explicitly configured size | |
| 139 # - only cache none | |
| 140 # - only cache off | |
| 141 | |
| 142 is(test_reuse(8993), 1, 'tickets reused'); | |
| 143 is(test_reuse(8994), 1, 'tickets and cache reused'); | |
| 144 is(test_reuse(8995), 1, 'cache shared reused'); | |
| 145 is(test_reuse(8996), 1, 'cache builtin reused'); | |
| 146 is(test_reuse(8997), 1, 'cache builtin size reused'); | |
| 147 is(test_reuse(8998), 0, 'cache none not reused'); | |
| 148 is(test_reuse(8999), 0, 'cache off not reused'); | |
| 149 | |
| 150 ############################################################################### | |
| 151 | |
| 152 sub test_reuse { | |
| 153 my ($port) = @_; | |
| 154 my ($s, $ssl) = get_ssl_socket($port); | |
| 155 Net::SSLeay::read($ssl); | |
| 156 my $ses = Net::SSLeay::get_session($ssl); | |
| 157 ($s, $ssl) = get_ssl_socket($port, $ses); | |
| 158 return Net::SSLeay::session_reused($ssl); | |
| 159 } | |
| 160 | |
| 161 sub get_ssl_socket { | |
| 162 my ($port, $ses) = @_; | |
| 163 | |
| 164 my $s = IO::Socket::INET->new('127.0.0.1:' . port($port)); | |
| 165 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!"); | |
| 166 Net::SSLeay::set_session($ssl, $ses) if defined $ses; | |
| 167 Net::SSLeay::set_fd($ssl, fileno($s)); | |
| 168 Net::SSLeay::connect($ssl) == 1 or return; | |
| 169 return ($s, $ssl); | |
| 170 } | |
| 171 | |
| 172 ############################################################################### |