Mercurial > hg > nginx-tests
changeset 1970:6d3a8f4eb9b2
Tests: relaxed SSL version used in testing.
This ensures that tests can be properly run with old OpenSSL versions
when using recent versions of IO::Socket::SSL (which defaults to TLS 1.2+
starting with IO::Socket:SSL version 2.082, and therefore not compatible
with OpenSSL before 1.0.1).
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 06 May 2024 00:03:13 +0300 |
parents | 3ba1668cea87 |
children | ab45ee8011df |
files | h2_ssl.t h2_ssl_verify_client.t lib/Test/Nginx.pm lib/Test/Nginx/HTTP2.pm lib/Test/Nginx/IMAP.pm lib/Test/Nginx/POP3.pm lib/Test/Nginx/SMTP.pm lib/Test/Nginx/Stream.pm ssl.t ssl_proxy_upgrade.t ssl_sni.t ssl_sni_sessions.t stream_proxy_protocol_ssl.t stream_ssl_realip.t |
diffstat | 14 files changed, 14 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/h2_ssl.t +++ b/h2_ssl.t @@ -154,6 +154,7 @@ sub get_ssl_socket { Proto => 'tcp', PeerAddr => '127.0.0.1', PeerPort => port(8080), + SSL_version => 'SSLv23', SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), SSL_alpn_protocols => $alpn, SSL_error_trap => sub { die $_[1] }
--- a/h2_ssl_verify_client.t +++ b/h2_ssl_verify_client.t @@ -112,6 +112,7 @@ sub get_ssl_socket { Proto => 'tcp', PeerAddr => '127.0.0.1', PeerPort => port(8080), + SSL_version => 'SSLv23', SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), SSL_alpn_protocols => [ 'h2' ], SSL_hostname => $sni,
--- a/lib/Test/Nginx.pm +++ b/lib/Test/Nginx.pm @@ -872,6 +872,7 @@ sub http_start($;%) { require IO::Socket::SSL; IO::Socket::SSL->start_SSL( $s, + SSL_version => 'SSLv23', SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), %extra
--- a/lib/Test/Nginx/HTTP2.pm +++ b/lib/Test/Nginx/HTTP2.pm @@ -548,6 +548,7 @@ sub new_socket { ); require IO::Socket::SSL if $extra{'SSL'}; IO::Socket::SSL->start_SSL($s, + SSL_version => 'SSLv23', SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), SSL_npn_protocols => $npn ? [ $npn ] : undef, SSL_alpn_protocols => $alpn ? [ $alpn ] : undef,
--- a/lib/Test/Nginx/IMAP.pm +++ b/lib/Test/Nginx/IMAP.pm @@ -38,6 +38,7 @@ sub new { require IO::Socket::SSL; IO::Socket::SSL->start_SSL( $self->{_socket}, + SSL_version => 'SSLv23', SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), @_
--- a/lib/Test/Nginx/POP3.pm +++ b/lib/Test/Nginx/POP3.pm @@ -38,6 +38,7 @@ sub new { require IO::Socket::SSL; IO::Socket::SSL->start_SSL( $self->{_socket}, + SSL_version => 'SSLv23', SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), @_
--- a/lib/Test/Nginx/SMTP.pm +++ b/lib/Test/Nginx/SMTP.pm @@ -38,6 +38,7 @@ sub new { require IO::Socket::SSL; IO::Socket::SSL->start_SSL( $self->{_socket}, + SSL_version => 'SSLv23', SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), @_
--- a/lib/Test/Nginx/Stream.pm +++ b/lib/Test/Nginx/Stream.pm @@ -54,6 +54,7 @@ sub new { require IO::Socket::SSL; IO::Socket::SSL->start_SSL( $self->{_socket}, + SSL_version => 'SSLv23', SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), @_
--- a/ssl.t +++ b/ssl.t @@ -315,6 +315,7 @@ sub cert { sub get_ssl_context { return IO::Socket::SSL::SSL_Context->new( + SSL_version => 'SSLv23', SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), SSL_session_cache_size => 100 );
--- a/ssl_proxy_upgrade.t +++ b/ssl_proxy_upgrade.t @@ -170,6 +170,7 @@ sub upgrade_connect { my $s = IO::Socket::SSL->new( Proto => 'tcp', PeerAddr => '127.0.0.1:' . port(8080), + SSL_version => 'SSLv23', SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), ) or die "Can't connect to nginx: $!\n";
--- a/ssl_sni.t +++ b/ssl_sni.t @@ -116,6 +116,7 @@ like(get_host('example.org', 'example.co # $ssl_server_name in sessions my $ctx = new IO::Socket::SSL::SSL_Context( + SSL_version => 'SSLv23', SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), SSL_session_cache_size => 100);
--- a/ssl_sni_sessions.t +++ b/ssl_sni_sessions.t @@ -159,6 +159,7 @@ like(get('tickets', 8444, $ctx), qr!tick sub get_ssl_context { return IO::Socket::SSL::SSL_Context->new( + SSL_version => 'SSLv23', SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), SSL_session_cache_size => 100 );
--- a/stream_proxy_protocol_ssl.t +++ b/stream_proxy_protocol_ssl.t @@ -152,6 +152,7 @@ sub stream_daemon_ssl { eval { IO::Socket::SSL->start_SSL($client, SSL_server => 1, + SSL_version => 'SSLv23', SSL_cert_file => "$d/localhost.crt", SSL_key_file => "$d/localhost.key", SSL_error_trap => sub { die $_[1] }