Mercurial > hg > nginx-tests
view ssl_curve.t @ 1826:1f125771f1a1
Tests: adapted session reuse tests to work with TLSv1.3.
In TLSv1.3, session tickets are sent after the handshake, and saving session
right after the handshake is not going to work. To properly test session
resumption, sessions are now saved after some data exchange.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 21 Mar 2023 02:58:02 +0300 |
parents | 34fc85598287 |
children | cdcd75657e52 |
line wrap: on
line source
#!/usr/bin/perl # (C) Sergey Kandaurov # (C) Nginx, Inc. # Tests for http ssl module, $ssl_curve variable. ############################################################################### use warnings; use strict; use Test::More; BEGIN { use FindBin; chdir($FindBin::Bin); } use lib 'lib'; use Test::Nginx; ############################################################################### select STDERR; $| = 1; select STDOUT; $| = 1; eval { require IO::Socket::SSL; }; plan(skip_all => 'IO::Socket::SSL not installed') if $@; eval { IO::Socket::SSL::SSL_VERIFY_NONE(); }; plan(skip_all => 'IO::Socket::SSL too old') if $@; my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite/) ->has_daemon('openssl'); $t->{_configure_args} =~ /OpenSSL (\d+)/; plan(skip_all => 'OpenSSL too old') unless defined $1 and $1 >= 3; $t->write_file_expand('nginx.conf', <<'EOF'); %%TEST_GLOBALS%% daemon off; events { } http { %%TEST_GLOBALS_HTTP%% ssl_certificate_key localhost.key; ssl_certificate localhost.crt; ssl_ecdh_curve prime256v1; server { listen 127.0.0.1:8443 ssl; server_name localhost; return 200 "$ssl_curve $ssl_curves"; } } EOF $t->write_file('openssl.conf', <<EOF); [ req ] default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ] EOF my $d = $t->testdir(); foreach my $name ('localhost') { system('openssl req -x509 -new ' . "-config $d/openssl.conf -subj /CN=$name/ " . "-out $d/$name.crt -keyout $d/$name.key " . ">>$d/openssl.out 2>&1") == 0 or die "Can't create certificate for $name: $!\n"; } $t->try_run('no $ssl_curve')->plan(1); ############################################################################### like(get('/curve'), qr/^prime256v1 /m, 'ssl curve'); ############################################################################### sub get { my ($uri, $port, $ctx) = @_; my $s = get_ssl_socket($port) or return; my $r = http_get($uri, socket => $s); $s->close(); return $r; } sub get_ssl_socket { my ($port, $ctx) = @_; my $s; eval { local $SIG{ALRM} = sub { die "timeout\n" }; local $SIG{PIPE} = sub { die "sigpipe\n" }; alarm(8); $s = IO::Socket::SSL->new( Proto => 'tcp', PeerAddr => '127.0.0.1', PeerPort => port(8443), SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), SSL_error_trap => sub { die $_[1] }, ); alarm(0); }; alarm(0); if ($@) { log_in("died: $@"); return undef; } return $s; } ###############################################################################