Mercurial > hg > nginx-tests
annotate ssl_session_ticket_key.t @ 1983:c7315caf2110
Tests: optimized processing of large QUIC packets with padding.
Path MTU discovery packets might contain a lot of padding, and creating
a copy of the whole buffer for each PADDING frame, which is just one
byte with type 0, consumes lots of resources. This was seen to result
in flapping of at least h3_keepalive.t and h3_ssl_early_data.t tests.
Fix is to copy at most 8 bytes for parse_int() calls when parsing
frame types.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 03 Jun 2024 04:17:28 +0300 |
parents | ab45ee8011df |
children | a095b971fbcc |
rev | line source |
---|---|
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for rotation of SSL session ticket keys. |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
18 use Test::Nginx qw/ :DEFAULT http_end /; |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 ############################################################################### |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 select STDERR; $| = 1; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDOUT; $| = 1; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
25 eval { require Net::SSLeay; die if $Net::SSLeay::VERSION < 1.86; }; |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 plan(skip_all => 'Net::SSLeay version => 1.86 required') if $@; |
1869
5c50786e5da9
Tests: unbreak ssl_session_ticket_key.t with old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1865
diff
changeset
|
27 eval { require IO::Socket::SSL; die if $IO::Socket::SSL::VERSION < 2.030; }; |
5c50786e5da9
Tests: unbreak ssl_session_ticket_key.t with old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1865
diff
changeset
|
28 plan(skip_all => 'IO::Socket::SSL version => 2.030 required') if $@; |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 |
1971
ab45ee8011df
Tests: guarded session ticket tests for old OpenSSL versions.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1966
diff
changeset
|
30 my $t = Test::Nginx->new()->has(qw/http http_ssl tickets socket_ssl/) |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
31 ->has_daemon('openssl')->plan(2) |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
32 ->write_file_expand('nginx.conf', <<'EOF'); |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 %%TEST_GLOBALS%% |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 daemon off; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 worker_processes 2; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 events { |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 } |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 http { |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 %%TEST_GLOBALS_HTTP%% |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 ssl_certificate_key localhost.key; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 ssl_certificate localhost.crt; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
48 add_header X-SSL-Protocol $ssl_protocol; |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
49 |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 server { |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
51 listen 127.0.0.1:8443 ssl; |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 server_name localhost; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 ssl_session_cache shared:SSL:1m; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 ssl_session_timeout 2; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 } |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 } |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 EOF |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 $t->write_file('openssl.conf', <<EOF); |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 [ req ] |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 default_bits = 2048 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 encrypt_key = no |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 distinguished_name = req_distinguished_name |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 [ req_distinguished_name ] |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 EOF |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 my $d = $t->testdir(); |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 foreach my $name ('localhost') { |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 system('openssl req -x509 -new ' |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 . "-config $d/openssl.conf -subj /CN=$name/ " |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 . "-out $d/$name.crt -keyout $d/$name.key " |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 . ">>$d/openssl.out 2>&1") == 0 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 or die "Can't create certificate for $name: $!\n"; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 } |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
79 $t->write_file('index.html', ''); |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
80 |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 $t->run(); |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 ############################################################################### |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 # the test uses multiple worker processes to check shared tickey key rotation |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 # |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 # before 1.23.2, any test can fail depending on which worker served connection: |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 # the 1st test fails if served by another worker, because keys aren't shared |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 # the 2nd test fails if served by the same worker due to the lack of rotation |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 # |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 # with a single worker process it is only the 2nd test that fails |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 local $TODO = 'not yet' unless $t->has_version('1.23.2'); |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 my $key = get_ticket_key_name(); |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 select undef, undef, undef, 0.5; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 is(get_ticket_key_name(), $key, 'ticket key match'); |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 select undef, undef, undef, 2.5; |
1840
0381a0a212e1
Tests: fixed ssl_session_ticket_key.t with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1816
diff
changeset
|
101 |
1971
ab45ee8011df
Tests: guarded session ticket tests for old OpenSSL versions.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1966
diff
changeset
|
102 local $TODO = 'no ticket key callback' |
ab45ee8011df
Tests: guarded session ticket tests for old OpenSSL versions.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1966
diff
changeset
|
103 if $t->has_module('OpenSSL') and not $t->has_feature('openssl:0.9.8h'); |
1869
5c50786e5da9
Tests: unbreak ssl_session_ticket_key.t with old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1865
diff
changeset
|
104 local $TODO = 'no TLSv1.3 sessions, old Net::SSLeay' |
5c50786e5da9
Tests: unbreak ssl_session_ticket_key.t with old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1865
diff
changeset
|
105 if $Net::SSLeay::VERSION < 1.88 && test_tls13(); |
5c50786e5da9
Tests: unbreak ssl_session_ticket_key.t with old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1865
diff
changeset
|
106 local $TODO = 'no TLSv1.3 sessions, old IO::Socket::SSL' |
5c50786e5da9
Tests: unbreak ssl_session_ticket_key.t with old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1865
diff
changeset
|
107 if $IO::Socket::SSL::VERSION < 2.061 && test_tls13(); |
1840
0381a0a212e1
Tests: fixed ssl_session_ticket_key.t with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1816
diff
changeset
|
108 local $TODO = 'no TLSv1.3 sessions in LibreSSL' |
0381a0a212e1
Tests: fixed ssl_session_ticket_key.t with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1816
diff
changeset
|
109 if $t->has_module('LibreSSL') && test_tls13(); |
1966
c924ae8d7104
Tests: session reuse handling with Net::SSLeay with LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1869
diff
changeset
|
110 local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)' |
c924ae8d7104
Tests: session reuse handling with Net::SSLeay with LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1869
diff
changeset
|
111 if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13(); |
1840
0381a0a212e1
Tests: fixed ssl_session_ticket_key.t with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1816
diff
changeset
|
112 |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 cmp_ok(get_ticket_key_name(), 'ne', $key, 'ticket key next'); |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 ############################################################################### |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 sub get_ticket_key_name { |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
118 my $asn = get_ssl_session(); |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 my $any = qr/[\x00-\xff]/; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 next: |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 # tag(10) | len{2} | OCTETSTRING(4) | len{2} | ticket(key_name|..) |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 $asn =~ /\xaa\x81($any)\x04\x81($any)($any{16})/g; |
1840
0381a0a212e1
Tests: fixed ssl_session_ticket_key.t with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1816
diff
changeset
|
123 return '' if !defined $3; |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 goto next if unpack("C", $1) - unpack("C", $2) != 3; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 my $key = unpack "H*", $3; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 Test::Nginx::log_core('||', "ticket key: $key"); |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 return $key; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 } |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 sub get_ssl_session { |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
131 my $cache = IO::Socket::SSL::Session_Cache->new(100); |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
132 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
133 my $s = http_get( |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
134 '/', start => 1, |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
135 SSL => 1, |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
136 SSL_session_cache => $cache, |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
137 SSL_session_key => 1 |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
138 ); |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
140 return unless $s; |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
141 http_end($s); |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
142 |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
143 my $sess = $cache->get_session(1); |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
144 return '' unless defined $sess; |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
145 return Net::SSLeay::i2d_SSL_SESSION($sess); |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
146 } |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 |
1840
0381a0a212e1
Tests: fixed ssl_session_ticket_key.t with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1816
diff
changeset
|
148 sub test_tls13 { |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
149 return http_get('/', SSL => 1) =~ /TLSv1.3/; |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
150 } |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
151 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
152 ############################################################################### |