Mercurial > hg > nginx-tests
annotate h3_ssl_early_data.t @ 1932:b68471aee5ad
Tests: improved test for a stream initiating QUIC path migration.
Previously, the test mostly passed due to a push timer scheduled for an
unrelated delayed ACK, and the new path had enough data received to send
response back when the push timer fired. Otherwise, the test could fail
due to unvalidated address. Now it is fixed to perform path validation.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Mon, 21 Aug 2023 17:10:57 +0400 |
parents | 22f45bf99a9e |
children |
rev | line source |
---|---|
1917
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for TLS early data with HTTP/3. |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 use Test::Nginx::HTTP3; |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 ############################################################################### |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDERR; $| = 1; |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 select STDOUT; $| = 1; |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 my $t = Test::Nginx->new()->has(qw/http http_v3 cryptx/) |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 ->has_daemon('openssl')->plan(5) |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 ->write_file_expand('nginx.conf', <<'EOF'); |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 %%TEST_GLOBALS%% |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 daemon off; |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 events { |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 } |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 http { |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 %%TEST_GLOBALS_HTTP%% |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 ssl_certificate_key localhost.key; |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 ssl_certificate localhost.crt; |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 ssl_early_data on; |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 add_header X-Session $ssl_session_reused always; |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 add_header X-Early $ssl_early_data always; |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 server { |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 listen 127.0.0.1:%%PORT_8980_UDP%% quic; |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 server_name localhost; |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 } |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 } |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 EOF |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 $t->write_file('openssl.conf', <<EOF); |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 [ req ] |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 default_bits = 2048 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 encrypt_key = no |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 distinguished_name = req_distinguished_name |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 [ req_distinguished_name ] |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 EOF |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 my $d = $t->testdir(); |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 foreach my $name ('localhost') { |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 system('openssl req -x509 -new ' |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 . "-config $d/openssl.conf -subj /CN=$name/ " |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 . "-out $d/$name.crt -keyout $d/$name.key " |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 . ">>$d/openssl.out 2>&1") == 0 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 or die "Can't create certificate for $name: $!\n"; |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 } |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 $t->run(); |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 ############################################################################### |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 my $s = Test::Nginx::HTTP3->new(8980); |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 my $frames = $s->read(all => [{ sid => $s->new_stream(), fin => 1 }]); |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 my ($frame) = grep { $_->{type} eq "HEADERS" } @$frames; |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 is($frame->{headers}->{'x-session'}, '.', 'new session'); |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 local $TODO = 'no TLSv1.3 sessions in LibreSSL' if $t->has_module('LibreSSL'); |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 my $psk_list = $s->{psk_list}; |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 $s = Test::Nginx::HTTP3->new(8980, psk_list => $psk_list, early_data => {}); |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 TODO: { |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 local $TODO = 'no 0-RTT in OpenSSL compat layer' |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 unless $t->has_module('OpenSSL [.0-9]+\+quic') |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 or $t->has_module('BoringSSL') |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 or $t->has_module('LibreSSL'); |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 $frames = $s->read(all => [{ sid => 0, fin => 1 }]); |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 ($frame) = grep { $_->{type} eq "HEADERS" } @$frames; |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 is($frame->{headers}->{'x-session'}, 'r', 'reused session 0rtt'); |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 is($frame->{headers}->{'x-early'}, '1', 'reused session is early'); |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 } |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 $frames = $s->read(all => [{ sid => $s->new_stream(), fin => 1 }]); |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 ($frame) = grep { $_->{type} eq "HEADERS" } @$frames; |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 is($frame->{headers}->{'x-session'}, 'r', 'reused session 1rtt'); |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 is($frame->{headers}->{'x-early'}, undef, 'reused session not early'); |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 ############################################################################### |