Mercurial > hg > nginx-tests

changeset 1966:c924ae8d7104

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: session reuse handling with Net::SSLeay with LibreSSL. LibreSSL does not support session reuse with TLSv1.3, and this causes various test failures if Net::SSLeay is compiled with LibreSSL. Notably, this affects macOS, where Net::SSLeay compiled with LibreSSL is shipped with the OS. Fix is to mark relevant tests as TODO if Net::SSLeay is compiled with LibreSSL, similarly to what we already do for LibreSSL on the server side.
author Maxim Dounin <mdounin@mdounin.ru>
date Mon, 06 May 2024 00:01:46 +0300
parents 84f4d4930835
children 0a93f101925a
files mail_ssl_session_reuse.t ssl.t ssl_certificate.t ssl_ocsp.t ssl_session_reuse.t ssl_session_ticket_key.t ssl_sni.t ssl_sni_sessions.t stream_ssl_certificate.t stream_ssl_session_reuse.t stream_ssl_variables.t
diffstat 11 files changed, 24 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/mail_ssl_session_reuse.t
+++ b/mail_ssl_session_reuse.t
@@ -140,6 +140,8 @@ local $TODO = 'no TLSv1.3 sessions, old 
 	if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
 local $TODO = 'no TLSv1.3 sessions in LibreSSL'
 	if $t->has_module('LibreSSL') && test_tls13();
+local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)'
+	if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13();
 
 is(test_reuse(8993), 1, 'tickets reused');
 is(test_reuse(8994), 1, 'tickets and cache reused');
--- a/ssl.t
+++ b/ssl.t
@@ -186,6 +186,8 @@ local $TODO = 'no TLSv1.3 sessions, old 
 	if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
 local $TODO = 'no TLSv1.3 sessions in LibreSSL'
 	if $t->has_module('LibreSSL') && test_tls13();
+local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)'
+	if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13();
 
 like(get('/', 8085, $ctx), qr/^body r$/m, 'session reused');
 
--- a/ssl_certificate.t
+++ b/ssl_certificate.t
@@ -171,6 +171,8 @@ local $TODO = 'no TLSv1.3 sessions, old 
 	if $Net::SSLeay::VERSION < 1.88 && test_tls13();
 local $TODO = 'no TLSv1.3 sessions, old IO::Socket::SSL'
 	if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
+local $TODO = 'not TLSv1.3 sessions in Net::SSLeay (LibreSSL)'
+	if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13();
 
 like(get('default', 8080, $s), qr/default:r/, 'session reused');
 
--- a/ssl_ocsp.t
+++ b/ssl_ocsp.t
@@ -361,6 +361,8 @@ local $TODO = 'no TLSv1.3 sessions, old 
 	if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
 local $TODO = 'no TLSv1.3 sessions in LibreSSL'
 	if $t->has_module('LibreSSL') && test_tls13();
+local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)'
+	if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13();
 
 like(get('ec-end', ses => $s),
 	qr/200 OK.*SUCCESS:r/s, 'session reused');
@@ -393,6 +395,8 @@ local $TODO = 'no TLSv1.3 sessions, old 
 	if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
 local $TODO = 'no TLSv1.3 sessions in LibreSSL'
 	if $t->has_module('LibreSSL') && test_tls13();
+local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)'
+	if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13();
 
 like(get('ec-end', ses => $s),
 	qr/400 Bad.*FAILED:certificate revoked:r/s, 'session reused - revoked');
--- a/ssl_session_reuse.t
+++ b/ssl_session_reuse.t
@@ -167,6 +167,8 @@ local $TODO = 'no TLSv1.3 sessions, old 
 	if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
 local $TODO = 'no TLSv1.3 sessions in LibreSSL'
 	if $t->has_module('LibreSSL') && test_tls13();
+local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)'
+	if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13();
 
 is(test_reuse(8443), 1, 'tickets reused');
 is(test_reuse(8444), 1, 'tickets and cache reused');
--- a/ssl_session_ticket_key.t
+++ b/ssl_session_ticket_key.t
@@ -105,6 +105,8 @@ local $TODO = 'no TLSv1.3 sessions, old 
 	if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
 local $TODO = 'no TLSv1.3 sessions in LibreSSL'
 	if $t->has_module('LibreSSL') && test_tls13();
+local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)'
+	if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13();
 
 cmp_ok(get_ticket_key_name(), 'ne', $key, 'ticket key next');
 
--- a/ssl_sni.t
+++ b/ssl_sni.t
@@ -128,6 +128,8 @@ local $TODO = 'no TLSv1.3 sessions, old 
 	if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
 local $TODO = 'no TLSv1.3 sessions in LibreSSL'
 	if $t->has_module('LibreSSL') && test_tls13();
+local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)'
+	if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13();
 
 like(get('/name', 'localhost', $ctx), qr/^r:localhost$/m,
 	'ssl server name - reused');
--- a/ssl_sni_sessions.t
+++ b/ssl_sni_sessions.t
@@ -116,6 +116,8 @@ plan(skip_all => 'no TLSv1.3 sessions, o
 	if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
 plan(skip_all => 'no TLSv1.3 sessions in LibreSSL')
         if $t->has_module('LibreSSL') && test_tls13();
+plan(skip_all => 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)')
+	if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13();
 plan(skip_all => 'no TLS 1.3 session cache in BoringSSL')
 	if $t->has_module('BoringSSL') && test_tls13();
 
--- a/stream_ssl_certificate.t
+++ b/stream_ssl_certificate.t
@@ -148,6 +148,8 @@ local $TODO = 'no TLSv1.3 sessions, old 
 	if $Net::SSLeay::VERSION < 1.88 && test_tls13();
 local $TODO = 'no TLSv1.3 sessions, old IO::Socket::SSL'
 	if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
+local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)'
+	if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13();
 
 like(get('default', 8080, $s), qr/default:r/, 'session reused');
 
--- a/stream_ssl_session_reuse.t
+++ b/stream_ssl_session_reuse.t
@@ -144,6 +144,8 @@ local $TODO = 'no TLSv1.3 sessions, old 
 	if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
 local $TODO = 'no TLSv1.3 sessions in LibreSSL'
 	if $t->has_module('LibreSSL') && test_tls13();
+local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)'
+	if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13();
 
 is(test_reuse(8443), 1, 'tickets reused');
 is(test_reuse(8444), 1, 'tickets and cache reused');
--- a/stream_ssl_variables.t
+++ b/stream_ssl_variables.t
@@ -98,6 +98,8 @@ local $TODO = 'no TLSv1.3 sessions, old 
 	if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
 local $TODO = 'no TLSv1.3 sessions in LibreSSL'
 	if $t->has_module('LibreSSL') && test_tls13();
+local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)'
+	if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13();
 
 $s = stream(
 	PeerAddr => '127.0.0.1:' . port(8443),