Mercurial > hg > nginx-tests

changeset 1478:f9718a0773b9

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: skip TLS 1.3 session reuse tests with older Perl modules. SSL_reuse_ctx client support for TLS 1.3 (when negotiated) is only available in IO::Socket::SSL version 2.061 or later, Net::SSLeay version 1.88 or later.
author Sergey Kandaurov <pluknet@nginx.com>
date Mon, 20 May 2019 20:25:05 +0300
parents 8b122b35703b
children fc3722dd8862
files ssl.t ssl_sni.t ssl_sni_sessions.t
diffstat 3 files changed, 31 insertions(+), 7 deletions(-) [+]
line wrap: on
line diff
--- a/ssl.t
+++ b/ssl.t
@@ -136,9 +136,14 @@ http {
         location / {
             return 200 "body $ssl_session_reused";
         }
+
         location /ciphers {
             return 200 "body $ssl_ciphers";
         }
+
+        location /protocol {
+            return 200 "body $ssl_protocol";
+        }
     }
 }
 
@@ -210,13 +215,18 @@ open STDERR, ">&", \*OLDERR;
 ###############################################################################
 
 like(get('/reuse', 8085), qr/^body \.$/m, 'shared initial session');
-like(get('/reuse', 8085), qr/^body r$/m, 'shared session reused');
+like(get('/', 8081), qr/^body \.$/m, 'builtin initial session');
+like(get('/', 8082), qr/^body \.$/m, 'builtin size initial session');
 
-like(get('/', 8081), qr/^body \.$/m, 'builtin initial session');
+SKIP: {
+skip 'no TLS 1.3 sessions', 3 if get('/protocol', 8084) =~ /TLSv1.3/
+	&& ($Net::SSLeay::VERSION < 1.88 || $IO::Socket::SSL::VERSION < 2.061);
+
+like(get('/reuse', 8085), qr/^body r$/m, 'shared session reused');
 like(get('/', 8081), qr/^body r$/m, 'builtin session reused');
+like(get('/', 8082), qr/^body r$/m, 'builtin size session reused');
 
-like(get('/', 8082), qr/^body \.$/m, 'builtin size initial session');
-like(get('/', 8082), qr/^body r$/m, 'builtin size session reused');
+}
 
 like(get('/', 8083), qr/^body \.$/m, 'reused none initial session');
 like(get('/', 8083), qr/^body \.$/m, 'session not reused 1');
--- a/ssl_sni.t
+++ b/ssl_sni.t
@@ -46,6 +46,10 @@ http {
         location / {
             return 200 $server_name;
         }
+
+        location /protocol {
+            return 200 $ssl_protocol;
+        }
     }
 
     server {
@@ -144,6 +148,10 @@ my $ctx = new IO::Socket::SSL::SSL_Conte
 
 like(get('/', 'localhost', 8081, $ctx), qr/^\.:localhost$/m, 'ssl server name');
 
+SKIP: {
+skip 'no TLS 1.3 sessions', 1 if get('/protocol', 'localhost') =~ /TLSv1.3/
+	&& ($Net::SSLeay::VERSION < 1.88 || $IO::Socket::SSL::VERSION < 2.061);
+
 TODO: {
 local $TODO = 'not yet' if $t->has_module('OpenSSL (1.1.1|3)')
 	&& !$t->has_version('1.15.10');
@@ -153,6 +161,8 @@ like(get('/', 'localhost', 8081, $ctx), 
 
 }
 
+}
+
 ###############################################################################
 
 sub get_ssl_socket {
--- a/ssl_sni_sessions.t
+++ b/ssl_sni_sessions.t
@@ -46,7 +46,7 @@ http {
         ssl_session_cache shared:cache1:1m;
 
         location / {
-            return 200 $ssl_server_name:$ssl_session_reused;
+            return 200 $ssl_server_name:$ssl_session_reused:$ssl_protocol;
         }
     }
 
@@ -104,8 +104,6 @@ eval {
 };
 plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@;
 
-$t->plan(6);
-
 $t->write_file('openssl.conf', <<EOF);
 [ req ]
 default_bits = 1024
@@ -129,6 +127,12 @@ foreach my $name ('localhost') {
 
 $t->run();
 
+plan(skip_all => 'no TLS 1.3 sessions')
+	if get('default', port(8080), get_ssl_context()) =~ /TLSv1.3/
+	&& ($Net::SSLeay::VERSION < 1.88 || $IO::Socket::SSL::VERSION < 2.061);
+
+$t->plan(6);
+
 ###############################################################################
 
 # check that everything works fine with default server