Mercurial > hg > nginx-tests
annotate mail_ssl_session_reuse.t @ 1851:0351dee227a8
Tests: unbreak tests with dynamic certificates on stable.
In 74cffa9d4c43, ticket based session reuse is enabled in addition to
using a shared SSL session cache. This changed how a session can be
resumed in a different server:
- for a session ID based resumption, it is resumed in the same context
- when using session tickets, a key name is also checked for matching
- with a ticket callback, this is skipped in favor of callback's logic
This makes 'session id context match' tests fail with session tickets
on stable since ticket key names are unique in distinct SSL contexts.
On the other hand, tests pass on 1.23.2+ due to automatic ticket keys
rotation that installs ticket callback, and using a common shared SSL
session cache.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Tue, 28 Mar 2023 01:36:32 +0400 |
| parents | 2e541778e5d8 |
| children | ce4a06d72256 |
| rev | line source |
|---|---|
|
1142
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
2 |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
3 # (C) Andrey Zelenkov |
|
1831
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
4 # (C) Maxim Dounin |
|
1142
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
5 # (C) Nginx, Inc. |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
6 |
|
1831
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
7 # Tests for mail ssl module, session reuse. |
|
1142
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
8 |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
9 ############################################################################### |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
10 |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
11 use warnings; |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
12 use strict; |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
13 |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
14 use Test::More; |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
15 |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
16 BEGIN { use FindBin; chdir($FindBin::Bin); } |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
17 |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
18 use lib 'lib'; |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
19 use Test::Nginx; |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
20 |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
21 ############################################################################### |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
22 |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
23 select STDERR; $| = 1; |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
24 select STDOUT; $| = 1; |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
25 |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
26 eval { |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
27 require Net::SSLeay; |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
28 Net::SSLeay::load_error_strings(); |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
29 Net::SSLeay::SSLeay_add_ssl_algorithms(); |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
30 Net::SSLeay::randomize(); |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
31 }; |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
32 plan(skip_all => 'Net::SSLeay not installed') if $@; |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
33 |
|
1831
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
34 my $t = Test::Nginx->new()->has(qw/mail mail_ssl imap/) |
|
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
35 ->has_daemon('openssl')->plan(7); |
|
1142
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
36 |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
37 $t->write_file_expand('nginx.conf', <<'EOF'); |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
38 |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
39 %%TEST_GLOBALS%% |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
40 |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
41 daemon off; |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
42 |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
43 events { |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
44 } |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
45 |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
46 mail { |
|
1831
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
47 auth_http http://127.0.0.1:8080; |
|
1142
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
48 |
|
1831
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
49 ssl_certificate localhost.crt; |
|
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
50 ssl_certificate_key localhost.key; |
|
1142
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
51 |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
52 server { |
|
1831
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
53 listen 127.0.0.1:8993 ssl; |
|
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
54 protocol imap; |
|
1142
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
55 } |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
56 |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
57 server { |
|
1831
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
58 listen 127.0.0.1:8994 ssl; |
|
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
59 protocol imap; |
|
1142
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
60 |
|
1831
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
61 ssl_session_cache shared:SSL:1m; |
|
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
62 ssl_session_tickets on; |
|
1142
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
63 } |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
64 |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
65 server { |
|
1831
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
66 listen 127.0.0.1:8995 ssl; |
|
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
67 protocol imap; |
|
1142
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
68 |
|
1831
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
69 ssl_session_cache shared:SSL:1m; |
|
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
70 ssl_session_tickets off; |
|
1142
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
71 } |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
72 |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
73 server { |
|
1831
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
74 listen 127.0.0.1:8996 ssl; |
|
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
75 protocol imap; |
|
1142
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
76 |
|
1831
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
77 ssl_session_cache builtin; |
|
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
78 ssl_session_tickets off; |
|
1142
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
79 } |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
80 |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
81 server { |
|
1831
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
82 listen 127.0.0.1:8997 ssl; |
|
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
83 protocol imap; |
|
1142
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
84 |
|
1831
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
85 ssl_session_cache builtin:1000; |
|
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
86 ssl_session_tickets off; |
|
1142
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
87 } |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
88 |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
89 server { |
|
1831
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
90 listen 127.0.0.1:8998 ssl; |
|
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
91 protocol imap; |
|
1142
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
92 |
|
1831
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
93 ssl_session_cache none; |
|
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
94 ssl_session_tickets off; |
|
1142
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
95 } |
|
1148
44620036fedf
Tests: added starttls tests for smtp.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1147
diff
changeset
|
96 |
|
44620036fedf
Tests: added starttls tests for smtp.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1147
diff
changeset
|
97 server { |
|
1831
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
98 listen 127.0.0.1:8999 ssl; |
|
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
99 protocol imap; |
|
1148
44620036fedf
Tests: added starttls tests for smtp.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1147
diff
changeset
|
100 |
|
1831
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
101 ssl_session_cache off; |
|
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
102 ssl_session_tickets off; |
|
1148
44620036fedf
Tests: added starttls tests for smtp.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1147
diff
changeset
|
103 } |
|
1142
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
104 } |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
105 |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
106 EOF |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
107 |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
108 $t->write_file('openssl.conf', <<EOF); |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
109 [ req ] |
|
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1324
diff
changeset
|
110 default_bits = 2048 |
|
1142
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
111 encrypt_key = no |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
112 distinguished_name = req_distinguished_name |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
113 [ req_distinguished_name ] |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
114 EOF |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
115 |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
116 my $d = $t->testdir(); |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
117 |
|
1831
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
118 foreach my $name ('localhost') { |
|
1142
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
119 system('openssl req -x509 -new ' |
|
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1148
diff
changeset
|
120 . "-config $d/openssl.conf -subj /CN=$name/ " |
|
1831
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
121 . "-out $d/$name.crt -keyout $d/$name.key " |
|
1142
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
122 . ">>$d/openssl.out 2>&1") == 0 |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
123 or die "Can't create certificate for $name: $!\n"; |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
124 } |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
125 |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
126 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!"); |
|
1324
918bf90466e0
Tests: hide startup warnings about deprecated ssl.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1220
diff
changeset
|
127 |
|
1145
f193664e06d8
Tests: remove unused http block in mail_ssl.t.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1142
diff
changeset
|
128 $t->run(); |
|
1142
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
129 |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
130 ############################################################################### |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
131 |
|
1831
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
132 # session reuse: |
|
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
133 # |
|
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
134 # - only tickets, the default |
|
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
135 # - tickets and shared cache, should work always |
|
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
136 # - only shared cache |
|
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
137 # - only builtin cache |
|
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
138 # - only builtin cache with explicitly configured size |
|
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
139 # - only cache none |
|
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
140 # - only cache off |
|
1142
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
141 |
|
1832
2e541778e5d8
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1831
diff
changeset
|
142 TODO: { |
|
2e541778e5d8
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1831
diff
changeset
|
143 local $TODO = 'no TLSv1.3 sessions in LibreSSL' |
|
2e541778e5d8
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1831
diff
changeset
|
144 if $t->has_module('LibreSSL') && test_tls13(); |
|
2e541778e5d8
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1831
diff
changeset
|
145 |
|
1831
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
146 is(test_reuse(8993), 1, 'tickets reused'); |
|
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
147 is(test_reuse(8994), 1, 'tickets and cache reused'); |
|
1832
2e541778e5d8
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1831
diff
changeset
|
148 |
|
2e541778e5d8
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1831
diff
changeset
|
149 TODO: { |
|
2e541778e5d8
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1831
diff
changeset
|
150 local $TODO = 'no TLSv1.3 session cache in BoringSSL' |
|
2e541778e5d8
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1831
diff
changeset
|
151 if $t->has_module('BoringSSL') && test_tls13(); |
|
2e541778e5d8
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1831
diff
changeset
|
152 |
|
1831
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
153 is(test_reuse(8995), 1, 'cache shared reused'); |
|
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
154 is(test_reuse(8996), 1, 'cache builtin reused'); |
|
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
155 is(test_reuse(8997), 1, 'cache builtin size reused'); |
|
1832
2e541778e5d8
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1831
diff
changeset
|
156 |
|
2e541778e5d8
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1831
diff
changeset
|
157 } |
|
2e541778e5d8
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1831
diff
changeset
|
158 } |
|
2e541778e5d8
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1831
diff
changeset
|
159 |
|
1831
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
160 is(test_reuse(8998), 0, 'cache none not reused'); |
|
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
161 is(test_reuse(8999), 0, 'cache off not reused'); |
|
1148
44620036fedf
Tests: added starttls tests for smtp.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1147
diff
changeset
|
162 |
|
1142
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
163 ############################################################################### |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
164 |
|
1832
2e541778e5d8
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1831
diff
changeset
|
165 sub test_tls13 { |
|
2e541778e5d8
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1831
diff
changeset
|
166 my ($s, $ssl) = get_ssl_socket(8993); |
|
2e541778e5d8
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1831
diff
changeset
|
167 return (Net::SSLeay::version($ssl) > 0x303); |
|
2e541778e5d8
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1831
diff
changeset
|
168 } |
|
2e541778e5d8
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1831
diff
changeset
|
169 |
|
1831
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
170 sub test_reuse { |
|
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
171 my ($port) = @_; |
|
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
172 my ($s, $ssl) = get_ssl_socket($port); |
|
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
173 Net::SSLeay::read($ssl); |
|
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
174 my $ses = Net::SSLeay::get_session($ssl); |
|
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
175 ($s, $ssl) = get_ssl_socket($port, $ses); |
|
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
176 return Net::SSLeay::session_reused($ssl); |
|
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
177 } |
|
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
178 |
|
1142
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
179 sub get_ssl_socket { |
|
1831
f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1826
diff
changeset
|
180 my ($port, $ses) = @_; |
|
1142
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
181 |
|
1621
fd440d324700
Tests: simplified get_ssl_socket() functions that use Net::SSLeay.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
182 my $s = IO::Socket::INET->new('127.0.0.1:' . port($port)); |
|
1142
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
183 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!"); |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
184 Net::SSLeay::set_session($ssl, $ses) if defined $ses; |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
185 Net::SSLeay::set_fd($ssl, fileno($s)); |
|
1742
7bfa47410cc0
Tests: basic ALPN tests in the mail module.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1621
diff
changeset
|
186 Net::SSLeay::connect($ssl) == 1 or return; |
|
1142
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
187 return ($s, $ssl); |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
188 } |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
189 |
|
baeebac35a2e
Tests: basic mail ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
diff
changeset
|
190 ############################################################################### |