Mercurial > hg > nginx-tests
view quic_ciphers.t @ 1961:fe6f22da53ec default tip
Tests: tests for usage of discarded body.
The client_max_body_size limit should be ignored when the request body
is already discarded. In HTTP/1.x, this is done by checking the
r->discard_body flag when the body is being discarded, and because
r->headers_in.content_length_n is 0 when it's already discarded. This,
however, does not happen with HTTP/2 and HTTP/3, and therefore
"error_page 413" does not work without relaxing the limit.
Further, with proxy_pass, r->headers_in.content_length_n is used to determine
length of the request body, and therefore is not correct if discarding of
the request body isn't yet complete. While discarding the request body,
r->headers_in.content_length_n contains the rest of the body to discard
(or, in case of chunked request body, the rest of the current chunk to
discard).
Similarly, the $content_length variable uses r->headers_in.content_length
if available, and also incorrect. The $content_length variable is used
when proxying with fastcgi_pass, grpc_pass, and uwsgi_pass (scgi_pass uses
the value calculated based on the actual request body buffers, and therefore
works correctly).
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Sat, 27 Apr 2024 18:55:50 +0300 |
| parents | 161dc73812b3 |
| children |
line wrap: on
line source
#!/usr/bin/perl # (C) Sergey Kandaurov # (C) Nginx, Inc. # Tests for various TLSv1.3 ciphers in QUIC. ############################################################################### use warnings; use strict; use Test::More; BEGIN { use FindBin; chdir($FindBin::Bin); } use lib 'lib'; use Test::Nginx; use Test::Nginx::HTTP3; ############################################################################### select STDERR; $| = 1; select STDOUT; $| = 1; my $t = Test::Nginx->new()->has(qw/http http_v3 cryptx/) ->has_daemon('openssl')->plan(5); $t->write_file_expand('nginx.conf', <<'EOF'); %%TEST_GLOBALS%% daemon off; events { } http { %%TEST_GLOBALS_HTTP%% ssl_certificate_key localhost.key; ssl_certificate localhost.crt; server { listen 127.0.0.1:%%PORT_8980_UDP%% quic; server_name localhost; location / { add_header x-cipher $ssl_cipher; add_header x-ciphers $ssl_ciphers; } } } EOF $t->write_file('openssl.conf', <<EOF); [ req ] default_bits = 2048 encrypt_key = no distinguished_name = req_distinguished_name [ req_distinguished_name ] EOF my $d = $t->testdir(); foreach my $name ('localhost') { system('openssl req -x509 -new ' . "-config $d/openssl.conf -subj /CN=$name/ " . "-out $d/$name.crt -keyout $d/$name.key " . ">>$d/openssl.out 2>&1") == 0 or die "Can't create certificate for $name: $!\n"; } $t->write_file('index.html', ''); $t->run(); ############################################################################### is(get("\x13\x01"), 'TLS_AES_128_GCM_SHA256', 'TLS_AES_128_GCM_SHA256'); is(get("\x13\x02"), 'TLS_AES_256_GCM_SHA384', 'TLS_AES_256_GCM_SHA384'); is(get("\x13\x03"), 'TLS_CHACHA20_POLY1305_SHA256', 'TLS_CHACHA20_POLY1305_SHA256'); # TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256 is(get("\x13\x02\x13\x01"), 'TLS_AES_256_GCM_SHA384', 'ciphers many'); # prefer TLS_AES_128_CCM_SHA256 with fallback to GCM, # the cipher is enabled by default in some distributions TODO: { todo_skip 'not yet', 1 unless $t->has_version('1.25.2'); like(get("\x13\x04\x13\x01"), qr/TLS_AES_128_[GC]CM_SHA256/, 'TLS_AES_128_CCM_SHA256'); } ############################################################################### sub get { my ($ciphers) = @_; my $s = Test::Nginx::HTTP3->new(8980, ciphers => $ciphers); my $frames = $s->read(all => [{ sid => $s->new_stream(), fin => 1 }]); my ($frame) = grep { $_->{type} eq "HEADERS" } @$frames; return $frame->{headers}->{'x-cipher'}; } ###############################################################################