Mercurial > hg > nginx-tests
annotate ssl_sni_sessions.t @ 1542:451e787aad76
Tests: reworked libgd version detection.
The "libgd-config" binary is deprecated in recent versions and may not exist
or have unexpected output. More, it may not present within older versions,
as well, if installed separately, which previously broke test assumptions.
The fix is change the fallback to skip tests. In addition, recent Perl GD
module (2.57) started to export libgd version, which is now also consulted.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Mon, 13 Jan 2020 18:15:35 +0300 |
parents | dbce8fb5f5f8 |
children | 0c5f0c016d2b |
rev | line source |
---|---|
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
2 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
3 # (C) Maxim Dounin |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
4 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
5 # Tests for SSL session resumption with SNI. |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
6 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
7 ############################################################################### |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
8 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
9 use warnings; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
10 use strict; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
11 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
12 use Test::More; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
13 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
14 BEGIN { use FindBin; chdir($FindBin::Bin); } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
15 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
16 use lib 'lib'; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
17 use Test::Nginx; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
18 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
19 ############################################################################### |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
20 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
21 select STDERR; $| = 1; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
22 select STDOUT; $| = 1; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
23 |
1233
4a57ca616f8e
Tests: skip ssl_sni_sessions.t on win32 prior to 1.13.5.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1220
diff
changeset
|
24 my $t = Test::Nginx->new()->has(qw/http http_ssl sni rewrite/); |
4a57ca616f8e
Tests: skip ssl_sni_sessions.t on win32 prior to 1.13.5.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1220
diff
changeset
|
25 |
4a57ca616f8e
Tests: skip ssl_sni_sessions.t on win32 prior to 1.13.5.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1220
diff
changeset
|
26 $t->has_daemon('openssl')->write_file_expand('nginx.conf', <<'EOF'); |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
27 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
28 %%TEST_GLOBALS%% |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
29 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
30 daemon off; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
31 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
32 events { |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
33 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
34 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
35 http { |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
36 %%TEST_GLOBALS_HTTP%% |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
37 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
38 ssl_certificate_key localhost.key; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
39 ssl_certificate localhost.crt; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
40 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
41 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
42 listen 127.0.0.1:8080 ssl; |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
43 server_name default; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
44 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
45 ssl_session_tickets off; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
46 ssl_session_cache shared:cache1:1m; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
47 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
48 location / { |
1478
f9718a0773b9
Tests: skip TLS 1.3 session reuse tests with older Perl modules.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1421
diff
changeset
|
49 return 200 $ssl_server_name:$ssl_session_reused:$ssl_protocol; |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
50 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
51 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
52 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
53 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
54 listen 127.0.0.1:8080; |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
55 server_name nocache; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
56 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
57 ssl_session_tickets off; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
58 ssl_session_cache shared:cache2:1m; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
59 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
60 location / { |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
61 return 200 $ssl_server_name:$ssl_session_reused; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
62 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
63 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
64 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
65 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
66 listen 127.0.0.1:8081 ssl; |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
67 server_name default; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
68 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
69 ssl_session_ticket_key ticket1.key; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
70 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
71 location / { |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
72 return 200 $ssl_server_name:$ssl_session_reused; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
73 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
74 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
75 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
76 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
77 listen 127.0.0.1:8081; |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
78 server_name tickets; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
79 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
80 ssl_session_ticket_key ticket2.key; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
81 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
82 location / { |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
83 return 200 $ssl_server_name:$ssl_session_reused; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
84 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
85 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
86 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
87 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
88 EOF |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
89 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
90 eval { require IO::Socket::SSL; die if $IO::Socket::SSL::VERSION < 1.56; }; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
91 plan(skip_all => 'IO::Socket::SSL version >= 1.56 required') if $@; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
92 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
93 eval { |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
94 if (IO::Socket::SSL->can('can_client_sni')) { |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
95 IO::Socket::SSL->can_client_sni() or die; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
96 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
97 }; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
98 plan(skip_all => 'IO::Socket::SSL with OpenSSL SNI support required') if $@; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
99 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
100 eval { |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
101 my $ctx = Net::SSLeay::CTX_new() or die; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
102 my $ssl = Net::SSLeay::new($ctx) or die; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
103 Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
104 }; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
105 plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
106 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
107 $t->write_file('openssl.conf', <<EOF); |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
108 [ req ] |
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1478
diff
changeset
|
109 default_bits = 2048 |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
110 encrypt_key = no |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
111 distinguished_name = req_distinguished_name |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
112 [ req_distinguished_name ] |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
113 EOF |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
114 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
115 my $d = $t->testdir(); |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
116 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
117 foreach my $name ('localhost') { |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
118 system('openssl req -x509 -new ' |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1132
diff
changeset
|
119 . "-config $d/openssl.conf -subj /CN=$name/ " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1132
diff
changeset
|
120 . "-out $d/$name.crt -keyout $d/$name.key " |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
121 . ">>$d/openssl.out 2>&1") == 0 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
122 or die "Can't create certificate for $name: $!\n"; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
123 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
124 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
125 $t->write_file('ticket1.key', '1' x 48); |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
126 $t->write_file('ticket2.key', '2' x 48); |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
127 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
128 $t->run(); |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
129 |
1478
f9718a0773b9
Tests: skip TLS 1.3 session reuse tests with older Perl modules.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1421
diff
changeset
|
130 plan(skip_all => 'no TLS 1.3 sessions') |
f9718a0773b9
Tests: skip TLS 1.3 session reuse tests with older Perl modules.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1421
diff
changeset
|
131 if get('default', port(8080), get_ssl_context()) =~ /TLSv1.3/ |
f9718a0773b9
Tests: skip TLS 1.3 session reuse tests with older Perl modules.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1421
diff
changeset
|
132 && ($Net::SSLeay::VERSION < 1.88 || $IO::Socket::SSL::VERSION < 2.061); |
f9718a0773b9
Tests: skip TLS 1.3 session reuse tests with older Perl modules.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1421
diff
changeset
|
133 |
f9718a0773b9
Tests: skip TLS 1.3 session reuse tests with older Perl modules.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1421
diff
changeset
|
134 $t->plan(6); |
f9718a0773b9
Tests: skip TLS 1.3 session reuse tests with older Perl modules.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1421
diff
changeset
|
135 |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
136 ############################################################################### |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
137 |
752
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
138 # check that everything works fine with default server |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
139 |
752
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
140 my $ctx = get_ssl_context(); |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
141 |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
142 like(get('default', port(8080), $ctx), qr!default:\.!, 'default server'); |
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
143 like(get('default', port(8080), $ctx), qr!default:r!, 'default server reused'); |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
144 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
145 # check that sessions are still properly saved and restored |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
146 # when using an SNI-based virtual server with different session cache; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
147 # as session resumption happens before SNI, only default server |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
148 # settings are expected to matter |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
149 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
150 # this didn't work before nginx 1.9.6 (and caused segfaults if no session |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
151 # cache was configured the SNI-based virtual server), because OpenSSL, when |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
152 # creating new sessions, uses callbacks from the default server context, but |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
153 # provides access to the SNI-selected server context only (ticket #235) |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
154 |
752
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
155 $ctx = get_ssl_context(); |
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
156 |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
157 like(get('nocache', port(8080), $ctx), qr!nocache:\.!, 'without cache'); |
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
158 like(get('nocache', port(8080), $ctx), qr!nocache:r!, 'without cache reused'); |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
159 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
160 # make sure tickets can be used if an SNI-based virtual server |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
161 # uses a different set of session ticket keys explicitly set |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
162 |
752
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
163 $ctx = get_ssl_context(); |
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
164 |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
165 like(get('tickets', port(8081), $ctx), qr!tickets:\.!, 'tickets'); |
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
166 like(get('tickets', port(8081), $ctx), qr!tickets:r!, 'tickets reused'); |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
167 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
168 ############################################################################### |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
169 |
752
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
170 sub get_ssl_context { |
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
171 return IO::Socket::SSL::SSL_Context->new( |
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
172 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
173 SSL_session_cache_size => 100 |
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
174 ); |
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
175 } |
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
176 |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
177 sub get_ssl_socket { |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
178 my ($host, $port, $ctx) = @_; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
179 my $s; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
180 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
181 eval { |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
182 local $SIG{ALRM} = sub { die "timeout\n" }; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
183 local $SIG{PIPE} = sub { die "sigpipe\n" }; |
1421
4e48bf51714f
Tests: aligned various generic read timeouts to http_end().
Sergey Kandaurov <pluknet@nginx.com>
parents:
1407
diff
changeset
|
184 alarm(8); |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
185 $s = IO::Socket::SSL->new( |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
186 Proto => 'tcp', |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
187 PeerAddr => '127.0.0.1', |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
188 PeerPort => $port, |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
189 SSL_hostname => $host, |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
190 SSL_reuse_ctx => $ctx, |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
191 SSL_error_trap => sub { die $_[1] } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
192 ); |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
193 alarm(0); |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
194 }; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
195 alarm(0); |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
196 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
197 if ($@) { |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
198 log_in("died: $@"); |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
199 return undef; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
200 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
201 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
202 return $s; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
203 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
204 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
205 sub get { |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
206 my ($host, $port, $ctx) = @_; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
207 |
1132
3d312b6a1a19
Tests: avoid $ssl_session_reused tests failure with OpenSSL 1.1.0.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
208 my $s = get_ssl_socket($host, $port, $ctx) or return; |
3d312b6a1a19
Tests: avoid $ssl_session_reused tests failure with OpenSSL 1.1.0.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
209 my $r = http(<<EOF, socket => $s); |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
210 GET / HTTP/1.0 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
211 Host: $host |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
212 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
213 EOF |
1132
3d312b6a1a19
Tests: avoid $ssl_session_reused tests failure with OpenSSL 1.1.0.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
214 |
3d312b6a1a19
Tests: avoid $ssl_session_reused tests failure with OpenSSL 1.1.0.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
215 $s->close(); |
3d312b6a1a19
Tests: avoid $ssl_session_reused tests failure with OpenSSL 1.1.0.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
216 return $r; |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
217 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
218 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
219 ############################################################################### |