Mercurial > hg > nginx-tests
comparison quic_ciphers.t @ 1912:f61d1b4ac638
Tests: unbreak quic_ciphers.t with AEAD_AES_128_CCM enabled.
Although CCM ciphers are disabled in a stock OpenSSL as rarely used,
"to reduce ClientHello bloat", AEAD_AES_128_CCM is apparently turned
back in certain distributions such as RHEL. Previously, this caused
testing connections to fail as the CCM cipher being negotiated isn't
supported yet in nginx. Now the test is skipped instead on failure.
While here, fixed nearby style.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Wed, 14 Jun 2023 16:57:01 +0400 |
| parents | 2c5ae1e75db4 |
| children | 6ab08c255dd3 |
comparison
equal
deleted
inserted
replaced
| 1911:2c5ae1e75db4 | 1912:f61d1b4ac638 |
|---|---|
| 75 $t->write_file('index.html', ''); | 75 $t->write_file('index.html', ''); |
| 76 $t->run(); | 76 $t->run(); |
| 77 | 77 |
| 78 ############################################################################### | 78 ############################################################################### |
| 79 | 79 |
| 80 my ($s, $sid, $frames, $frame); | |
| 81 | |
| 82 is(get("\x13\x01"), 'TLS_AES_128_GCM_SHA256', 'TLS_AES_128_GCM_SHA256'); | 80 is(get("\x13\x01"), 'TLS_AES_128_GCM_SHA256', 'TLS_AES_128_GCM_SHA256'); |
| 83 is(get("\x13\x02"), 'TLS_AES_256_GCM_SHA384', 'TLS_AES_256_GCM_SHA384'); | 81 is(get("\x13\x02"), 'TLS_AES_256_GCM_SHA384', 'TLS_AES_256_GCM_SHA384'); |
| 84 is(get("\x13\x03"), 'TLS_CHACHA20_POLY1305_SHA256', | 82 is(get("\x13\x03"), 'TLS_CHACHA20_POLY1305_SHA256', |
| 85 'TLS_CHACHA20_POLY1305_SHA256'); | 83 'TLS_CHACHA20_POLY1305_SHA256'); |
| 86 | 84 |
| 87 # TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256 | 85 # TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256 |
| 88 | 86 |
| 89 is(get("\x13\x02\x13\x01"), 'TLS_AES_256_GCM_SHA384', 'ciphers many'); | 87 is(get("\x13\x02\x13\x01"), 'TLS_AES_256_GCM_SHA384', 'ciphers many'); |
| 90 | 88 |
| 89 # prefer TLS_AES_128_CCM_SHA256 and fail gracefully as we are not there yet, | |
| 90 # the cipher might be patched to be enabled by default in certain distributions | |
| 91 | |
| 92 my $s = Test::Nginx::HTTP3->new(8980, ciphers => "\x13\x04\x13\x01"); | |
| 93 | |
| 91 TODO: { | 94 TODO: { |
| 92 local $TODO = 'CCM cipher disabled'; | 95 todo_skip 'not yet', 1 unless $s; |
| 93 | 96 |
| 94 is(get("\x13\x04\x13\x01"), 'TLS_AES_128_CCM_SHA256', 'TLS_AES_128_CCM_SHA256'); | 97 like(get("\x13\x04\x13\x01", $s), qr/TLS_AES_128_[GC]CM_SHA256/, |
| 98 'TLS_AES_128_CCM_SHA256'); | |
| 95 | 99 |
| 96 } | 100 } |
| 97 | 101 |
| 98 ############################################################################### | 102 ############################################################################### |
| 99 | 103 |
| 100 sub get { | 104 sub get { |
| 101 my ($ciphers) = @_; | 105 my ($ciphers, $sock) = @_; |
| 102 my $s = Test::Nginx::HTTP3->new(8980, ciphers => $ciphers); | 106 my $s = Test::Nginx::HTTP3->new(8980, ciphers => $ciphers, |
| 107 socket => $sock) or return; | |
| 103 my $frames = $s->read(all => [{ sid => $s->new_stream(), fin => 1 }]); | 108 my $frames = $s->read(all => [{ sid => $s->new_stream(), fin => 1 }]); |
| 104 | 109 |
| 105 ($frame) = grep { $_->{type} eq "HEADERS" } @$frames; | 110 my ($frame) = grep { $_->{type} eq "HEADERS" } @$frames; |
| 106 return $frame->{headers}->{'x-cipher'}; | 111 return $frame->{headers}->{'x-cipher'}; |
| 107 } | 112 } |
| 108 | 113 |
| 109 ############################################################################### | 114 ############################################################################### |