Mercurial > hg > nginx-tests
comparison mail_ssl_session_reuse.t @ 1831:f6d1f82f314b
Tests: separate SSL session reuse tests in mail.
Instead of being mixed with generic SSL tests, session reuse variants
are now tested in a separate file.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 23 Mar 2023 19:49:51 +0300 |
parents | mail_ssl.t@1f125771f1a1 |
children | 2e541778e5d8 |
comparison
equal
deleted
inserted
replaced
1830:8dec885fa3da | 1831:f6d1f82f314b |
---|---|
1 #!/usr/bin/perl | |
2 | |
3 # (C) Andrey Zelenkov | |
4 # (C) Maxim Dounin | |
5 # (C) Nginx, Inc. | |
6 | |
7 # Tests for mail ssl module, session reuse. | |
8 | |
9 ############################################################################### | |
10 | |
11 use warnings; | |
12 use strict; | |
13 | |
14 use Test::More; | |
15 | |
16 BEGIN { use FindBin; chdir($FindBin::Bin); } | |
17 | |
18 use lib 'lib'; | |
19 use Test::Nginx; | |
20 | |
21 ############################################################################### | |
22 | |
23 select STDERR; $| = 1; | |
24 select STDOUT; $| = 1; | |
25 | |
26 eval { | |
27 require Net::SSLeay; | |
28 Net::SSLeay::load_error_strings(); | |
29 Net::SSLeay::SSLeay_add_ssl_algorithms(); | |
30 Net::SSLeay::randomize(); | |
31 }; | |
32 plan(skip_all => 'Net::SSLeay not installed') if $@; | |
33 | |
34 my $t = Test::Nginx->new()->has(qw/mail mail_ssl imap/) | |
35 ->has_daemon('openssl')->plan(7); | |
36 | |
37 $t->write_file_expand('nginx.conf', <<'EOF'); | |
38 | |
39 %%TEST_GLOBALS%% | |
40 | |
41 daemon off; | |
42 | |
43 events { | |
44 } | |
45 | |
46 mail { | |
47 auth_http http://127.0.0.1:8080; | |
48 | |
49 ssl_certificate localhost.crt; | |
50 ssl_certificate_key localhost.key; | |
51 | |
52 server { | |
53 listen 127.0.0.1:8993 ssl; | |
54 protocol imap; | |
55 } | |
56 | |
57 server { | |
58 listen 127.0.0.1:8994 ssl; | |
59 protocol imap; | |
60 | |
61 ssl_session_cache shared:SSL:1m; | |
62 ssl_session_tickets on; | |
63 } | |
64 | |
65 server { | |
66 listen 127.0.0.1:8995 ssl; | |
67 protocol imap; | |
68 | |
69 ssl_session_cache shared:SSL:1m; | |
70 ssl_session_tickets off; | |
71 } | |
72 | |
73 server { | |
74 listen 127.0.0.1:8996 ssl; | |
75 protocol imap; | |
76 | |
77 ssl_session_cache builtin; | |
78 ssl_session_tickets off; | |
79 } | |
80 | |
81 server { | |
82 listen 127.0.0.1:8997 ssl; | |
83 protocol imap; | |
84 | |
85 ssl_session_cache builtin:1000; | |
86 ssl_session_tickets off; | |
87 } | |
88 | |
89 server { | |
90 listen 127.0.0.1:8998 ssl; | |
91 protocol imap; | |
92 | |
93 ssl_session_cache none; | |
94 ssl_session_tickets off; | |
95 } | |
96 | |
97 server { | |
98 listen 127.0.0.1:8999 ssl; | |
99 protocol imap; | |
100 | |
101 ssl_session_cache off; | |
102 ssl_session_tickets off; | |
103 } | |
104 } | |
105 | |
106 EOF | |
107 | |
108 $t->write_file('openssl.conf', <<EOF); | |
109 [ req ] | |
110 default_bits = 2048 | |
111 encrypt_key = no | |
112 distinguished_name = req_distinguished_name | |
113 [ req_distinguished_name ] | |
114 EOF | |
115 | |
116 my $d = $t->testdir(); | |
117 | |
118 foreach my $name ('localhost') { | |
119 system('openssl req -x509 -new ' | |
120 . "-config $d/openssl.conf -subj /CN=$name/ " | |
121 . "-out $d/$name.crt -keyout $d/$name.key " | |
122 . ">>$d/openssl.out 2>&1") == 0 | |
123 or die "Can't create certificate for $name: $!\n"; | |
124 } | |
125 | |
126 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!"); | |
127 | |
128 $t->run(); | |
129 | |
130 ############################################################################### | |
131 | |
132 # session reuse: | |
133 # | |
134 # - only tickets, the default | |
135 # - tickets and shared cache, should work always | |
136 # - only shared cache | |
137 # - only builtin cache | |
138 # - only builtin cache with explicitly configured size | |
139 # - only cache none | |
140 # - only cache off | |
141 | |
142 is(test_reuse(8993), 1, 'tickets reused'); | |
143 is(test_reuse(8994), 1, 'tickets and cache reused'); | |
144 is(test_reuse(8995), 1, 'cache shared reused'); | |
145 is(test_reuse(8996), 1, 'cache builtin reused'); | |
146 is(test_reuse(8997), 1, 'cache builtin size reused'); | |
147 is(test_reuse(8998), 0, 'cache none not reused'); | |
148 is(test_reuse(8999), 0, 'cache off not reused'); | |
149 | |
150 ############################################################################### | |
151 | |
152 sub test_reuse { | |
153 my ($port) = @_; | |
154 my ($s, $ssl) = get_ssl_socket($port); | |
155 Net::SSLeay::read($ssl); | |
156 my $ses = Net::SSLeay::get_session($ssl); | |
157 ($s, $ssl) = get_ssl_socket($port, $ses); | |
158 return Net::SSLeay::session_reused($ssl); | |
159 } | |
160 | |
161 sub get_ssl_socket { | |
162 my ($port, $ses) = @_; | |
163 | |
164 my $s = IO::Socket::INET->new('127.0.0.1:' . port($port)); | |
165 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!"); | |
166 Net::SSLeay::set_session($ssl, $ses) if defined $ses; | |
167 Net::SSLeay::set_fd($ssl, fileno($s)); | |
168 Net::SSLeay::connect($ssl) == 1 or return; | |
169 return ($s, $ssl); | |
170 } | |
171 | |
172 ############################################################################### |