Mercurial > hg > nginx-tests
diff stream_ssl.t @ 1833:fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Instead of being mixed with generic SSL tests, session reuse variants
are now tested in a separate file.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 23 Mar 2023 19:49:55 +0300 |
parents | 1f125771f1a1 |
children | dbb7561a9441 |
line wrap: on
line diff
--- a/stream_ssl.t +++ b/stream_ssl.t @@ -37,7 +37,7 @@ plan(skip_all => 'win32') if $^O eq 'MSW my $t = Test::Nginx->new()->has(qw/stream stream_ssl/)->has_daemon('openssl'); -$t->plan(7)->write_file_expand('nginx.conf', <<'EOF'); +$t->plan(5)->write_file_expand('nginx.conf', <<'EOF'); %%TEST_GLOBALS%% @@ -51,40 +51,35 @@ stream { ssl_certificate_key localhost.key; ssl_certificate localhost.crt; - ssl_session_tickets off; # inherited by server "inherits" ssl_password_file password_stream; server { - listen 127.0.0.1:8080 ssl; + listen 127.0.0.1:8443 ssl; proxy_pass 127.0.0.1:8081; - ssl_session_cache builtin; ssl_password_file password; } server { - listen 127.0.0.1:8082 ssl; + listen 127.0.0.1:8444 ssl; proxy_pass 127.0.0.1:8081; - ssl_session_cache off; ssl_password_file password_many; } server { - listen 127.0.0.1:8083 ssl; + listen 127.0.0.1:8445 ssl; proxy_pass 127.0.0.1:8081; - ssl_session_cache builtin:1000; ssl_password_file password_fifo; } server { - listen 127.0.0.1:8084 ssl; + listen 127.0.0.1:8446 ssl; proxy_pass 127.0.0.1:8081; - ssl_session_cache shared:SSL:1m; ssl_certificate_key inherits.key; ssl_certificate inherits.crt; } @@ -115,7 +110,6 @@ foreach my $name ('localhost', 'inherits or die "Can't create certificate for $name: $!\n"; } - my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!"); $t->write_file('password', 'localhost'); @@ -138,62 +132,35 @@ kill 'INT', $p if $@; ############################################################################### -my ($s, $ssl, $ses); +my ($s, $ssl); -($s, $ssl) = get_ssl_socket(port(8080)); +($s, $ssl) = get_ssl_socket(8443); Net::SSLeay::write($ssl, "GET / HTTP/1.0$CRLF$CRLF"); like(Net::SSLeay::read($ssl), qr/200 OK/, 'ssl'); -# ssl_session_cache - -($s, $ssl) = get_ssl_socket(port(8080)); +($s, $ssl) = get_ssl_socket(8444); Net::SSLeay::write($ssl, "GET / HTTP/1.0$CRLF$CRLF"); -Net::SSLeay::read($ssl); -$ses = Net::SSLeay::get_session($ssl); - -($s, $ssl) = get_ssl_socket(port(8080), $ses); -is(Net::SSLeay::session_reused($ssl), 1, 'builtin session reused'); - -($s, $ssl) = get_ssl_socket(port(8082)); -Net::SSLeay::write($ssl, "GET / HTTP/1.0$CRLF$CRLF"); -Net::SSLeay::read($ssl); -$ses = Net::SSLeay::get_session($ssl); +like(Net::SSLeay::read($ssl), qr/200 OK/, 'ssl password many'); -($s, $ssl) = get_ssl_socket(port(8082), $ses); -isnt(Net::SSLeay::session_reused($ssl), 1, 'session not reused'); - -($s, $ssl) = get_ssl_socket(port(8083)); +($s, $ssl) = get_ssl_socket(8445); Net::SSLeay::write($ssl, "GET / HTTP/1.0$CRLF$CRLF"); -Net::SSLeay::read($ssl); -$ses = Net::SSLeay::get_session($ssl); - -($s, $ssl) = get_ssl_socket(port(8083), $ses); -is(Net::SSLeay::session_reused($ssl), 1, 'builtin size session reused'); - -($s, $ssl) = get_ssl_socket(port(8084)); -Net::SSLeay::write($ssl, "GET / HTTP/1.0$CRLF$CRLF"); -Net::SSLeay::read($ssl); -$ses = Net::SSLeay::get_session($ssl); - -($s, $ssl) = get_ssl_socket(port(8084), $ses); -is(Net::SSLeay::session_reused($ssl), 1, 'shared session reused'); +like(Net::SSLeay::read($ssl), qr/200 OK/, 'ssl password fifo'); # ssl_certificate inheritance -($s, $ssl) = get_ssl_socket(port(8080)); +($s, $ssl) = get_ssl_socket(8443); like(Net::SSLeay::dump_peer_certificate($ssl), qr/CN=localhost/, 'CN'); -($s, $ssl) = get_ssl_socket(port(8084)); +($s, $ssl) = get_ssl_socket(8446); like(Net::SSLeay::dump_peer_certificate($ssl), qr/CN=inherits/, 'CN inner'); ############################################################################### sub get_ssl_socket { - my ($port, $ses) = @_; + my ($port) = @_; - my $s = IO::Socket::INET->new('127.0.0.1:' . $port); + my $s = IO::Socket::INET->new('127.0.0.1:' . port($port)); my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!"); - Net::SSLeay::set_session($ssl, $ses) if defined $ses; Net::SSLeay::set_fd($ssl, fileno($s)); Net::SSLeay::connect($ssl) or die("ssl connect"); return ($s, $ssl);