# HG changeset patch # User Sergey Kandaurov # Date 1551693756 -10800 # Node ID e1c64ee442120d1e03926fc87f6cd1ed9e0c87f4 # Parent 44973a23b03150cd11c08bae078a270644078b27 Tests: added $ssl_server_name tests with SSL session reuse. diff --git a/ssl.t b/ssl.t --- a/ssl.t +++ b/ssl.t @@ -31,7 +31,7 @@ eval { IO::Socket::SSL::SSL_VERIFY_NONE( plan(skip_all => 'IO::Socket::SSL too old') if $@; my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite proxy/) - ->has_daemon('openssl')->plan(23); + ->has_daemon('openssl')->plan(25); $t->write_file_expand('nginx.conf', <<'EOF'); @@ -62,6 +62,9 @@ http { location /reuse { return 200 "body $ssl_session_reused"; } + location /sni { + return 200 "body $ssl_session_reused:$ssl_server_name"; + } location /id { return 200 "body $ssl_session_id"; } @@ -224,6 +227,27 @@ like(get('/', 8083), qr/^body \.$/m, 'se like(get('/', 8084), qr/^body \.$/m, 'reused off initial session'); like(get('/', 8084), qr/^body \.$/m, 'session not reused 2'); +# ssl_server_name + +SKIP: { +skip 'no sni', 2 unless $t->has_module('sni'); + +$ctx = new IO::Socket::SSL::SSL_Context( + SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), + SSL_session_cache_size => 100); + +like(get('/sni', 8085), qr/^body \.:localhost$/m, 'ssl server name'); + +TODO: { +local $TODO = 'not yet' if $t->has_module('OpenSSL (1.1.1|3)') + && !$t->has_version('1.15.10'); + +like(get('/sni', 8085), qr/^body r:localhost$/m, 'ssl server name - reused'); + +} + +} + # ssl certificate inheritance my $s = get_ssl_socket($ctx, port(8081)); @@ -307,6 +331,7 @@ sub get_ssl_socket { PeerPort => $port, SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), SSL_reuse_ctx => $ctx, + SSL_hostname => 'localhost', SSL_error_trap => sub { die $_[1] }, %extra ); diff --git a/stream_ssl_variables.t b/stream_ssl_variables.t --- a/stream_ssl_variables.t +++ b/stream_ssl_variables.t @@ -40,7 +40,7 @@ eval { }; plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@; -my $t = Test::Nginx->new()->has(qw/stream stream_ssl sni stream_return/) +my $t = Test::Nginx->new()->has(qw/stream stream_ssl stream_return/) ->has_daemon('openssl'); $t->write_file_expand('nginx.conf', <<'EOF'); @@ -55,13 +55,12 @@ events { stream { ssl_certificate_key localhost.key; ssl_certificate localhost.crt; + ssl_session_cache builtin; server { listen 127.0.0.1:8080; listen 127.0.0.1:8081 ssl; return $ssl_session_reused:$ssl_session_id:$ssl_cipher:$ssl_protocol; - - ssl_session_cache builtin; } server { @@ -90,7 +89,7 @@ foreach my $name ('localhost') { or die "Can't create certificate for $name: $!\n"; } -$t->run()->plan(5); +$t->run()->plan(6); ############################################################################### @@ -107,12 +106,27 @@ my $ses = Net::SSLeay::get_session($ssl) like(Net::SSLeay::read($ssl), qr/^r:\w{64}:[\w-]+:(TLS|SSL)v(\d|\.)+$/, 'ssl variables - session reused'); +SKIP: { +skip 'no sni', 3 unless $t->has_module('sni'); + ($s, $ssl) = get_ssl_socket(port(8082), undef, 'example.com'); is(Net::SSLeay::ssl_read_all($ssl), 'example.com', 'ssl server name'); +TODO: { +local $TODO = 'not yet' if $t->has_module('OpenSSL (1.1.1|3)') + && !$t->has_version('1.15.10'); + +my $ses = Net::SSLeay::get_session($ssl); +($s, $ssl) = get_ssl_socket(port(8082), $ses); +is(Net::SSLeay::ssl_read_all($ssl), 'example.com', 'ssl server name - reused'); + +} + ($s, $ssl) = get_ssl_socket(port(8082)); is(Net::SSLeay::ssl_read_all($ssl), '', 'ssl server name empty'); +} + ############################################################################### sub get_ssl_socket {