# HG changeset patch # User Maxim Dounin # Date 1679590230 -10800 # Node ID 72d206b37df10c3c9f72f96613aef6df910bf6e2 # Parent 727741cdff74d1ad7e908e2649259ac47e4f2f57 Tests: fixed upstream zone ssl tests with LibreSSL and TLSv1.3. LibreSSL does not support session reuse with TLSv1.3. diff --git a/stream_upstream_zone_ssl.t b/stream_upstream_zone_ssl.t --- a/stream_upstream_zone_ssl.t +++ b/stream_upstream_zone_ssl.t @@ -82,6 +82,19 @@ stream { ssl_certificate localhost.crt; ssl_session_cache builtin; } + + server { + listen 127.0.0.1:8085; + proxy_pass 127.0.0.1:8086; + } + + server { + listen 127.0.0.1:8086 ssl; + return $ssl_protocol; + + ssl_certificate_key localhost.key; + ssl_certificate localhost.crt; + } } EOF @@ -112,13 +125,33 @@ is(stream('127.0.0.1:' . port(8080))->re is(stream('127.0.0.1:' . port(8080))->read(), '.', 'ssl 2'); is(stream('127.0.0.1:' . port(8081))->read(), '.', 'ssl session new'); + +TODO: { +local $TODO = 'no TLSv1.3 sessions in LibreSSL' + if $t->has_module('LibreSSL') and test_tls13(); + is(stream('127.0.0.1:' . port(8081))->read(), 'r', 'ssl session reused'); is(stream('127.0.0.1:' . port(8081))->read(), 'r', 'ssl session reused 2'); +} + is(stream('127.0.0.1:' . port(8082))->read(), '.', 'backup ssl'); is(stream('127.0.0.1:' . port(8082))->read(), '.', 'backup ssl 2'); is(stream('127.0.0.1:' . port(8083))->read(), '.', 'backup ssl session new'); + +TODO: { +local $TODO = 'no TLSv1.3 sessions in LibreSSL' + if $t->has_module('LibreSSL') and test_tls13(); + is(stream('127.0.0.1:' . port(8083))->read(), 'r', 'backup ssl session reused'); +} + ############################################################################### + +sub test_tls13 { + stream('127.0.0.1:' . port(8085))->read() =~ /TLSv1.3/; +} + +############################################################################### diff --git a/upstream_zone_ssl.t b/upstream_zone_ssl.t --- a/upstream_zone_ssl.t +++ b/upstream_zone_ssl.t @@ -56,6 +56,7 @@ http { location / { add_header X-Session $ssl_session_reused; + add_header X-Protocol $ssl_protocol; } } @@ -114,12 +115,32 @@ foreach my $name ('localhost') { like(http_get('/ssl'), qr/200 OK.*X-Session: \./s, 'ssl'); like(http_get('/ssl'), qr/200 OK.*X-Session: \./s, 'ssl 2'); like(http_get('/ssl_reuse'), qr/200 OK.*X-Session: \./s, 'ssl session new'); + +TODO: { +local $TODO = 'no TLSv1.3 sessions in LibreSSL' + if $t->has_module('LibreSSL') and test_tls13(); + like(http_get('/ssl_reuse'), qr/200 OK.*X-Session: r/s, 'ssl session reused'); like(http_get('/ssl_reuse'), qr/200 OK.*X-Session: r/s, 'ssl session reused 2'); +} + like(http_get('/backup'), qr/200 OK.*X-Session: \./s, 'backup'); like(http_get('/backup'), qr/200 OK.*X-Session: \./s, 'backup 2'); like(http_get('/backup_reuse'), qr/200 OK.*X-Session: \./s, 'backup new'); + +TODO: { +local $TODO = 'no TLSv1.3 sessions in LibreSSL' + if $t->has_module('LibreSSL') and test_tls13(); + like(http_get('/backup_reuse'), qr/200 OK.*X-Session: r/s, 'backup reused'); +} + ############################################################################### + +sub test_tls13 { + http_get('/ssl') =~ /TLSv1.3/; +} + +###############################################################################