Mercurial > hg > nginx-tests
annotate ssl_session_ticket_key.t @ 1982:fb25cbe9d4ec
Tests: explicit Valgrind support.
Valgrind logging is done to a separate file, as it is not able to
follow stderr redirection within nginx or append to a file without
corrupting it. Further, Valgrind logging seems to interfere with
error suppression in tests, and catches various startup errors and
warnings, so the log is additionally filtered.
Since startup under Valgrind can be really slow, timeout in waitforfile()
was changed to 10 seconds.
Prodded by Robert Mueller.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Fri, 31 May 2024 06:23:00 +0300 |
parents | ab45ee8011df |
children | a095b971fbcc |
rev | line source |
---|---|
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for rotation of SSL session ticket keys. |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
18 use Test::Nginx qw/ :DEFAULT http_end /; |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 ############################################################################### |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 select STDERR; $| = 1; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDOUT; $| = 1; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
25 eval { require Net::SSLeay; die if $Net::SSLeay::VERSION < 1.86; }; |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 plan(skip_all => 'Net::SSLeay version => 1.86 required') if $@; |
1869
5c50786e5da9
Tests: unbreak ssl_session_ticket_key.t with old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1865
diff
changeset
|
27 eval { require IO::Socket::SSL; die if $IO::Socket::SSL::VERSION < 2.030; }; |
5c50786e5da9
Tests: unbreak ssl_session_ticket_key.t with old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1865
diff
changeset
|
28 plan(skip_all => 'IO::Socket::SSL version => 2.030 required') if $@; |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 |
1971
ab45ee8011df
Tests: guarded session ticket tests for old OpenSSL versions.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1966
diff
changeset
|
30 my $t = Test::Nginx->new()->has(qw/http http_ssl tickets socket_ssl/) |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
31 ->has_daemon('openssl')->plan(2) |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
32 ->write_file_expand('nginx.conf', <<'EOF'); |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 %%TEST_GLOBALS%% |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 daemon off; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 worker_processes 2; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 events { |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 } |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 http { |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 %%TEST_GLOBALS_HTTP%% |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 ssl_certificate_key localhost.key; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 ssl_certificate localhost.crt; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
48 add_header X-SSL-Protocol $ssl_protocol; |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
49 |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 server { |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
51 listen 127.0.0.1:8443 ssl; |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 server_name localhost; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 ssl_session_cache shared:SSL:1m; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 ssl_session_timeout 2; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 } |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 } |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 EOF |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 $t->write_file('openssl.conf', <<EOF); |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 [ req ] |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 default_bits = 2048 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 encrypt_key = no |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 distinguished_name = req_distinguished_name |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 [ req_distinguished_name ] |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 EOF |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 my $d = $t->testdir(); |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 foreach my $name ('localhost') { |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 system('openssl req -x509 -new ' |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 . "-config $d/openssl.conf -subj /CN=$name/ " |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 . "-out $d/$name.crt -keyout $d/$name.key " |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 . ">>$d/openssl.out 2>&1") == 0 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 or die "Can't create certificate for $name: $!\n"; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 } |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
79 $t->write_file('index.html', ''); |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
80 |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 $t->run(); |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 ############################################################################### |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 # the test uses multiple worker processes to check shared tickey key rotation |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 # |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 # before 1.23.2, any test can fail depending on which worker served connection: |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 # the 1st test fails if served by another worker, because keys aren't shared |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 # the 2nd test fails if served by the same worker due to the lack of rotation |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 # |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 # with a single worker process it is only the 2nd test that fails |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 local $TODO = 'not yet' unless $t->has_version('1.23.2'); |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 my $key = get_ticket_key_name(); |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 select undef, undef, undef, 0.5; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 is(get_ticket_key_name(), $key, 'ticket key match'); |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 select undef, undef, undef, 2.5; |
1840
0381a0a212e1
Tests: fixed ssl_session_ticket_key.t with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1816
diff
changeset
|
101 |
1971
ab45ee8011df
Tests: guarded session ticket tests for old OpenSSL versions.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1966
diff
changeset
|
102 local $TODO = 'no ticket key callback' |
ab45ee8011df
Tests: guarded session ticket tests for old OpenSSL versions.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1966
diff
changeset
|
103 if $t->has_module('OpenSSL') and not $t->has_feature('openssl:0.9.8h'); |
1869
5c50786e5da9
Tests: unbreak ssl_session_ticket_key.t with old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1865
diff
changeset
|
104 local $TODO = 'no TLSv1.3 sessions, old Net::SSLeay' |
5c50786e5da9
Tests: unbreak ssl_session_ticket_key.t with old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1865
diff
changeset
|
105 if $Net::SSLeay::VERSION < 1.88 && test_tls13(); |
5c50786e5da9
Tests: unbreak ssl_session_ticket_key.t with old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1865
diff
changeset
|
106 local $TODO = 'no TLSv1.3 sessions, old IO::Socket::SSL' |
5c50786e5da9
Tests: unbreak ssl_session_ticket_key.t with old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1865
diff
changeset
|
107 if $IO::Socket::SSL::VERSION < 2.061 && test_tls13(); |
1840
0381a0a212e1
Tests: fixed ssl_session_ticket_key.t with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1816
diff
changeset
|
108 local $TODO = 'no TLSv1.3 sessions in LibreSSL' |
0381a0a212e1
Tests: fixed ssl_session_ticket_key.t with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1816
diff
changeset
|
109 if $t->has_module('LibreSSL') && test_tls13(); |
1966
c924ae8d7104
Tests: session reuse handling with Net::SSLeay with LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1869
diff
changeset
|
110 local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)' |
c924ae8d7104
Tests: session reuse handling with Net::SSLeay with LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1869
diff
changeset
|
111 if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13(); |
1840
0381a0a212e1
Tests: fixed ssl_session_ticket_key.t with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1816
diff
changeset
|
112 |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 cmp_ok(get_ticket_key_name(), 'ne', $key, 'ticket key next'); |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 ############################################################################### |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 sub get_ticket_key_name { |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
118 my $asn = get_ssl_session(); |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 my $any = qr/[\x00-\xff]/; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 next: |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 # tag(10) | len{2} | OCTETSTRING(4) | len{2} | ticket(key_name|..) |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 $asn =~ /\xaa\x81($any)\x04\x81($any)($any{16})/g; |
1840
0381a0a212e1
Tests: fixed ssl_session_ticket_key.t with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1816
diff
changeset
|
123 return '' if !defined $3; |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 goto next if unpack("C", $1) - unpack("C", $2) != 3; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 my $key = unpack "H*", $3; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 Test::Nginx::log_core('||', "ticket key: $key"); |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 return $key; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 } |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 sub get_ssl_session { |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
131 my $cache = IO::Socket::SSL::Session_Cache->new(100); |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
132 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
133 my $s = http_get( |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
134 '/', start => 1, |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
135 SSL => 1, |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
136 SSL_session_cache => $cache, |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
137 SSL_session_key => 1 |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
138 ); |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
140 return unless $s; |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
141 http_end($s); |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
142 |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
143 my $sess = $cache->get_session(1); |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
144 return '' unless defined $sess; |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
145 return Net::SSLeay::i2d_SSL_SESSION($sess); |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
146 } |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 |
1840
0381a0a212e1
Tests: fixed ssl_session_ticket_key.t with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1816
diff
changeset
|
148 sub test_tls13 { |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
149 return http_get('/', SSL => 1) =~ /TLSv1.3/; |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
150 } |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
151 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
152 ############################################################################### |