# HG changeset patch # User Sergey Kandaurov # Date 1551781290 -10800 # Node ID eeababfd87269ff1353bb338ea51638aab66e465 # Parent c1b969fc7a23c0e00cda7fc9c7f15f8105cd98e0 Tests: moved $ssl_server_name tests in http to ssl_sni.t. The tests need appropriate checks for ancient IO::Socket::SSL versions. diff --git a/ssl.t b/ssl.t --- a/ssl.t +++ b/ssl.t @@ -31,7 +31,7 @@ eval { IO::Socket::SSL::SSL_VERIFY_NONE( plan(skip_all => 'IO::Socket::SSL too old') if $@; my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite proxy/) - ->has_daemon('openssl')->plan(25); + ->has_daemon('openssl')->plan(23); $t->write_file_expand('nginx.conf', <<'EOF'); @@ -62,9 +62,6 @@ http { location /reuse { return 200 "body $ssl_session_reused"; } - location /sni { - return 200 "body $ssl_session_reused:$ssl_server_name"; - } location /id { return 200 "body $ssl_session_id"; } @@ -227,27 +224,6 @@ like(get('/', 8083), qr/^body \.$/m, 'se like(get('/', 8084), qr/^body \.$/m, 'reused off initial session'); like(get('/', 8084), qr/^body \.$/m, 'session not reused 2'); -# ssl_server_name - -SKIP: { -skip 'no sni', 2 unless $t->has_module('sni'); - -$ctx = new IO::Socket::SSL::SSL_Context( - SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), - SSL_session_cache_size => 100); - -like(get('/sni', 8085), qr/^body \.:localhost$/m, 'ssl server name'); - -TODO: { -local $TODO = 'not yet' if $t->has_module('OpenSSL (1.1.1|3)') - && !$t->has_version('1.15.10'); - -like(get('/sni', 8085), qr/^body r:localhost$/m, 'ssl server name - reused'); - -} - -} - # ssl certificate inheritance my $s = get_ssl_socket($ctx, port(8081)); @@ -331,7 +307,6 @@ sub get_ssl_socket { PeerPort => $port, SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), SSL_reuse_ctx => $ctx, - SSL_hostname => 'localhost', SSL_error_trap => sub { die $_[1] }, %extra ); diff --git a/ssl_sni.t b/ssl_sni.t --- a/ssl_sni.t +++ b/ssl_sni.t @@ -59,6 +59,18 @@ http { return 200 $server_name; } } + + server { + listen 127.0.0.1:8081 ssl; + server_name localhost; + + ssl_certificate_key localhost.key; + ssl_certificate localhost.crt; + + location / { + return 200 $ssl_session_reused:$ssl_server_name; + } + } } EOF @@ -80,7 +92,7 @@ eval { }; plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@; -$t->plan(6); +$t->plan(8); $t->write_file('openssl.conf', < IO::Socket::SSL::SSL_VERIFY_NONE(), + SSL_session_cache_size => 100); + +like(http_get('/', socket => get_ssl_socket('localhost', 8081, $ctx)), + qr/^\.:localhost$/m, 'ssl server name'); + +TODO: { +local $TODO = 'not yet' if $t->has_module('OpenSSL (1.1.1|3)') + && !$t->has_version('1.15.10'); + +like(http_get('/', socket => get_ssl_socket('localhost', 8081, $ctx)), + qr/^r:localhost$/m, 'ssl server name - reused'); + +} + ############################################################################### sub get_ssl_socket { - my ($host) = @_; + my ($host, $port, $ctx) = @_; my $s; eval { @@ -136,8 +166,9 @@ sub get_ssl_socket { alarm(8); $s = IO::Socket::SSL->new( Proto => 'tcp', - PeerAddr => '127.0.0.1:' . port(8080), + PeerAddr => '127.0.0.1:' . port($port || 8080), SSL_hostname => $host, + SSL_reuse_ctx => $ctx, SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), SSL_error_trap => sub { die $_[1] } );