Mercurial > hg > nginx-tests

changeset 1970:6d3a8f4eb9b2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: relaxed SSL version used in testing. This ensures that tests can be properly run with old OpenSSL versions when using recent versions of IO::Socket::SSL (which defaults to TLS 1.2+ starting with IO::Socket:SSL version 2.082, and therefore not compatible with OpenSSL before 1.0.1).
author Maxim Dounin <mdounin@mdounin.ru>
date Mon, 06 May 2024 00:03:13 +0300
parents 3ba1668cea87
children ab45ee8011df
files h2_ssl.t h2_ssl_verify_client.t lib/Test/Nginx.pm lib/Test/Nginx/HTTP2.pm lib/Test/Nginx/IMAP.pm lib/Test/Nginx/POP3.pm lib/Test/Nginx/SMTP.pm lib/Test/Nginx/Stream.pm ssl.t ssl_proxy_upgrade.t ssl_sni.t ssl_sni_sessions.t stream_proxy_protocol_ssl.t stream_ssl_realip.t
diffstat 14 files changed, 14 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/h2_ssl.t
+++ b/h2_ssl.t
@@ -154,6 +154,7 @@ sub get_ssl_socket {
 			Proto => 'tcp',
 			PeerAddr => '127.0.0.1',
 			PeerPort => port(8080),
+			SSL_version => 'SSLv23',
 			SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
 			SSL_alpn_protocols => $alpn,
 			SSL_error_trap => sub { die $_[1] }
--- a/h2_ssl_verify_client.t
+++ b/h2_ssl_verify_client.t
@@ -112,6 +112,7 @@ sub get_ssl_socket {
 			Proto => 'tcp',
 			PeerAddr => '127.0.0.1',
 			PeerPort => port(8080),
+			SSL_version => 'SSLv23',
 			SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
 			SSL_alpn_protocols => [ 'h2' ],
 			SSL_hostname => $sni,
--- a/lib/Test/Nginx.pm
+++ b/lib/Test/Nginx.pm
@@ -872,6 +872,7 @@ sub http_start($;%) {
 			require IO::Socket::SSL;
 			IO::Socket::SSL->start_SSL(
 				$s,
+				SSL_version => 'SSLv23',
 				SSL_verify_mode =>
 					IO::Socket::SSL::SSL_VERIFY_NONE(),
 				%extra
--- a/lib/Test/Nginx/HTTP2.pm
+++ b/lib/Test/Nginx/HTTP2.pm
@@ -548,6 +548,7 @@ sub new_socket {
 		);
 		require IO::Socket::SSL if $extra{'SSL'};
 		IO::Socket::SSL->start_SSL($s,
+			SSL_version => 'SSLv23',
 			SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
 			SSL_npn_protocols => $npn ? [ $npn ] : undef,
 			SSL_alpn_protocols => $alpn ? [ $alpn ] : undef,
--- a/lib/Test/Nginx/IMAP.pm
+++ b/lib/Test/Nginx/IMAP.pm
@@ -38,6 +38,7 @@ sub new {
 			require IO::Socket::SSL;
 			IO::Socket::SSL->start_SSL(
 				$self->{_socket},
+				SSL_version => 'SSLv23',
 				SSL_verify_mode =>
 					IO::Socket::SSL::SSL_VERIFY_NONE(),
 				@_
--- a/lib/Test/Nginx/POP3.pm
+++ b/lib/Test/Nginx/POP3.pm
@@ -38,6 +38,7 @@ sub new {
 			require IO::Socket::SSL;
 			IO::Socket::SSL->start_SSL(
 				$self->{_socket},
+				SSL_version => 'SSLv23',
 				SSL_verify_mode =>
 					IO::Socket::SSL::SSL_VERIFY_NONE(),
 				@_
--- a/lib/Test/Nginx/SMTP.pm
+++ b/lib/Test/Nginx/SMTP.pm
@@ -38,6 +38,7 @@ sub new {
 			require IO::Socket::SSL;
 			IO::Socket::SSL->start_SSL(
 				$self->{_socket},
+				SSL_version => 'SSLv23',
 				SSL_verify_mode =>
 					IO::Socket::SSL::SSL_VERIFY_NONE(),
 				@_
--- a/lib/Test/Nginx/Stream.pm
+++ b/lib/Test/Nginx/Stream.pm
@@ -54,6 +54,7 @@ sub new {
 			require IO::Socket::SSL;
 			IO::Socket::SSL->start_SSL(
 				$self->{_socket},
+				SSL_version => 'SSLv23',
 				SSL_verify_mode =>
 					IO::Socket::SSL::SSL_VERIFY_NONE(),
 				@_
--- a/ssl.t
+++ b/ssl.t
@@ -315,6 +315,7 @@ sub cert {
 
 sub get_ssl_context {
 	return IO::Socket::SSL::SSL_Context->new(
+		SSL_version => 'SSLv23',
 		SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
 		SSL_session_cache_size => 100
 	);
--- a/ssl_proxy_upgrade.t
+++ b/ssl_proxy_upgrade.t
@@ -170,6 +170,7 @@ sub upgrade_connect {
 	my $s = IO::Socket::SSL->new(
 		Proto => 'tcp',
 		PeerAddr => '127.0.0.1:' . port(8080),
+		SSL_version => 'SSLv23',
 		SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
 	)
 		or die "Can't connect to nginx: $!\n";
--- a/ssl_sni.t
+++ b/ssl_sni.t
@@ -116,6 +116,7 @@ like(get_host('example.org', 'example.co
 # $ssl_server_name in sessions
 
 my $ctx = new IO::Socket::SSL::SSL_Context(
+	SSL_version => 'SSLv23',
 	SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
 	SSL_session_cache_size => 100);
 
--- a/ssl_sni_sessions.t
+++ b/ssl_sni_sessions.t
@@ -159,6 +159,7 @@ like(get('tickets', 8444, $ctx), qr!tick
 
 sub get_ssl_context {
 	return IO::Socket::SSL::SSL_Context->new(
+		SSL_version => 'SSLv23',
 		SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
 		SSL_session_cache_size => 100
 	);
--- a/stream_proxy_protocol_ssl.t
+++ b/stream_proxy_protocol_ssl.t
@@ -152,6 +152,7 @@ sub stream_daemon_ssl {
 		eval {
 			IO::Socket::SSL->start_SSL($client,
 				SSL_server => 1,
+				SSL_version => 'SSLv23',
 				SSL_cert_file => "$d/localhost.crt",
 				SSL_key_file => "$d/localhost.key",
 				SSL_error_trap => sub { die $_[1] }
--- a/stream_ssl_realip.t
+++ b/stream_ssl_realip.t
@@ -133,6 +133,7 @@ sub pp_get {
 		local $SIG{PIPE} = sub { die "sigpipe\n" };
 		alarm(8);
 		IO::Socket::SSL->start_SSL($s,
+			SSL_version => 'SSLv23',
 			SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
 			SSL_error_trap => sub { die $_[1] }
 		);