Mercurial > hg > nginx-tests
changeset 1966:c924ae8d7104
Tests: session reuse handling with Net::SSLeay with LibreSSL.
LibreSSL does not support session reuse with TLSv1.3, and this causes
various test failures if Net::SSLeay is compiled with LibreSSL. Notably,
this affects macOS, where Net::SSLeay compiled with LibreSSL is shipped
with the OS.
Fix is to mark relevant tests as TODO if Net::SSLeay is compiled with
LibreSSL, similarly to what we already do for LibreSSL on the server side.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 06 May 2024 00:01:46 +0300 |
parents | 84f4d4930835 |
children | 0a93f101925a |
files | mail_ssl_session_reuse.t ssl.t ssl_certificate.t ssl_ocsp.t ssl_session_reuse.t ssl_session_ticket_key.t ssl_sni.t ssl_sni_sessions.t stream_ssl_certificate.t stream_ssl_session_reuse.t stream_ssl_variables.t |
diffstat | 11 files changed, 24 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/mail_ssl_session_reuse.t +++ b/mail_ssl_session_reuse.t @@ -140,6 +140,8 @@ local $TODO = 'no TLSv1.3 sessions, old if $IO::Socket::SSL::VERSION < 2.061 && test_tls13(); local $TODO = 'no TLSv1.3 sessions in LibreSSL' if $t->has_module('LibreSSL') && test_tls13(); +local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)' + if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13(); is(test_reuse(8993), 1, 'tickets reused'); is(test_reuse(8994), 1, 'tickets and cache reused');
--- a/ssl.t +++ b/ssl.t @@ -186,6 +186,8 @@ local $TODO = 'no TLSv1.3 sessions, old if $IO::Socket::SSL::VERSION < 2.061 && test_tls13(); local $TODO = 'no TLSv1.3 sessions in LibreSSL' if $t->has_module('LibreSSL') && test_tls13(); +local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)' + if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13(); like(get('/', 8085, $ctx), qr/^body r$/m, 'session reused');
--- a/ssl_certificate.t +++ b/ssl_certificate.t @@ -171,6 +171,8 @@ local $TODO = 'no TLSv1.3 sessions, old if $Net::SSLeay::VERSION < 1.88 && test_tls13(); local $TODO = 'no TLSv1.3 sessions, old IO::Socket::SSL' if $IO::Socket::SSL::VERSION < 2.061 && test_tls13(); +local $TODO = 'not TLSv1.3 sessions in Net::SSLeay (LibreSSL)' + if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13(); like(get('default', 8080, $s), qr/default:r/, 'session reused');
--- a/ssl_ocsp.t +++ b/ssl_ocsp.t @@ -361,6 +361,8 @@ local $TODO = 'no TLSv1.3 sessions, old if $IO::Socket::SSL::VERSION < 2.061 && test_tls13(); local $TODO = 'no TLSv1.3 sessions in LibreSSL' if $t->has_module('LibreSSL') && test_tls13(); +local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)' + if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13(); like(get('ec-end', ses => $s), qr/200 OK.*SUCCESS:r/s, 'session reused'); @@ -393,6 +395,8 @@ local $TODO = 'no TLSv1.3 sessions, old if $IO::Socket::SSL::VERSION < 2.061 && test_tls13(); local $TODO = 'no TLSv1.3 sessions in LibreSSL' if $t->has_module('LibreSSL') && test_tls13(); +local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)' + if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13(); like(get('ec-end', ses => $s), qr/400 Bad.*FAILED:certificate revoked:r/s, 'session reused - revoked');
--- a/ssl_session_reuse.t +++ b/ssl_session_reuse.t @@ -167,6 +167,8 @@ local $TODO = 'no TLSv1.3 sessions, old if $IO::Socket::SSL::VERSION < 2.061 && test_tls13(); local $TODO = 'no TLSv1.3 sessions in LibreSSL' if $t->has_module('LibreSSL') && test_tls13(); +local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)' + if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13(); is(test_reuse(8443), 1, 'tickets reused'); is(test_reuse(8444), 1, 'tickets and cache reused');
--- a/ssl_session_ticket_key.t +++ b/ssl_session_ticket_key.t @@ -105,6 +105,8 @@ local $TODO = 'no TLSv1.3 sessions, old if $IO::Socket::SSL::VERSION < 2.061 && test_tls13(); local $TODO = 'no TLSv1.3 sessions in LibreSSL' if $t->has_module('LibreSSL') && test_tls13(); +local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)' + if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13(); cmp_ok(get_ticket_key_name(), 'ne', $key, 'ticket key next');
--- a/ssl_sni.t +++ b/ssl_sni.t @@ -128,6 +128,8 @@ local $TODO = 'no TLSv1.3 sessions, old if $IO::Socket::SSL::VERSION < 2.061 && test_tls13(); local $TODO = 'no TLSv1.3 sessions in LibreSSL' if $t->has_module('LibreSSL') && test_tls13(); +local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)' + if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13(); like(get('/name', 'localhost', $ctx), qr/^r:localhost$/m, 'ssl server name - reused');
--- a/ssl_sni_sessions.t +++ b/ssl_sni_sessions.t @@ -116,6 +116,8 @@ plan(skip_all => 'no TLSv1.3 sessions, o if $IO::Socket::SSL::VERSION < 2.061 && test_tls13(); plan(skip_all => 'no TLSv1.3 sessions in LibreSSL') if $t->has_module('LibreSSL') && test_tls13(); +plan(skip_all => 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)') + if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13(); plan(skip_all => 'no TLS 1.3 session cache in BoringSSL') if $t->has_module('BoringSSL') && test_tls13();
--- a/stream_ssl_certificate.t +++ b/stream_ssl_certificate.t @@ -148,6 +148,8 @@ local $TODO = 'no TLSv1.3 sessions, old if $Net::SSLeay::VERSION < 1.88 && test_tls13(); local $TODO = 'no TLSv1.3 sessions, old IO::Socket::SSL' if $IO::Socket::SSL::VERSION < 2.061 && test_tls13(); +local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)' + if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13(); like(get('default', 8080, $s), qr/default:r/, 'session reused');
--- a/stream_ssl_session_reuse.t +++ b/stream_ssl_session_reuse.t @@ -144,6 +144,8 @@ local $TODO = 'no TLSv1.3 sessions, old if $IO::Socket::SSL::VERSION < 2.061 && test_tls13(); local $TODO = 'no TLSv1.3 sessions in LibreSSL' if $t->has_module('LibreSSL') && test_tls13(); +local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)' + if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13(); is(test_reuse(8443), 1, 'tickets reused'); is(test_reuse(8444), 1, 'tickets and cache reused');
--- a/stream_ssl_variables.t +++ b/stream_ssl_variables.t @@ -98,6 +98,8 @@ local $TODO = 'no TLSv1.3 sessions, old if $IO::Socket::SSL::VERSION < 2.061 && test_tls13(); local $TODO = 'no TLSv1.3 sessions in LibreSSL' if $t->has_module('LibreSSL') && test_tls13(); +local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)' + if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13(); $s = stream( PeerAddr => '127.0.0.1:' . port(8443),