Mercurial > hg > nginx-tests

annotate stream_ssl_session_reuse.t @ 1971:ab45ee8011df

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: guarded session ticket tests for old OpenSSL versions. Much like SNI support, TLS session tickets are available starting with OpenSSL 0.9.8f if TLS extensions support is explicitly configured, and enabled by default since 0.9.8j. As such, SNI availability is checked to ensure TLS extensions support is compiled in. Additionally, the ssl_session_ticket_key.t tests for automatic ticket key rotation, which uses session ticket key callback, as introduced in OpenSSL 0.9.8h.
author Maxim Dounin <mdounin@mdounin.ru>
date Mon, 06 May 2024 00:03:16 +0300
parents c924ae8d7104
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
559
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
1 #!/usr/bin/perl
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
2
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
3 # (C) Sergey Kandaurov
1833
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
4 # (C) Maxim Dounin
559
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
5 # (C) Nginx, Inc.
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
6
1833
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
7 # Tests for stream ssl module, session reuse.
559
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
8
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
9 ###############################################################################
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
10
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
11 use warnings;
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
12 use strict;
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
13
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
14 use Test::More;
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
15
1621
fd440d324700 Tests: simplified get_ssl_socket() functions that use Net::SSLeay.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1609
diff changeset
16 use Socket qw/ $CRLF /;
559
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
17
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
18 BEGIN { use FindBin; chdir($FindBin::Bin); }
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
19
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
20 use lib 'lib';
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
21 use Test::Nginx;
1863
dbb7561a9441 Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1834
diff changeset
22 use Test::Nginx::Stream qw/ stream /;
559
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
23
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
24 ###############################################################################
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
25
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
26 select STDERR; $| = 1;
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
27 select STDOUT; $| = 1;
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
28
1873
f7f1f349dd26 Tests: added missing socket_ssl_reused prerequisites.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1863
diff changeset
29 my $t = Test::Nginx->new()
f7f1f349dd26 Tests: added missing socket_ssl_reused prerequisites.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1863
diff changeset
30 ->has(qw/stream stream_ssl socket_ssl_sslversion socket_ssl_reused/)
1863
dbb7561a9441 Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1834
diff changeset
31 ->has_daemon('openssl')->plan(7);
559
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
32
1863
dbb7561a9441 Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1834
diff changeset
33 $t->write_file_expand('nginx.conf', <<'EOF');
559
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
34
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
35 %%TEST_GLOBALS%%
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
36
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
37 daemon off;
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
38
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
39 events {
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
40 }
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
41
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
42 stream {
1609
f3ba4c74de31 Tests: added TEST_GLOBALS_STREAM variable support.
Andrei Belov <defan@nginx.com>
parents: 1488
diff changeset
43 %%TEST_GLOBALS_STREAM%%
f3ba4c74de31 Tests: added TEST_GLOBALS_STREAM variable support.
Andrei Belov <defan@nginx.com>
parents: 1488
diff changeset
44
1833
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
45 ssl_certificate localhost.crt;
559
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
46 ssl_certificate_key localhost.key;
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
47
1833
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
48 server {
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
49 listen 127.0.0.1:8443 ssl;
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
50 proxy_pass 127.0.0.1:8081;
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
51 }
559
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
52
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
53 server {
1833
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
54 listen 127.0.0.1:8444 ssl;
974
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
55 proxy_pass 127.0.0.1:8081;
559
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
56
1833
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
57 ssl_session_cache shared:SSL:1m;
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
58 ssl_session_tickets on;
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
59 }
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
60
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
61 server {
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
62 listen 127.0.0.1:8445 ssl;
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
63 proxy_pass 127.0.0.1:8081;
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
64
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
65 ssl_session_cache shared:SSL:1m;
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
66 ssl_session_tickets off;
559
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
67 }
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
68
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
69 server {
1833
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
70 listen 127.0.0.1:8446 ssl;
974
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
71 proxy_pass 127.0.0.1:8081;
559
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
72
1833
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
73 ssl_session_cache builtin;
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
74 ssl_session_tickets off;
559
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
75 }
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
76
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
77 server {
1833
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
78 listen 127.0.0.1:8447 ssl;
974
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
79 proxy_pass 127.0.0.1:8081;
559
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
80
645
ed103c38b115 Tests: more ssl_session_cache tests in stream_ssl.t.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 636
diff changeset
81 ssl_session_cache builtin:1000;
1833
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
82 ssl_session_tickets off;
559
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
83 }
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
84
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
85 server {
1833
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
86 listen 127.0.0.1:8448 ssl;
974
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
87 proxy_pass 127.0.0.1:8081;
559
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
88
1833
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
89 ssl_session_cache none;
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
90 ssl_session_tickets off;
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
91 }
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
92
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
93 server {
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
94 listen 127.0.0.1:8449 ssl;
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
95 proxy_pass 127.0.0.1:8081;
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
96
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
97 ssl_session_cache off;
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
98 ssl_session_tickets off;
559
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
99 }
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
100 }
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
101
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
102 EOF
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
103
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
104 $t->write_file('openssl.conf', <<EOF);
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
105 [ req ]
1488
dbce8fb5f5f8 Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1220
diff changeset
106 default_bits = 2048
559
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
107 encrypt_key = no
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
108 distinguished_name = req_distinguished_name
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
109 [ req_distinguished_name ]
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
110 EOF
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
111
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
112 my $d = $t->testdir();
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
113
1833
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
114 foreach my $name ('localhost') {
559
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
115 system('openssl req -x509 -new '
1220
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1204
diff changeset
116 . "-config $d/openssl.conf -subj /CN=$name/ "
1833
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
117 . "-out $d/$name.crt -keyout $d/$name.key "
559
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
118 . ">>$d/openssl.out 2>&1") == 0
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
119 or die "Can't create certificate for $name: $!\n";
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
120 }
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
121
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
122 $t->run_daemon(\&http_daemon);
1087
534d209f6ae4 Tests: fixed ssl_password_file test hang with missing FIFO reader.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1039
diff changeset
123
1833
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
124 $t->run();
559
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
125
974
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
126 $t->waitforsocket('127.0.0.1:' . port(8081));
559
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
127
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
128 ###############################################################################
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
129
1833
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
130 # session reuse:
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
131 #
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
132 # - only tickets, the default
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
133 # - tickets and shared cache, should work always
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
134 # - only shared cache
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
135 # - only builtin cache
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
136 # - only builtin cache with explicitly configured size
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
137 # - only cache none
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
138 # - only cache off
559
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
139
1834
df96e9d6c095 Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1833
diff changeset
140 TODO: {
1863
dbb7561a9441 Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1834
diff changeset
141 local $TODO = 'no TLSv1.3 sessions, old Net::SSLeay'
dbb7561a9441 Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1834
diff changeset
142 if $Net::SSLeay::VERSION < 1.88 && test_tls13();
dbb7561a9441 Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1834
diff changeset
143 local $TODO = 'no TLSv1.3 sessions, old IO::Socket::SSL'
dbb7561a9441 Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1834
diff changeset
144 if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
1834
df96e9d6c095 Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1833
diff changeset
145 local $TODO = 'no TLSv1.3 sessions in LibreSSL'
df96e9d6c095 Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1833
diff changeset
146 if $t->has_module('LibreSSL') && test_tls13();
1966
c924ae8d7104 Tests: session reuse handling with Net::SSLeay with LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1873
diff changeset
147 local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)'
c924ae8d7104 Tests: session reuse handling with Net::SSLeay with LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1873
diff changeset
148 if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13();
1834
df96e9d6c095 Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1833
diff changeset
149
1971
ab45ee8011df Tests: guarded session ticket tests for old OpenSSL versions.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1966
diff changeset
150 TODO: {
ab45ee8011df Tests: guarded session ticket tests for old OpenSSL versions.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1966
diff changeset
151 local $TODO = 'no session tickets' unless $t->has_module('tickets');
ab45ee8011df Tests: guarded session ticket tests for old OpenSSL versions.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1966
diff changeset
152
1833
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
153 is(test_reuse(8443), 1, 'tickets reused');
1971
ab45ee8011df Tests: guarded session ticket tests for old OpenSSL versions.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1966
diff changeset
154
ab45ee8011df Tests: guarded session ticket tests for old OpenSSL versions.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1966
diff changeset
155 }
ab45ee8011df Tests: guarded session ticket tests for old OpenSSL versions.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1966
diff changeset
156
1833
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
157 is(test_reuse(8444), 1, 'tickets and cache reused');
1834
df96e9d6c095 Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1833
diff changeset
158
df96e9d6c095 Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1833
diff changeset
159 TODO: {
df96e9d6c095 Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1833
diff changeset
160 local $TODO = 'no TLSv1.3 session cache in BoringSSL'
df96e9d6c095 Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1833
diff changeset
161 if $t->has_module('BoringSSL') && test_tls13();
df96e9d6c095 Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1833
diff changeset
162
1833
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
163 is(test_reuse(8445), 1, 'cache shared reused');
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
164 is(test_reuse(8446), 1, 'cache builtin reused');
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
165 is(test_reuse(8447), 1, 'cache builtin size reused');
1834
df96e9d6c095 Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1833
diff changeset
166
df96e9d6c095 Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1833
diff changeset
167 }
df96e9d6c095 Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1833
diff changeset
168 }
df96e9d6c095 Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1833
diff changeset
169
1833
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
170 is(test_reuse(8448), 0, 'cache none not reused');
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
171 is(test_reuse(8449), 0, 'cache off not reused');
559
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
172
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
173 ###############################################################################
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
174
1834
df96e9d6c095 Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1833
diff changeset
175 sub test_tls13 {
1863
dbb7561a9441 Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1834
diff changeset
176 my $s = stream(
dbb7561a9441 Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1834
diff changeset
177 PeerAddr => '127.0.0.1:' . port(8443),
dbb7561a9441 Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1834
diff changeset
178 SSL => 1
dbb7561a9441 Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1834
diff changeset
179 );
dbb7561a9441 Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1834
diff changeset
180 return ($s->socket()->get_sslversion_int() > 0x303);
1834
df96e9d6c095 Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1833
diff changeset
181 }
df96e9d6c095 Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1833
diff changeset
182
1833
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
183 sub test_reuse {
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
184 my ($port) = @_;
1863
dbb7561a9441 Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1834
diff changeset
185
dbb7561a9441 Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1834
diff changeset
186 my $s = stream(
dbb7561a9441 Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1834
diff changeset
187 PeerAddr => '127.0.0.1:' . port($port),
dbb7561a9441 Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1834
diff changeset
188 SSL => 1,
dbb7561a9441 Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1834
diff changeset
189 SSL_session_cache_size => 100
dbb7561a9441 Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1834
diff changeset
190 );
dbb7561a9441 Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1834
diff changeset
191 $s->io("GET / HTTP/1.0$CRLF$CRLF");
1833
fd9d077fee02 Tests: separate SSL session reuse tests in stream.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1826
diff changeset
192
1863
dbb7561a9441 Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1834
diff changeset
193 $s = stream(
dbb7561a9441 Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1834
diff changeset
194 PeerAddr => '127.0.0.1:' . port($port),
dbb7561a9441 Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1834
diff changeset
195 SSL => 1,
dbb7561a9441 Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1834
diff changeset
196 SSL_reuse_ctx => $s->socket()
dbb7561a9441 Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1834
diff changeset
197 );
559
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
198
1863
dbb7561a9441 Tests: reworked stream SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1834
diff changeset
199 return $s->socket()->get_session_reused();
559
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
200 }
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
201
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
202 ###############################################################################
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
203
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
204 sub http_daemon {
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
205 my $server = IO::Socket::INET->new(
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
206 Proto => 'tcp',
974
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
207 LocalHost => '127.0.0.1:' . port(8081),
559
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
208 Listen => 5,
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
209 Reuse => 1
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
210 )
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
211 or die "Can't create listening socket: $!\n";
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
212
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
213 local $SIG{PIPE} = 'IGNORE';
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
214
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
215 while (my $client = $server->accept()) {
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
216 $client->autoflush(1);
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
217
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
218 while (<$client>) {
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
219 last if (/^\x0d?\x0a?$/);
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
220 }
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
221
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
222 print $client <<EOF;
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
223 HTTP/1.1 200 OK
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
224 Connection: close
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
225
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
226 EOF
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
227
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
228 close $client;
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
229 }
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
230 }
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
231
9208d8243926 Tests: stream ssl and proxy ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
232 ###############################################################################