Mercurial > hg > nginx-tests
annotate ssl_sni_reneg.t @ 1836:74cffa9d4c43
Tests: enabled session reuse via TLS session tickets.
This fixes tests with TLSv1.3 enabled when using BoringSSL, since
for TLSv1.3 it only supports session reuse via TLS session tickets,
and not server-side session cache.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 23 Mar 2023 19:50:02 +0300 |
parents | fd440d324700 |
children | 36a4563f7f00 |
rev | line source |
---|---|
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for http ssl module with SNI and renegotiation. |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
1621
fd440d324700
Tests: simplified get_ssl_socket() functions that use Net::SSLeay.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1535
diff
changeset
|
15 use Socket qw/ CRLF /; |
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 BEGIN { use FindBin; chdir($FindBin::Bin); } |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 use lib 'lib'; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 use Test::Nginx; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 ############################################################################### |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 select STDERR; $| = 1; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 select STDOUT; $| = 1; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 eval { |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 require Net::SSLeay; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 Net::SSLeay::load_error_strings(); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 Net::SSLeay::SSLeay_add_ssl_algorithms(); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 Net::SSLeay::randomize(); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 }; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 plan(skip_all => 'Net::SSLeay not installed') if $@; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 eval { |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 my $ctx = Net::SSLeay::CTX_new() or die; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 my $ssl = Net::SSLeay::new($ctx) or die; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 }; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 |
1387
ad3cb6f451a5
Tests: skip ssl_sni_reneg.t with TLS 1.3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1380
diff
changeset
|
42 my $t = Test::Nginx->new()->has(qw/http http_ssl/)->has_daemon('openssl'); |
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 $t->write_file_expand('nginx.conf', <<'EOF'); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 %%TEST_GLOBALS%% |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 daemon off; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 events { |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 } |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 http { |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 %%TEST_GLOBALS_HTTP%% |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 ssl_certificate_key localhost.key; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 ssl_certificate localhost.crt; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
60 listen 127.0.0.1:8080 ssl; |
1380
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
61 listen 127.0.0.1:8081 ssl; |
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 server_name localhost; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 location / { } |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 } |
1380
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
66 |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
67 server { |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
68 listen 127.0.0.1:8081 ssl; |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
69 server_name localhost2; |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
70 |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
71 location / { } |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
72 } |
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 } |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 EOF |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 $t->write_file('openssl.conf', <<EOF); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 [ req ] |
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1421
diff
changeset
|
79 default_bits = 2048 |
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 encrypt_key = no |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 distinguished_name = req_distinguished_name |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 [ req_distinguished_name ] |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 EOF |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 my $d = $t->testdir(); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 foreach my $name ('localhost') { |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 system('openssl req -x509 -new ' |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1173
diff
changeset
|
89 . "-config $d/openssl.conf -subj /CN=$name/ " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1173
diff
changeset
|
90 . "-out $d/$name.crt -keyout $d/$name.key " |
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 . ">>$d/openssl.out 2>&1") == 0 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 or die "Can't create certificate for $name: $!\n"; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 } |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 $t->run(); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 |
1387
ad3cb6f451a5
Tests: skip ssl_sni_reneg.t with TLS 1.3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1380
diff
changeset
|
97 { |
ad3cb6f451a5
Tests: skip ssl_sni_reneg.t with TLS 1.3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1380
diff
changeset
|
98 my (undef, $ssl) = get_ssl_socket(8080); |
ad3cb6f451a5
Tests: skip ssl_sni_reneg.t with TLS 1.3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1380
diff
changeset
|
99 plan(skip_all => "TLS 1.3 forbids renegotiation") |
ad3cb6f451a5
Tests: skip ssl_sni_reneg.t with TLS 1.3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1380
diff
changeset
|
100 if Net::SSLeay::version($ssl) > 0x0303; |
ad3cb6f451a5
Tests: skip ssl_sni_reneg.t with TLS 1.3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1380
diff
changeset
|
101 } |
ad3cb6f451a5
Tests: skip ssl_sni_reneg.t with TLS 1.3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1380
diff
changeset
|
102 |
ad3cb6f451a5
Tests: skip ssl_sni_reneg.t with TLS 1.3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1380
diff
changeset
|
103 $t->plan(8); |
ad3cb6f451a5
Tests: skip ssl_sni_reneg.t with TLS 1.3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1380
diff
changeset
|
104 |
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 ############################################################################### |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 |
1380
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
107 my ($s, $ssl) = get_ssl_socket(8080); |
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 ok($s, 'connection'); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 SKIP: { |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 skip 'connection failed', 3 unless $s; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 |
1173
1a54d45d5587
Tests: handled SIGPIPE in ssl_sni_reneg.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
113 local $SIG{PIPE} = 'IGNORE'; |
1a54d45d5587
Tests: handled SIGPIPE in ssl_sni_reneg.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
114 |
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 Net::SSLeay::write($ssl, 'GET / HTTP/1.0' . CRLF); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 ok(Net::SSLeay::renegotiate($ssl), 'renegotiation'); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 ok(Net::SSLeay::set_tlsext_host_name($ssl, 'localhost'), 'SNI'); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 Net::SSLeay::write($ssl, 'Host: localhost' . CRLF . CRLF); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 |
1377
09c2291b2bab
Tests: relaxed test for no response on SSL renegotiation attempt.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1220
diff
changeset
|
122 ok(!Net::SSLeay::read($ssl), 'response'); |
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 } |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 |
1380
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
126 # virtual servers |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
127 |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
128 ($s, $ssl) = get_ssl_socket(8081); |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
129 ok($s, 'connection 2'); |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
130 |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
131 SKIP: { |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
132 skip 'connection failed', 3 unless $s; |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
133 |
1409
0bc5bd58d9de
Tests: handled SIGPIPE in ssl_sni_reneg.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1407
diff
changeset
|
134 local $SIG{PIPE} = 'IGNORE'; |
0bc5bd58d9de
Tests: handled SIGPIPE in ssl_sni_reneg.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1407
diff
changeset
|
135 |
1380
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
136 Net::SSLeay::write($ssl, 'GET / HTTP/1.0' . CRLF); |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
137 |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
138 ok(Net::SSLeay::renegotiate($ssl), 'renegotiation'); |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
139 ok(Net::SSLeay::set_tlsext_host_name($ssl, 'localhost'), 'SNI'); |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
140 |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
141 Net::SSLeay::write($ssl, 'Host: localhost' . CRLF . CRLF); |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
142 |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
143 ok(!Net::SSLeay::read($ssl), 'virtual servers'); |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
144 |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
145 } |
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
146 |
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 ############################################################################### |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
148 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
149 sub get_ssl_socket { |
1380
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
150 my ($port) = @_; |
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
151 my $s; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
152 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
153 eval { |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
154 local $SIG{ALRM} = sub { die "timeout\n" }; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
155 local $SIG{PIPE} = sub { die "sigpipe\n" }; |
1421
4e48bf51714f
Tests: aligned various generic read timeouts to http_end().
Sergey Kandaurov <pluknet@nginx.com>
parents:
1411
diff
changeset
|
156 alarm(8); |
1621
fd440d324700
Tests: simplified get_ssl_socket() functions that use Net::SSLeay.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1535
diff
changeset
|
157 $s = IO::Socket::INET->new('127.0.0.1:' . port($port)); |
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
158 alarm(0); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
159 }; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
160 alarm(0); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
161 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
162 if ($@) { |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
163 log_in("died: $@"); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
164 return undef; |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
165 } |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
166 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
167 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!"); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
168 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!"); |
1102
89d7d4d1be40
Tests: whitespace fixes.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
1020
diff
changeset
|
169 Net::SSLeay::set_fd($ssl, fileno($s)); |
1380
f50c7d90f5c9
Tests: more https sni tests with renegotiation (ticket #1646).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1377
diff
changeset
|
170 Net::SSLeay::set_tlsext_host_name($ssl, 'localhost'); |
807
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
171 Net::SSLeay::connect($ssl) or die("ssl connect"); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
172 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
173 return ($s, $ssl); |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
174 } |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
175 |
5540ee8a12ce
Tests: https sni tests with renegotiation (ticket #845).
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
176 ############################################################################### |