Mercurial > hg > nginx-tests

diff stream_ssl.t @ 1833:fd9d077fee02
Tests: separate SSL session reuse tests in stream. Instead of being mixed with generic SSL tests, session reuse variants are now tested in a separate file.
author: Maxim Dounin <mdounin@mdounin.ru>
date: Thu, 23 Mar 2023 19:49:55 +0300
parents: 1f125771f1a1
children: dbb7561a9441
--- a/stream_ssl.t
+++ b/stream_ssl.t
@@ -37,7 +37,7 @@ plan(skip_all => 'win32') if $^O eq 'MSW
 
 my $t = Test::Nginx->new()->has(qw/stream stream_ssl/)->has_daemon('openssl');
 
-$t->plan(7)->write_file_expand('nginx.conf', <<'EOF');
+$t->plan(5)->write_file_expand('nginx.conf', <<'EOF');
 
 %%TEST_GLOBALS%%
 
@@ -51,40 +51,35 @@ stream {
 
     ssl_certificate_key localhost.key;
     ssl_certificate localhost.crt;
-    ssl_session_tickets off;
 
     # inherited by server "inherits"
     ssl_password_file password_stream;
 
     server {
-        listen      127.0.0.1:8080 ssl;
+        listen      127.0.0.1:8443 ssl;
         proxy_pass  127.0.0.1:8081;
 
-        ssl_session_cache builtin;
         ssl_password_file password;
     }
 
     server {
-        listen      127.0.0.1:8082 ssl;
+        listen      127.0.0.1:8444 ssl;
         proxy_pass  127.0.0.1:8081;
 
-        ssl_session_cache off;
         ssl_password_file password_many;
     }
 
     server {
-        listen      127.0.0.1:8083 ssl;
+        listen      127.0.0.1:8445 ssl;
         proxy_pass  127.0.0.1:8081;
 
-        ssl_session_cache builtin:1000;
         ssl_password_file password_fifo;
     }
 
     server {
-        listen      127.0.0.1:8084 ssl;
+        listen      127.0.0.1:8446 ssl;
         proxy_pass  127.0.0.1:8081;
 
-        ssl_session_cache shared:SSL:1m;
         ssl_certificate_key inherits.key;
         ssl_certificate inherits.crt;
     }
@@ -115,7 +110,6 @@ foreach my $name ('localhost', 'inherits
 		or die "Can't create certificate for $name: $!\n";
 }
 
-
 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!");
 
 $t->write_file('password', 'localhost');
@@ -138,62 +132,35 @@ kill 'INT', $p if $@;
 
 ###############################################################################
 
-my ($s, $ssl, $ses);
+my ($s, $ssl);
 
-($s, $ssl) = get_ssl_socket(port(8080));
+($s, $ssl) = get_ssl_socket(8443);
 Net::SSLeay::write($ssl, "GET / HTTP/1.0$CRLF$CRLF");
 like(Net::SSLeay::read($ssl), qr/200 OK/, 'ssl');
 
-# ssl_session_cache
-
-($s, $ssl) = get_ssl_socket(port(8080));
+($s, $ssl) = get_ssl_socket(8444);
 Net::SSLeay::write($ssl, "GET / HTTP/1.0$CRLF$CRLF");
-Net::SSLeay::read($ssl);
-$ses = Net::SSLeay::get_session($ssl);
-
-($s, $ssl) = get_ssl_socket(port(8080), $ses);
-is(Net::SSLeay::session_reused($ssl), 1, 'builtin session reused');
-
-($s, $ssl) = get_ssl_socket(port(8082));
-Net::SSLeay::write($ssl, "GET / HTTP/1.0$CRLF$CRLF");
-Net::SSLeay::read($ssl);
-$ses = Net::SSLeay::get_session($ssl);
+like(Net::SSLeay::read($ssl), qr/200 OK/, 'ssl password many');
 
-($s, $ssl) = get_ssl_socket(port(8082), $ses);
-isnt(Net::SSLeay::session_reused($ssl), 1, 'session not reused');
-
-($s, $ssl) = get_ssl_socket(port(8083));
+($s, $ssl) = get_ssl_socket(8445);
 Net::SSLeay::write($ssl, "GET / HTTP/1.0$CRLF$CRLF");
-Net::SSLeay::read($ssl);
-$ses = Net::SSLeay::get_session($ssl);
-
-($s, $ssl) = get_ssl_socket(port(8083), $ses);
-is(Net::SSLeay::session_reused($ssl), 1, 'builtin size session reused');
-
-($s, $ssl) = get_ssl_socket(port(8084));
-Net::SSLeay::write($ssl, "GET / HTTP/1.0$CRLF$CRLF");
-Net::SSLeay::read($ssl);
-$ses = Net::SSLeay::get_session($ssl);
-
-($s, $ssl) = get_ssl_socket(port(8084), $ses);
-is(Net::SSLeay::session_reused($ssl), 1, 'shared session reused');
+like(Net::SSLeay::read($ssl), qr/200 OK/, 'ssl password fifo');
 
 # ssl_certificate inheritance
 
-($s, $ssl) = get_ssl_socket(port(8080));
+($s, $ssl) = get_ssl_socket(8443);
 like(Net::SSLeay::dump_peer_certificate($ssl), qr/CN=localhost/, 'CN');
 
-($s, $ssl) = get_ssl_socket(port(8084));
+($s, $ssl) = get_ssl_socket(8446);
 like(Net::SSLeay::dump_peer_certificate($ssl), qr/CN=inherits/, 'CN inner');
 
 ###############################################################################
 
 sub get_ssl_socket {
-	my ($port, $ses) = @_;
+	my ($port) = @_;
 
-	my $s = IO::Socket::INET->new('127.0.0.1:' . $port);
+	my $s = IO::Socket::INET->new('127.0.0.1:' . port($port));
 	my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!");
-	Net::SSLeay::set_session($ssl, $ses) if defined $ses;
 	Net::SSLeay::set_fd($ssl, fileno($s));
 	Net::SSLeay::connect($ssl) or die("ssl connect");
 	return ($s, $ssl);
author	Maxim Dounin <mdounin@mdounin.ru>
date	Thu, 23 Mar 2023 19:49:55 +0300
parents	1f125771f1a1
children	dbb7561a9441