Mercurial > hg > nginx-tests
comparison mail_ssl_session_reuse.t @ 1861:7b7b64569f55
Tests: reworked mail SSL tests to use IO::Socket::SSL.
Relevant infrastructure is provided in Test::Nginx::IMAP (and also POP3
and SMTP for completeness). This also ensures that SSL handshake and
various read operations are guarded with timeouts.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 18 May 2023 18:07:08 +0300 |
parents | ce4a06d72256 |
children | f7f1f349dd26 |
comparison
equal
deleted
inserted
replaced
1860:58951cf933e1 | 1861:7b7b64569f55 |
---|---|
15 | 15 |
16 BEGIN { use FindBin; chdir($FindBin::Bin); } | 16 BEGIN { use FindBin; chdir($FindBin::Bin); } |
17 | 17 |
18 use lib 'lib'; | 18 use lib 'lib'; |
19 use Test::Nginx; | 19 use Test::Nginx; |
20 use Test::Nginx::IMAP; | |
20 | 21 |
21 ############################################################################### | 22 ############################################################################### |
22 | 23 |
23 select STDERR; $| = 1; | 24 select STDERR; $| = 1; |
24 select STDOUT; $| = 1; | 25 select STDOUT; $| = 1; |
25 | 26 |
26 local $SIG{PIPE} = 'IGNORE'; | 27 local $SIG{PIPE} = 'IGNORE'; |
27 | 28 |
28 eval { | 29 my $t = Test::Nginx->new()->has(qw/mail mail_ssl imap socket_ssl_sslversion/) |
29 require Net::SSLeay; | |
30 Net::SSLeay::load_error_strings(); | |
31 Net::SSLeay::SSLeay_add_ssl_algorithms(); | |
32 Net::SSLeay::randomize(); | |
33 }; | |
34 plan(skip_all => 'Net::SSLeay not installed') if $@; | |
35 | |
36 my $t = Test::Nginx->new()->has(qw/mail mail_ssl imap/) | |
37 ->has_daemon('openssl')->plan(7); | 30 ->has_daemon('openssl')->plan(7); |
38 | 31 |
39 $t->write_file_expand('nginx.conf', <<'EOF'); | 32 $t->write_file_expand('nginx.conf', <<'EOF'); |
40 | 33 |
41 %%TEST_GLOBALS%% | 34 %%TEST_GLOBALS%% |
123 . "-out $d/$name.crt -keyout $d/$name.key " | 116 . "-out $d/$name.crt -keyout $d/$name.key " |
124 . ">>$d/openssl.out 2>&1") == 0 | 117 . ">>$d/openssl.out 2>&1") == 0 |
125 or die "Can't create certificate for $name: $!\n"; | 118 or die "Can't create certificate for $name: $!\n"; |
126 } | 119 } |
127 | 120 |
128 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!"); | |
129 | |
130 $t->run(); | 121 $t->run(); |
131 | 122 |
132 ############################################################################### | 123 ############################################################################### |
133 | 124 |
134 # session reuse: | 125 # session reuse: |
140 # - only builtin cache with explicitly configured size | 131 # - only builtin cache with explicitly configured size |
141 # - only cache none | 132 # - only cache none |
142 # - only cache off | 133 # - only cache off |
143 | 134 |
144 TODO: { | 135 TODO: { |
136 local $TODO = 'no TLSv1.3 sessions, old Net::SSLeay' | |
137 if $Net::SSLeay::VERSION < 1.88 && test_tls13(); | |
138 local $TODO = 'no TLSv1.3 sessions, old IO::Socket::SSL' | |
139 if $IO::Socket::SSL::VERSION < 2.061 && test_tls13(); | |
145 local $TODO = 'no TLSv1.3 sessions in LibreSSL' | 140 local $TODO = 'no TLSv1.3 sessions in LibreSSL' |
146 if $t->has_module('LibreSSL') && test_tls13(); | 141 if $t->has_module('LibreSSL') && test_tls13(); |
147 | 142 |
148 is(test_reuse(8993), 1, 'tickets reused'); | 143 is(test_reuse(8993), 1, 'tickets reused'); |
149 is(test_reuse(8994), 1, 'tickets and cache reused'); | 144 is(test_reuse(8994), 1, 'tickets and cache reused'); |
163 is(test_reuse(8999), 0, 'cache off not reused'); | 158 is(test_reuse(8999), 0, 'cache off not reused'); |
164 | 159 |
165 ############################################################################### | 160 ############################################################################### |
166 | 161 |
167 sub test_tls13 { | 162 sub test_tls13 { |
168 my ($s, $ssl) = get_ssl_socket(8993); | 163 my $s = Test::Nginx::IMAP->new(SSL => 1); |
169 return (Net::SSLeay::version($ssl) > 0x303); | 164 return ($s->socket()->get_sslversion_int() > 0x303); |
170 } | 165 } |
171 | 166 |
172 sub test_reuse { | 167 sub test_reuse { |
173 my ($port) = @_; | 168 my ($port) = @_; |
174 my ($s, $ssl) = get_ssl_socket($port); | |
175 Net::SSLeay::read($ssl); | |
176 my $ses = Net::SSLeay::get_session($ssl); | |
177 ($s, $ssl) = get_ssl_socket($port, $ses); | |
178 return Net::SSLeay::session_reused($ssl); | |
179 } | |
180 | 169 |
181 sub get_ssl_socket { | 170 my $s = Test::Nginx::IMAP->new( |
182 my ($port, $ses) = @_; | 171 PeerAddr => '127.0.0.1:' . port($port), |
172 SSL => 1, | |
173 SSL_session_cache_size => 100 | |
174 ); | |
175 $s->read(); | |
183 | 176 |
184 my $s = IO::Socket::INET->new('127.0.0.1:' . port($port)); | 177 $s = Test::Nginx::IMAP->new( |
185 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!"); | 178 PeerAddr => '127.0.0.1:' . port($port), |
186 Net::SSLeay::set_session($ssl, $ses) if defined $ses; | 179 SSL => 1, |
187 Net::SSLeay::set_fd($ssl, fileno($s)); | 180 SSL_reuse_ctx => $s->socket() |
188 Net::SSLeay::connect($ssl) == 1 or return; | 181 ); |
189 return ($s, $ssl); | 182 |
183 return $s->socket()->get_session_reused(); | |
190 } | 184 } |
191 | 185 |
192 ############################################################################### | 186 ############################################################################### |