Mercurial > hg > nginx-tests
annotate ssl_session_reuse.t @ 1982:fb25cbe9d4ec
Tests: explicit Valgrind support.
Valgrind logging is done to a separate file, as it is not able to
follow stderr redirection within nginx or append to a file without
corrupting it. Further, Valgrind logging seems to interfere with
error suppression in tests, and catches various startup errors and
warnings, so the log is additionally filtered.
Since startup under Valgrind can be really slow, timeout in waitforfile()
was changed to 10 seconds.
Prodded by Robert Mueller.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Fri, 31 May 2024 06:23:00 +0300 |
parents | ab45ee8011df |
children |
rev | line source |
---|---|
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
3 # (C) Andrey Zelenkov |
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
4 # (C) Maxim Dounin |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 # (C) Nginx, Inc. |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 |
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
7 # Tests for http ssl module, session reuse. |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 ############################################################################### |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use warnings; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 use strict; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 use Test::More; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 BEGIN { use FindBin; chdir($FindBin::Bin); } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use lib 'lib'; |
1866
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
19 use Test::Nginx qw/ :DEFAULT http_end /; |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 ############################################################################### |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDERR; $| = 1; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 select STDOUT; $| = 1; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 |
1858
cdcd75657e52
Tests: added has_feature() tests for IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1830
diff
changeset
|
26 my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite socket_ssl/) |
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
27 ->has_daemon('openssl')->plan(8); |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 |
1068
d0ec761774a5
Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1067
diff
changeset
|
29 $t->write_file_expand('nginx.conf', <<'EOF'); |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 %%TEST_GLOBALS%% |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 daemon off; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 events { |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 http { |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 %%TEST_GLOBALS_HTTP%% |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
41 ssl_certificate_key localhost.key; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
42 ssl_certificate localhost.crt; |
1675
0d1cec688111
Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1655
diff
changeset
|
43 |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 server { |
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
45 listen 127.0.0.1:8443 ssl; |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 server_name localhost; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
48 location / { |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 return 200 "body $ssl_session_reused"; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 } |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
51 location /protocol { |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
52 return 200 "body $ssl_protocol"; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
53 } |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
54 } |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
55 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
56 server { |
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
57 listen 127.0.0.1:8444 ssl; |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
58 server_name localhost; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
59 |
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
60 ssl_session_cache shared:SSL:1m; |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
61 ssl_session_tickets on; |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
62 |
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
63 location / { |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
64 return 200 "body $ssl_session_reused"; |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
65 } |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
66 } |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
67 |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
68 server { |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
69 listen 127.0.0.1:8445 ssl; |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
70 server_name localhost; |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
71 |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
72 ssl_session_cache shared:SSL:1m; |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
73 ssl_session_tickets off; |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
74 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
75 location / { |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
76 return 200 "body $ssl_session_reused"; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
77 } |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
78 } |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
79 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
80 server { |
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
81 listen 127.0.0.1:8446 ssl; |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
82 server_name localhost; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
83 |
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
84 ssl_session_cache builtin; |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
85 ssl_session_tickets off; |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
86 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
87 location / { |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
88 return 200 "body $ssl_session_reused"; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
89 } |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
90 } |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
91 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
92 server { |
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
93 listen 127.0.0.1:8447 ssl; |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
94 server_name localhost; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
95 |
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
96 ssl_session_cache builtin:1000; |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
97 ssl_session_tickets off; |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
98 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
99 location / { |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
100 return 200 "body $ssl_session_reused"; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
101 } |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
102 } |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
103 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
104 server { |
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
105 listen 127.0.0.1:8448 ssl; |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
106 server_name localhost; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
107 |
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
108 ssl_session_cache none; |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
109 ssl_session_tickets off; |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
110 |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
111 location / { |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
112 return 200 "body $ssl_session_reused"; |
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
113 } |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 } |
1655
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
115 |
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
116 server { |
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
117 listen 127.0.0.1:8449 ssl; |
1655
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
118 server_name localhost; |
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
119 |
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
120 ssl_session_cache off; |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
121 ssl_session_tickets off; |
1655
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
122 |
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
123 location / { |
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
124 return 200 "body $ssl_session_reused"; |
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
125 } |
666d54ab5036
Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1608
diff
changeset
|
126 } |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 EOF |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
131 $t->write_file('openssl.conf', <<EOF); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
132 [ req ] |
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1478
diff
changeset
|
133 default_bits = 2048 |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 encrypt_key = no |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 distinguished_name = req_distinguished_name |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
136 [ req_distinguished_name ] |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
137 EOF |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
138 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 my $d = $t->testdir(); |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
140 |
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
141 foreach my $name ('localhost') { |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
142 system('openssl req -x509 -new ' |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1139
diff
changeset
|
143 . "-config $d/openssl.conf -subj /CN=$name/ " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1139
diff
changeset
|
144 . "-out $d/$name.crt -keyout $d/$name.key " |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
145 . ">>$d/openssl.out 2>&1") == 0 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
146 or die "Can't create certificate for $name: $!\n"; |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
148 |
1139
e7e968e3eb74
Tests: split ssl.t to run relevant tests on stable versions again.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1132
diff
changeset
|
149 $t->run(); |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
150 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
151 ############################################################################### |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
152 |
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
153 # session reuse: |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
154 # |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
155 # - only tickets, the default |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
156 # - tickets and shared cache, should work always |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
157 # - only shared cache |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
158 # - only builtin cache |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
159 # - only builtin cache with explicitly configured size |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
160 # - only cache none |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
161 # - only cache off |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
162 |
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
163 TODO: { |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
164 local $TODO = 'no TLSv1.3 sessions, old Net::SSLeay' |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
165 if $Net::SSLeay::VERSION < 1.88 && test_tls13(); |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
166 local $TODO = 'no TLSv1.3 sessions, old IO::Socket::SSL' |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
167 if $IO::Socket::SSL::VERSION < 2.061 && test_tls13(); |
1830
8dec885fa3da
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1829
diff
changeset
|
168 local $TODO = 'no TLSv1.3 sessions in LibreSSL' |
8dec885fa3da
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1829
diff
changeset
|
169 if $t->has_module('LibreSSL') && test_tls13(); |
1966
c924ae8d7104
Tests: session reuse handling with Net::SSLeay with LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1866
diff
changeset
|
170 local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)' |
c924ae8d7104
Tests: session reuse handling with Net::SSLeay with LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1866
diff
changeset
|
171 if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13(); |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
172 |
1971
ab45ee8011df
Tests: guarded session ticket tests for old OpenSSL versions.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1966
diff
changeset
|
173 TODO: { |
ab45ee8011df
Tests: guarded session ticket tests for old OpenSSL versions.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1966
diff
changeset
|
174 local $TODO = 'no session tickets' unless $t->has_module('tickets'); |
ab45ee8011df
Tests: guarded session ticket tests for old OpenSSL versions.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1966
diff
changeset
|
175 |
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
176 is(test_reuse(8443), 1, 'tickets reused'); |
1971
ab45ee8011df
Tests: guarded session ticket tests for old OpenSSL versions.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1966
diff
changeset
|
177 |
ab45ee8011df
Tests: guarded session ticket tests for old OpenSSL versions.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1966
diff
changeset
|
178 } |
ab45ee8011df
Tests: guarded session ticket tests for old OpenSSL versions.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1966
diff
changeset
|
179 |
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
180 is(test_reuse(8444), 1, 'tickets and cache reused'); |
1830
8dec885fa3da
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1829
diff
changeset
|
181 |
8dec885fa3da
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1829
diff
changeset
|
182 TODO: { |
8dec885fa3da
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1829
diff
changeset
|
183 local $TODO = 'no TLSv1.3 session cache in BoringSSL' |
8dec885fa3da
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1829
diff
changeset
|
184 if $t->has_module('BoringSSL') && test_tls13(); |
8dec885fa3da
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1829
diff
changeset
|
185 |
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
186 is(test_reuse(8445), 1, 'cache shared reused'); |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
187 is(test_reuse(8446), 1, 'cache builtin reused'); |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
188 is(test_reuse(8447), 1, 'cache builtin size reused'); |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
189 |
1478
f9718a0773b9
Tests: skip TLS 1.3 session reuse tests with older Perl modules.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1449
diff
changeset
|
190 } |
1830
8dec885fa3da
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1829
diff
changeset
|
191 } |
664
97660514e518
Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
503
diff
changeset
|
192 |
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
193 is(test_reuse(8448), 0, 'cache none not reused'); |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
194 is(test_reuse(8449), 0, 'cache off not reused'); |
1608
2f00ed2e0d1a
Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1552
diff
changeset
|
195 |
1675
0d1cec688111
Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1655
diff
changeset
|
196 $t->stop(); |
0d1cec688111
Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1655
diff
changeset
|
197 |
1723
3581dc3c1937
Tests: added ssl test for "unexpected eof while reading".
Sergey Kandaurov <pluknet@nginx.com>
parents:
1695
diff
changeset
|
198 like(`grep -F '[crit]' ${\($t->testdir())}/error.log`, qr/^$/s, 'no crit'); |
3581dc3c1937
Tests: added ssl test for "unexpected eof while reading".
Sergey Kandaurov <pluknet@nginx.com>
parents:
1695
diff
changeset
|
199 |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
200 ############################################################################### |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
201 |
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
202 sub test_tls13 { |
1866
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
203 return http_get('/protocol', SSL => 1) =~ /TLSv1.3/; |
1829
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
204 } |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
205 |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
206 sub test_reuse { |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
207 my ($port) = @_; |
a78c32419f02
Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1820
diff
changeset
|
208 |
1866
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
209 my $s = http_get( |
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
210 '/', PeerAddr => '127.0.0.1:' . port($port), start => 1, |
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
211 SSL => 1, |
1514
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
212 SSL_session_cache_size => 100 |
c6f27bcdd9d9
Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1488
diff
changeset
|
213 ); |
1866
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
214 http_end($s); |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
215 |
1866
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
216 my $r = http_get( |
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
217 '/', PeerAddr => '127.0.0.1:' . port($port), |
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
218 SSL => 1, |
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
219 SSL_reuse_ctx => $s |
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
220 ); |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
221 |
1866
a797d7428fa5
Tests: simplified http SSL tests with IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
222 return ($r =~ qr/^body r$/m) ? 1 : 0; |
370
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
223 } |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
224 |
74cfe56c7b83
Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
225 ############################################################################### |