# HG changeset patch # User Maxim Dounin # Date 1714942993 -10800 # Node ID 6d3a8f4eb9b2ec3b9a48c81dfb051acf06e67bfa # Parent 3ba1668cea87d87b1966b3481cf204cb4134fe7d Tests: relaxed SSL version used in testing. This ensures that tests can be properly run with old OpenSSL versions when using recent versions of IO::Socket::SSL (which defaults to TLS 1.2+ starting with IO::Socket:SSL version 2.082, and therefore not compatible with OpenSSL before 1.0.1). diff --git a/h2_ssl.t b/h2_ssl.t --- a/h2_ssl.t +++ b/h2_ssl.t @@ -154,6 +154,7 @@ sub get_ssl_socket { Proto => 'tcp', PeerAddr => '127.0.0.1', PeerPort => port(8080), + SSL_version => 'SSLv23', SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), SSL_alpn_protocols => $alpn, SSL_error_trap => sub { die $_[1] } diff --git a/h2_ssl_verify_client.t b/h2_ssl_verify_client.t --- a/h2_ssl_verify_client.t +++ b/h2_ssl_verify_client.t @@ -112,6 +112,7 @@ sub get_ssl_socket { Proto => 'tcp', PeerAddr => '127.0.0.1', PeerPort => port(8080), + SSL_version => 'SSLv23', SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), SSL_alpn_protocols => [ 'h2' ], SSL_hostname => $sni, diff --git a/lib/Test/Nginx.pm b/lib/Test/Nginx.pm --- a/lib/Test/Nginx.pm +++ b/lib/Test/Nginx.pm @@ -872,6 +872,7 @@ sub http_start($;%) { require IO::Socket::SSL; IO::Socket::SSL->start_SSL( $s, + SSL_version => 'SSLv23', SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), %extra diff --git a/lib/Test/Nginx/HTTP2.pm b/lib/Test/Nginx/HTTP2.pm --- a/lib/Test/Nginx/HTTP2.pm +++ b/lib/Test/Nginx/HTTP2.pm @@ -548,6 +548,7 @@ sub new_socket { ); require IO::Socket::SSL if $extra{'SSL'}; IO::Socket::SSL->start_SSL($s, + SSL_version => 'SSLv23', SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), SSL_npn_protocols => $npn ? [ $npn ] : undef, SSL_alpn_protocols => $alpn ? [ $alpn ] : undef, diff --git a/lib/Test/Nginx/IMAP.pm b/lib/Test/Nginx/IMAP.pm --- a/lib/Test/Nginx/IMAP.pm +++ b/lib/Test/Nginx/IMAP.pm @@ -38,6 +38,7 @@ sub new { require IO::Socket::SSL; IO::Socket::SSL->start_SSL( $self->{_socket}, + SSL_version => 'SSLv23', SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), @_ diff --git a/lib/Test/Nginx/POP3.pm b/lib/Test/Nginx/POP3.pm --- a/lib/Test/Nginx/POP3.pm +++ b/lib/Test/Nginx/POP3.pm @@ -38,6 +38,7 @@ sub new { require IO::Socket::SSL; IO::Socket::SSL->start_SSL( $self->{_socket}, + SSL_version => 'SSLv23', SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), @_ diff --git a/lib/Test/Nginx/SMTP.pm b/lib/Test/Nginx/SMTP.pm --- a/lib/Test/Nginx/SMTP.pm +++ b/lib/Test/Nginx/SMTP.pm @@ -38,6 +38,7 @@ sub new { require IO::Socket::SSL; IO::Socket::SSL->start_SSL( $self->{_socket}, + SSL_version => 'SSLv23', SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), @_ diff --git a/lib/Test/Nginx/Stream.pm b/lib/Test/Nginx/Stream.pm --- a/lib/Test/Nginx/Stream.pm +++ b/lib/Test/Nginx/Stream.pm @@ -54,6 +54,7 @@ sub new { require IO::Socket::SSL; IO::Socket::SSL->start_SSL( $self->{_socket}, + SSL_version => 'SSLv23', SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), @_ diff --git a/ssl.t b/ssl.t --- a/ssl.t +++ b/ssl.t @@ -315,6 +315,7 @@ sub cert { sub get_ssl_context { return IO::Socket::SSL::SSL_Context->new( + SSL_version => 'SSLv23', SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), SSL_session_cache_size => 100 ); diff --git a/ssl_proxy_upgrade.t b/ssl_proxy_upgrade.t --- a/ssl_proxy_upgrade.t +++ b/ssl_proxy_upgrade.t @@ -170,6 +170,7 @@ sub upgrade_connect { my $s = IO::Socket::SSL->new( Proto => 'tcp', PeerAddr => '127.0.0.1:' . port(8080), + SSL_version => 'SSLv23', SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), ) or die "Can't connect to nginx: $!\n"; diff --git a/ssl_sni.t b/ssl_sni.t --- a/ssl_sni.t +++ b/ssl_sni.t @@ -116,6 +116,7 @@ like(get_host('example.org', 'example.co # $ssl_server_name in sessions my $ctx = new IO::Socket::SSL::SSL_Context( + SSL_version => 'SSLv23', SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), SSL_session_cache_size => 100); diff --git a/ssl_sni_sessions.t b/ssl_sni_sessions.t --- a/ssl_sni_sessions.t +++ b/ssl_sni_sessions.t @@ -159,6 +159,7 @@ like(get('tickets', 8444, $ctx), qr!tick sub get_ssl_context { return IO::Socket::SSL::SSL_Context->new( + SSL_version => 'SSLv23', SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), SSL_session_cache_size => 100 ); diff --git a/stream_proxy_protocol_ssl.t b/stream_proxy_protocol_ssl.t --- a/stream_proxy_protocol_ssl.t +++ b/stream_proxy_protocol_ssl.t @@ -152,6 +152,7 @@ sub stream_daemon_ssl { eval { IO::Socket::SSL->start_SSL($client, SSL_server => 1, + SSL_version => 'SSLv23', SSL_cert_file => "$d/localhost.crt", SSL_key_file => "$d/localhost.key", SSL_error_trap => sub { die $_[1] } diff --git a/stream_ssl_realip.t b/stream_ssl_realip.t --- a/stream_ssl_realip.t +++ b/stream_ssl_realip.t @@ -133,6 +133,7 @@ sub pp_get { local $SIG{PIPE} = sub { die "sigpipe\n" }; alarm(8); IO::Socket::SSL->start_SSL($s, + SSL_version => 'SSLv23', SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), SSL_error_trap => sub { die $_[1] } );