Mercurial > hg > nginx-tests
annotate ssl_sni_sessions.t @ 1951:1867428f1673
Tests: fixed h3_limit_req.t spurious failures.
In the "reset stream - cancellation" test, HTTP/3 stream is closed without
sending the request body when the request is waiting in the limit_req
module, and this results in error 444. However, when the request is received
with some minor delay due to system load, it is not delayed by limit_req,
and the stream is closed during reading the request body, which results
in error 400 instead, breaking the test.
Fix is to introduce yet another request before the "reset stream" test,
so the stream in question is always delayed by limit_req.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Thu, 14 Mar 2024 02:25:49 +0300 |
| parents | a797d7428fa5 |
| children | c924ae8d7104 |
| rev | line source |
|---|---|
|
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
2 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
3 # (C) Maxim Dounin |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
4 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
5 # Tests for SSL session resumption with SNI. |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
6 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
7 ############################################################################### |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
8 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
9 use warnings; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
10 use strict; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
11 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
12 use Test::More; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
13 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
14 BEGIN { use FindBin; chdir($FindBin::Bin); } |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
15 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
16 use lib 'lib'; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
17 use Test::Nginx; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
18 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
19 ############################################################################### |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
20 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
21 select STDERR; $| = 1; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
22 select STDOUT; $| = 1; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
23 |
|
1858
cdcd75657e52
Tests: added has_feature() tests for IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1838
diff
changeset
|
24 my $t = Test::Nginx->new()->has(qw/http http_ssl sni rewrite socket_ssl_sni/) |
|
cdcd75657e52
Tests: added has_feature() tests for IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1838
diff
changeset
|
25 ->has_daemon('openssl') |
|
cdcd75657e52
Tests: added has_feature() tests for IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1838
diff
changeset
|
26 ->write_file_expand('nginx.conf', <<'EOF'); |
|
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
27 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
28 %%TEST_GLOBALS%% |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
29 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
30 daemon off; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
31 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
32 events { |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
33 } |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
34 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
35 http { |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
36 %%TEST_GLOBALS_HTTP%% |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
37 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
38 ssl_certificate_key localhost.key; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
39 ssl_certificate localhost.crt; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
40 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
41 server { |
|
1837
0c5f0c016d2b
Tests: restored proper port numbers in ssl_sni_sessions.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
42 listen 127.0.0.1:8443 ssl; |
|
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
43 server_name default; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
44 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
45 ssl_session_tickets off; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
46 ssl_session_cache shared:cache1:1m; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
47 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
48 location / { |
|
1478
f9718a0773b9
Tests: skip TLS 1.3 session reuse tests with older Perl modules.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1421
diff
changeset
|
49 return 200 $ssl_server_name:$ssl_session_reused:$ssl_protocol; |
|
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
50 } |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
51 } |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
52 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
53 server { |
|
1837
0c5f0c016d2b
Tests: restored proper port numbers in ssl_sni_sessions.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
54 listen 127.0.0.1:8443; |
|
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
55 server_name nocache; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
56 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
57 ssl_session_tickets off; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
58 ssl_session_cache shared:cache2:1m; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
59 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
60 location / { |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
61 return 200 $ssl_server_name:$ssl_session_reused; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
62 } |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
63 } |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
64 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
65 server { |
|
1837
0c5f0c016d2b
Tests: restored proper port numbers in ssl_sni_sessions.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
66 listen 127.0.0.1:8444 ssl; |
|
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
67 server_name default; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
68 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
69 ssl_session_ticket_key ticket1.key; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
70 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
71 location / { |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
72 return 200 $ssl_server_name:$ssl_session_reused; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
73 } |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
74 } |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
75 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
76 server { |
|
1837
0c5f0c016d2b
Tests: restored proper port numbers in ssl_sni_sessions.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
77 listen 127.0.0.1:8444; |
|
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
78 server_name tickets; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
79 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
80 ssl_session_ticket_key ticket2.key; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
81 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
82 location / { |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
83 return 200 $ssl_server_name:$ssl_session_reused; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
84 } |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
85 } |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
86 } |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
87 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
88 EOF |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
89 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
90 $t->write_file('openssl.conf', <<EOF); |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
91 [ req ] |
|
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1478
diff
changeset
|
92 default_bits = 2048 |
|
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
93 encrypt_key = no |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
94 distinguished_name = req_distinguished_name |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
95 [ req_distinguished_name ] |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
96 EOF |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
97 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
98 my $d = $t->testdir(); |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
99 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
100 foreach my $name ('localhost') { |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
101 system('openssl req -x509 -new ' |
|
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1132
diff
changeset
|
102 . "-config $d/openssl.conf -subj /CN=$name/ " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1132
diff
changeset
|
103 . "-out $d/$name.crt -keyout $d/$name.key " |
|
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
104 . ">>$d/openssl.out 2>&1") == 0 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
105 or die "Can't create certificate for $name: $!\n"; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
106 } |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
107 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
108 $t->write_file('ticket1.key', '1' x 48); |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
109 $t->write_file('ticket2.key', '2' x 48); |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
110 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
111 $t->run(); |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
112 |
|
1866
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
113 plan(skip_all => 'no TLSv1.3 sessions, old Net::SSLeay') |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
114 if $Net::SSLeay::VERSION < 1.88 && test_tls13(); |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
115 plan(skip_all => 'no TLSv1.3 sessions, old IO::Socket::SSL') |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
116 if $IO::Socket::SSL::VERSION < 2.061 && test_tls13(); |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
117 plan(skip_all => 'no TLSv1.3 sessions in LibreSSL') |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
118 if $t->has_module('LibreSSL') && test_tls13(); |
|
1838
a68d1313c3fc
Tests: disabled ssl_sni_sessions.t with LibreSSL and BoringSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1837
diff
changeset
|
119 plan(skip_all => 'no TLS 1.3 session cache in BoringSSL') |
|
1866
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
120 if $t->has_module('BoringSSL') && test_tls13(); |
|
1478
f9718a0773b9
Tests: skip TLS 1.3 session reuse tests with older Perl modules.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1421
diff
changeset
|
121 |
|
f9718a0773b9
Tests: skip TLS 1.3 session reuse tests with older Perl modules.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1421
diff
changeset
|
122 $t->plan(6); |
|
f9718a0773b9
Tests: skip TLS 1.3 session reuse tests with older Perl modules.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1421
diff
changeset
|
123 |
|
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
124 ############################################################################### |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
125 |
|
752
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
126 # check that everything works fine with default server |
|
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
127 |
|
752
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
128 my $ctx = get_ssl_context(); |
|
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
129 |
|
1866
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
130 like(get('default', 8443, $ctx), qr!default:\.!, 'default server'); |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
131 like(get('default', 8443, $ctx), qr!default:r!, 'default server reused'); |
|
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
132 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
133 # check that sessions are still properly saved and restored |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
134 # when using an SNI-based virtual server with different session cache; |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
135 # as session resumption happens before SNI, only default server |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
136 # settings are expected to matter |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
137 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
138 # this didn't work before nginx 1.9.6 (and caused segfaults if no session |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
139 # cache was configured the SNI-based virtual server), because OpenSSL, when |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
140 # creating new sessions, uses callbacks from the default server context, but |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
141 # provides access to the SNI-selected server context only (ticket #235) |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
142 |
|
752
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
143 $ctx = get_ssl_context(); |
|
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
144 |
|
1866
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
145 like(get('nocache', 8443, $ctx), qr!nocache:\.!, 'without cache'); |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
146 like(get('nocache', 8443, $ctx), qr!nocache:r!, 'without cache reused'); |
|
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
147 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
148 # make sure tickets can be used if an SNI-based virtual server |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
149 # uses a different set of session ticket keys explicitly set |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
150 |
|
752
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
151 $ctx = get_ssl_context(); |
|
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
152 |
|
1866
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
153 like(get('tickets', 8444, $ctx), qr!tickets:\.!, 'tickets'); |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
154 like(get('tickets', 8444, $ctx), qr!tickets:r!, 'tickets reused'); |
|
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
155 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
156 ############################################################################### |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
157 |
|
752
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
158 sub get_ssl_context { |
|
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
159 return IO::Socket::SSL::SSL_Context->new( |
|
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
160 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
|
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
161 SSL_session_cache_size => 100 |
|
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
162 ); |
|
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
163 } |
|
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
164 |
|
1866
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
165 sub get { |
|
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
166 my ($host, $port, $ctx) = @_; |
|
1866
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
167 return http( |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
168 "GET / HTTP/1.0\nHost: $host\n\n", |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
169 PeerAddr => '127.0.0.1:' . port($port), |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
170 SSL => 1, |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
171 SSL_hostname => $host, |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
172 SSL_reuse_ctx => $ctx |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
173 ); |
|
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
174 } |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
175 |
|
1866
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
176 sub test_tls13 { |
|
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
177 return get('default', 8443) =~ /TLSv1.3/; |
|
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
178 } |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
179 |
|
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
180 ############################################################################### |