Mercurial > hg > nginx-tests

changeset 1449:eeababfd8726

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: moved $ssl_server_name tests in http to ssl_sni.t. The tests need appropriate checks for ancient IO::Socket::SSL versions.
author Sergey Kandaurov <pluknet@nginx.com>
date Tue, 05 Mar 2019 13:21:30 +0300
parents c1b969fc7a23
children 5f53a1d6b83c
files ssl.t ssl_sni.t
diffstat 2 files changed, 35 insertions(+), 29 deletions(-) [+]
line wrap: on
line diff
--- a/ssl.t
+++ b/ssl.t
@@ -31,7 +31,7 @@ eval { IO::Socket::SSL::SSL_VERIFY_NONE(
 plan(skip_all => 'IO::Socket::SSL too old') if $@;
 
 my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite proxy/)
-	->has_daemon('openssl')->plan(25);
+	->has_daemon('openssl')->plan(23);
 
 $t->write_file_expand('nginx.conf', <<'EOF');
 
@@ -62,9 +62,6 @@ http {
         location /reuse {
             return 200 "body $ssl_session_reused";
         }
-        location /sni {
-            return 200 "body $ssl_session_reused:$ssl_server_name";
-        }
         location /id {
             return 200 "body $ssl_session_id";
         }
@@ -227,27 +224,6 @@ like(get('/', 8083), qr/^body \.$/m, 'se
 like(get('/', 8084), qr/^body \.$/m, 'reused off initial session');
 like(get('/', 8084), qr/^body \.$/m, 'session not reused 2');
 
-# ssl_server_name
-
-SKIP: {
-skip 'no sni', 2 unless $t->has_module('sni');
-
-$ctx = new IO::Socket::SSL::SSL_Context(
-	SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
-	SSL_session_cache_size => 100);
-
-like(get('/sni', 8085), qr/^body \.:localhost$/m, 'ssl server name');
-
-TODO: {
-local $TODO = 'not yet' if $t->has_module('OpenSSL (1.1.1|3)')
-	&& !$t->has_version('1.15.10');
-
-like(get('/sni', 8085), qr/^body r:localhost$/m, 'ssl server name - reused');
-
-}
-
-}
-
 # ssl certificate inheritance
 
 my $s = get_ssl_socket($ctx, port(8081));
@@ -331,7 +307,6 @@ sub get_ssl_socket {
 			PeerPort => $port,
 			SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
 			SSL_reuse_ctx => $ctx,
-			SSL_hostname => 'localhost',
 			SSL_error_trap => sub { die $_[1] },
 			%extra
 		);
--- a/ssl_sni.t
+++ b/ssl_sni.t
@@ -59,6 +59,18 @@ http {
             return 200 $server_name;
         }
     }
+
+    server {
+        listen       127.0.0.1:8081 ssl;
+        server_name  localhost;
+
+        ssl_certificate_key localhost.key;
+        ssl_certificate localhost.crt;
+
+        location / {
+            return 200 $ssl_session_reused:$ssl_server_name;
+        }
+    }
 }
 
 EOF
@@ -80,7 +92,7 @@ eval {
 };
 plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@;
 
-$t->plan(6);
+$t->plan(8);
 
 $t->write_file('openssl.conf', <<EOF);
 [ req ]
@@ -124,10 +136,28 @@ like(https_get_host('example.org', 'exam
 
 }
 
+# $ssl_server_name in sessions
+
+my $ctx = new IO::Socket::SSL::SSL_Context(
+	SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
+	SSL_session_cache_size => 100);
+
+like(http_get('/', socket => get_ssl_socket('localhost', 8081, $ctx)),
+	qr/^\.:localhost$/m, 'ssl server name');
+
+TODO: {
+local $TODO = 'not yet' if $t->has_module('OpenSSL (1.1.1|3)')
+	&& !$t->has_version('1.15.10');
+
+like(http_get('/', socket => get_ssl_socket('localhost', 8081, $ctx)),
+	qr/^r:localhost$/m, 'ssl server name - reused');
+
+}
+
 ###############################################################################
 
 sub get_ssl_socket {
-	my ($host) = @_;
+	my ($host, $port, $ctx) = @_;
 	my $s;
 
 	eval {
@@ -136,8 +166,9 @@ sub get_ssl_socket {
 		alarm(8);
 		$s = IO::Socket::SSL->new(
 			Proto => 'tcp',
-			PeerAddr => '127.0.0.1:' . port(8080),
+			PeerAddr => '127.0.0.1:' . port($port || 8080),
 			SSL_hostname => $host,
+			SSL_reuse_ctx => $ctx,
 			SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
 			SSL_error_trap => sub { die $_[1] }
 		);