Mercurial > hg > nginx-tests
changeset 1478:f9718a0773b9
Tests: skip TLS 1.3 session reuse tests with older Perl modules.
SSL_reuse_ctx client support for TLS 1.3 (when negotiated) is only available
in IO::Socket::SSL version 2.061 or later, Net::SSLeay version 1.88 or later.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Mon, 20 May 2019 20:25:05 +0300 |
parents | 8b122b35703b |
children | fc3722dd8862 |
files | ssl.t ssl_sni.t ssl_sni_sessions.t |
diffstat | 3 files changed, 31 insertions(+), 7 deletions(-) [+] |
line wrap: on
line diff
--- a/ssl.t +++ b/ssl.t @@ -136,9 +136,14 @@ http { location / { return 200 "body $ssl_session_reused"; } + location /ciphers { return 200 "body $ssl_ciphers"; } + + location /protocol { + return 200 "body $ssl_protocol"; + } } } @@ -210,13 +215,18 @@ open STDERR, ">&", \*OLDERR; ############################################################################### like(get('/reuse', 8085), qr/^body \.$/m, 'shared initial session'); -like(get('/reuse', 8085), qr/^body r$/m, 'shared session reused'); +like(get('/', 8081), qr/^body \.$/m, 'builtin initial session'); +like(get('/', 8082), qr/^body \.$/m, 'builtin size initial session'); -like(get('/', 8081), qr/^body \.$/m, 'builtin initial session'); +SKIP: { +skip 'no TLS 1.3 sessions', 3 if get('/protocol', 8084) =~ /TLSv1.3/ + && ($Net::SSLeay::VERSION < 1.88 || $IO::Socket::SSL::VERSION < 2.061); + +like(get('/reuse', 8085), qr/^body r$/m, 'shared session reused'); like(get('/', 8081), qr/^body r$/m, 'builtin session reused'); +like(get('/', 8082), qr/^body r$/m, 'builtin size session reused'); -like(get('/', 8082), qr/^body \.$/m, 'builtin size initial session'); -like(get('/', 8082), qr/^body r$/m, 'builtin size session reused'); +} like(get('/', 8083), qr/^body \.$/m, 'reused none initial session'); like(get('/', 8083), qr/^body \.$/m, 'session not reused 1');
--- a/ssl_sni.t +++ b/ssl_sni.t @@ -46,6 +46,10 @@ http { location / { return 200 $server_name; } + + location /protocol { + return 200 $ssl_protocol; + } } server { @@ -144,6 +148,10 @@ my $ctx = new IO::Socket::SSL::SSL_Conte like(get('/', 'localhost', 8081, $ctx), qr/^\.:localhost$/m, 'ssl server name'); +SKIP: { +skip 'no TLS 1.3 sessions', 1 if get('/protocol', 'localhost') =~ /TLSv1.3/ + && ($Net::SSLeay::VERSION < 1.88 || $IO::Socket::SSL::VERSION < 2.061); + TODO: { local $TODO = 'not yet' if $t->has_module('OpenSSL (1.1.1|3)') && !$t->has_version('1.15.10'); @@ -153,6 +161,8 @@ like(get('/', 'localhost', 8081, $ctx), } +} + ############################################################################### sub get_ssl_socket {
--- a/ssl_sni_sessions.t +++ b/ssl_sni_sessions.t @@ -46,7 +46,7 @@ http { ssl_session_cache shared:cache1:1m; location / { - return 200 $ssl_server_name:$ssl_session_reused; + return 200 $ssl_server_name:$ssl_session_reused:$ssl_protocol; } } @@ -104,8 +104,6 @@ eval { }; plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@; -$t->plan(6); - $t->write_file('openssl.conf', <<EOF); [ req ] default_bits = 1024 @@ -129,6 +127,12 @@ foreach my $name ('localhost') { $t->run(); +plan(skip_all => 'no TLS 1.3 sessions') + if get('default', port(8080), get_ssl_context()) =~ /TLSv1.3/ + && ($Net::SSLeay::VERSION < 1.88 || $IO::Socket::SSL::VERSION < 2.061); + +$t->plan(6); + ############################################################################### # check that everything works fine with default server