Mercurial > hg > nginx-tests
annotate stream_ssl_preread_protocol.t @ 1851:0351dee227a8
Tests: unbreak tests with dynamic certificates on stable.
In 74cffa9d4c43, ticket based session reuse is enabled in addition to
using a shared SSL session cache. This changed how a session can be
resumed in a different server:
- for a session ID based resumption, it is resumed in the same context
- when using session tickets, a key name is also checked for matching
- with a ticket callback, this is skipped in favor of callback's logic
This makes 'session id context match' tests fail with session tickets
on stable since ticket key names are unique in distinct SSL contexts.
On the other hand, tests pass on 1.23.2+ due to automatic ticket keys
rotation that installs ticket callback, and using a common shared SSL
session cache.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 28 Mar 2023 01:36:32 +0400 |
parents | f3ba4c74de31 |
children |
rev | line source |
---|---|
1357
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for stream_ssl_preread module, protocol preread. |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 ############################################################################### |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 select STDERR; $| = 1; |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDOUT; $| = 1; |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 my $t = Test::Nginx->new()->has(qw/stream stream_ssl_preread stream_return/) |
1535
144c6ce732e4
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1358
diff
changeset
|
26 ->write_file_expand('nginx.conf', <<'EOF')->plan(7)->run(); |
1357
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 %%TEST_GLOBALS%% |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 daemon off; |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 events { |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 } |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 stream { |
1609
f3ba4c74de31
Tests: added TEST_GLOBALS_STREAM variable support.
Andrei Belov <defan@nginx.com>
parents:
1535
diff
changeset
|
36 %%TEST_GLOBALS_STREAM%% |
f3ba4c74de31
Tests: added TEST_GLOBALS_STREAM variable support.
Andrei Belov <defan@nginx.com>
parents:
1535
diff
changeset
|
37 |
1357
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 server { |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 listen 127.0.0.1:8080; |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 ssl_preread on; |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 return $ssl_preread_protocol; |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 } |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 } |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 EOF |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 ############################################################################### |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 is(get('SSLv3'), 'SSLv3', 'client hello SSLv3'); |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 is(get('TLSv1'), 'TLSv1', 'client hello TLSv1'); |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 is(get('TLSv1.1'), 'TLSv1.1', 'client hello TLSv1.1'); |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 is(get('TLSv1.2'), 'TLSv1.2', 'client hello TLSv1.2'); |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 is(get_tls13(), 'TLSv1.3', 'client hello supported_versions'); |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 |
1358
71f964c077bf
Tests: adjusted ssl_preread_protocol tests with V2ClientHello.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1357
diff
changeset
|
56 is(get_ssl2('SSLv2'), 'SSLv2', 'client hello version 2'); |
71f964c077bf
Tests: adjusted ssl_preread_protocol tests with V2ClientHello.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1357
diff
changeset
|
57 is(get_ssl2('TLSv1'), 'TLSv1', 'client hello version 2 - TLSv1'); |
1357
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 ############################################################################### |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 sub get { |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 my $v = shift; |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 my ($re, $ch); |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 $re = 0x0300, $ch = 0x0300 if $v eq 'SSLv3'; |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 $re = 0x0301, $ch = 0x0301 if $v eq 'TLSv1'; |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 $re = 0x0301, $ch = 0x0302 if $v eq 'TLSv1.1'; |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 $re = 0x0301, $ch = 0x0303 if $v eq 'TLSv1.2'; |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 my $r = pack("CnNn2C", 0x16, $re, 0x00380100, 0x0034, $ch, 0xeb); |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 $r .= pack("N*", 0x6357cdba, 0xa6b8d853, 0xf1f6ac0f); |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 $r .= pack("N*", 0xdf03178c, 0x0ae41824, 0xe7643682); |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 $r .= pack("N*", 0x3c1b273f, 0xbfde4b00, 0x00000000); |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 $r .= pack("CN3", 0x0c, 0x00000008, 0x00060000, 0x03666f6f); |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 http($r); |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 } |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 sub get_tls13 { |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 my $r = pack("N*", 0x16030100, 0x33010000, 0x2f0303eb); |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 $r .= pack("N*", 0x6357cdba, 0xa6b8d853, 0xf1f6ac0f); |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 $r .= pack("N*", 0xdf03178c, 0x0ae41824, 0xe7643682); |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 $r .= pack("N*", 0x3c1b273f, 0xbfde4b00, 0x00000000); |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 $r .= pack("CNCn", 0x07, 0x002b0007, 0x02, 0x7f1c); |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 http($r); |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 } |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 sub get_ssl2 { |
1358
71f964c077bf
Tests: adjusted ssl_preread_protocol tests with V2ClientHello.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1357
diff
changeset
|
90 my $v = shift; |
71f964c077bf
Tests: adjusted ssl_preread_protocol tests with V2ClientHello.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1357
diff
changeset
|
91 my $ch; |
71f964c077bf
Tests: adjusted ssl_preread_protocol tests with V2ClientHello.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1357
diff
changeset
|
92 |
71f964c077bf
Tests: adjusted ssl_preread_protocol tests with V2ClientHello.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1357
diff
changeset
|
93 $ch = 0x0002 if $v eq 'SSLv2'; |
71f964c077bf
Tests: adjusted ssl_preread_protocol tests with V2ClientHello.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1357
diff
changeset
|
94 $ch = 0x0301 if $v eq 'TLSv1'; |
71f964c077bf
Tests: adjusted ssl_preread_protocol tests with V2ClientHello.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1357
diff
changeset
|
95 |
71f964c077bf
Tests: adjusted ssl_preread_protocol tests with V2ClientHello.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1357
diff
changeset
|
96 my $r = pack("nCn4", 0x801c, 0x01, $ch, 0x0003, 0x0000, 0x0010); |
1357
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 $r .= pack("C3", 0x01, 0x00, 0x80); |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 $r .= pack("N4", 0x322dd95c, 0x4749ef17, 0x3d5f0916, 0xf0b730f8); |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 http($r); |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 } |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 |
2415ef05a282
Tests: stream_ssl_preread module tests, protocol preread.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 ############################################################################### |