Mercurial > hg > nginx-tests
view h3_ssl_session_reuse.t @ 1907:034c9121b9d1
Tests: added h2_http2.t TODOs for LibreSSL and older OpenSSL.
Those libraries provide an older callback order, where ALPN callback
is invoked before SNI callback.
Additionally, OpenSSL 1.0.2 doesn't send alert on ALPN mismatch.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Thu, 08 Jun 2023 16:41:11 +0400 |
parents | 8b74936ff2ac |
children |
line wrap: on
line source
#!/usr/bin/perl # (C) Sergey Kandaurov # (C) Nginx, Inc. # Tests for TLS session resumption with HTTP/3. ############################################################################### use warnings; use strict; use Test::More; BEGIN { use FindBin; chdir($FindBin::Bin); } use lib 'lib'; use Test::Nginx; use Test::Nginx::HTTP3; ############################################################################### select STDERR; $| = 1; select STDOUT; $| = 1; my $t = Test::Nginx->new()->has(qw/http http_v3 cryptx/) ->has_daemon('openssl')->plan(8) ->write_file_expand('nginx.conf', <<'EOF'); %%TEST_GLOBALS%% daemon off; events { } http { %%TEST_GLOBALS_HTTP%% ssl_certificate_key localhost.key; ssl_certificate localhost.crt; add_header X-Session $ssl_session_reused always; server { listen 127.0.0.1:%%PORT_8943_UDP%% quic; server_name localhost; } server { listen 127.0.0.1:%%PORT_8944_UDP%% quic; server_name localhost; ssl_session_cache shared:SSL:1m; ssl_session_tickets on; } server { listen 127.0.0.1:%%PORT_8945_UDP%% quic; server_name localhost; ssl_session_cache shared:SSL:1m; ssl_session_tickets off; } server { listen 127.0.0.1:%%PORT_8946_UDP%% quic; server_name localhost; ssl_session_cache builtin; ssl_session_tickets off; } server { listen 127.0.0.1:%%PORT_8947_UDP%% quic; server_name localhost; ssl_session_cache builtin:1000; ssl_session_tickets off; } server { listen 127.0.0.1:%%PORT_8948_UDP%% quic; server_name localhost; ssl_session_cache none; ssl_session_tickets off; } server { listen 127.0.0.1:%%PORT_8949_UDP%% quic; server_name localhost; ssl_session_cache off; ssl_session_tickets off; } } EOF $t->write_file('openssl.conf', <<EOF); [ req ] default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ] EOF my $d = $t->testdir(); foreach my $name ('localhost') { system('openssl req -x509 -new ' . "-config $d/openssl.conf -subj /CN=$name/ " . "-out $d/$name.crt -keyout $d/$name.key " . ">>$d/openssl.out 2>&1") == 0 or die "Can't create certificate for $name: $!\n"; } $t->run(); ############################################################################### # session reuse: # # - only tickets, the default # - tickets and shared cache, should work always # - only shared cache # - only builtin cache # - only builtin cache with explicitly configured size # - only cache none # - only cache off TODO: { local $TODO = 'no TLSv1.3 sessions in LibreSSL' if $t->has_module('LibreSSL'); is(test_reuse(8943), 1, 'tickets reused'); is(test_reuse(8944), 1, 'tickets and cache reused'); local $TODO = 'no TLSv1.3 session cache in BoringSSL' if $t->has_module('BoringSSL'); is(test_reuse(8945), 1, 'cache shared reused'); is(test_reuse(8946), 1, 'cache builtin reused'); is(test_reuse(8947), 1, 'cache builtin size reused'); } is(test_reuse(8948), 0, 'cache none not reused'); is(test_reuse(8949), 0, 'cache off not reused'); $t->stop(); like(`grep -F '[crit]' ${\($t->testdir())}/error.log`, qr/^$/s, 'no crit'); ############################################################################### sub test_reuse { my ($port) = @_; my $s = Test::Nginx::HTTP3->new($port); my $frames = $s->read(all => [{ sid => $s->new_stream(), fin => 1 }]); my $psk_list = $s->{psk_list}; $s = Test::Nginx::HTTP3->new($port, psk_list => $psk_list); $frames = $s->read(all => [{ sid => $s->new_stream(), fin => 1 }]); my ($frame) = grep { $_->{type} eq "HEADERS" } @$frames; return $frame->{headers}->{'x-session'} eq 'r' ? 1 : 0; } ###############################################################################