Mercurial > hg > nginx-tests

comparison stream_ssl_session_reuse.t @ 1833:fd9d077fee02

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: separate SSL session reuse tests in stream. Instead of being mixed with generic SSL tests, session reuse variants are now tested in a separate file.
author Maxim Dounin <mdounin@mdounin.ru>
date Thu, 23 Mar 2023 19:49:55 +0300
parents stream_ssl.t@1f125771f1a1
children df96e9d6c095
comparison
equal deleted inserted replaced
1832:2e541778e5d8 1833:fd9d077fee02
1 #!/usr/bin/perl
2
3 # (C) Sergey Kandaurov
4 # (C) Maxim Dounin
5 # (C) Nginx, Inc.
6
7 # Tests for stream ssl module, session reuse.
8
9 ###############################################################################
10
11 use warnings;
12 use strict;
13
14 use Test::More;
15
16 use Socket qw/ $CRLF /;
17
18 BEGIN { use FindBin; chdir($FindBin::Bin); }
19
20 use lib 'lib';
21 use Test::Nginx;
22
23 ###############################################################################
24
25 select STDERR; $| = 1;
26 select STDOUT; $| = 1;
27
28 eval {
29 require Net::SSLeay;
30 Net::SSLeay::load_error_strings();
31 Net::SSLeay::SSLeay_add_ssl_algorithms();
32 Net::SSLeay::randomize();
33 };
34 plan(skip_all => 'Net::SSLeay not installed') if $@;
35
36 my $t = Test::Nginx->new()->has(qw/stream stream_ssl/)->has_daemon('openssl');
37
38 $t->plan(7)->write_file_expand('nginx.conf', <<'EOF');
39
40 %%TEST_GLOBALS%%
41
42 daemon off;
43
44 events {
45 }
46
47 stream {
48 %%TEST_GLOBALS_STREAM%%
49
50 ssl_certificate localhost.crt;
51 ssl_certificate_key localhost.key;
52
53 server {
54 listen 127.0.0.1:8443 ssl;
55 proxy_pass 127.0.0.1:8081;
56 }
57
58 server {
59 listen 127.0.0.1:8444 ssl;
60 proxy_pass 127.0.0.1:8081;
61
62 ssl_session_cache shared:SSL:1m;
63 ssl_session_tickets on;
64 }
65
66 server {
67 listen 127.0.0.1:8445 ssl;
68 proxy_pass 127.0.0.1:8081;
69
70 ssl_session_cache shared:SSL:1m;
71 ssl_session_tickets off;
72 }
73
74 server {
75 listen 127.0.0.1:8446 ssl;
76 proxy_pass 127.0.0.1:8081;
77
78 ssl_session_cache builtin;
79 ssl_session_tickets off;
80 }
81
82 server {
83 listen 127.0.0.1:8447 ssl;
84 proxy_pass 127.0.0.1:8081;
85
86 ssl_session_cache builtin:1000;
87 ssl_session_tickets off;
88 }
89
90 server {
91 listen 127.0.0.1:8448 ssl;
92 proxy_pass 127.0.0.1:8081;
93
94 ssl_session_cache none;
95 ssl_session_tickets off;
96 }
97
98 server {
99 listen 127.0.0.1:8449 ssl;
100 proxy_pass 127.0.0.1:8081;
101
102 ssl_session_cache off;
103 ssl_session_tickets off;
104 }
105 }
106
107 EOF
108
109 $t->write_file('openssl.conf', <<EOF);
110 [ req ]
111 default_bits = 2048
112 encrypt_key = no
113 distinguished_name = req_distinguished_name
114 [ req_distinguished_name ]
115 EOF
116
117 my $d = $t->testdir();
118
119 foreach my $name ('localhost') {
120 system('openssl req -x509 -new '
121 . "-config $d/openssl.conf -subj /CN=$name/ "
122 . "-out $d/$name.crt -keyout $d/$name.key "
123 . ">>$d/openssl.out 2>&1") == 0
124 or die "Can't create certificate for $name: $!\n";
125 }
126
127 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!");
128
129 $t->run_daemon(\&http_daemon);
130
131 $t->run();
132
133 $t->waitforsocket('127.0.0.1:' . port(8081));
134
135 ###############################################################################
136
137 # session reuse:
138 #
139 # - only tickets, the default
140 # - tickets and shared cache, should work always
141 # - only shared cache
142 # - only builtin cache
143 # - only builtin cache with explicitly configured size
144 # - only cache none
145 # - only cache off
146
147 is(test_reuse(8443), 1, 'tickets reused');
148 is(test_reuse(8444), 1, 'tickets and cache reused');
149 is(test_reuse(8445), 1, 'cache shared reused');
150 is(test_reuse(8446), 1, 'cache builtin reused');
151 is(test_reuse(8447), 1, 'cache builtin size reused');
152 is(test_reuse(8448), 0, 'cache none not reused');
153 is(test_reuse(8449), 0, 'cache off not reused');
154
155 ###############################################################################
156
157 sub test_reuse {
158 my ($port) = @_;
159 my ($s, $ssl) = get_ssl_socket($port);
160 Net::SSLeay::write($ssl, "GET / HTTP/1.0$CRLF$CRLF");
161 Net::SSLeay::read($ssl);
162 my $ses = Net::SSLeay::get_session($ssl);
163 ($s, $ssl) = get_ssl_socket($port, $ses);
164 return Net::SSLeay::session_reused($ssl);
165 }
166
167 sub get_ssl_socket {
168 my ($port, $ses) = @_;
169
170 my $s = IO::Socket::INET->new('127.0.0.1:' . port($port));
171 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!");
172 Net::SSLeay::set_session($ssl, $ses) if defined $ses;
173 Net::SSLeay::set_fd($ssl, fileno($s));
174 Net::SSLeay::connect($ssl) or die("ssl connect");
175 return ($s, $ssl);
176 }
177
178 ###############################################################################
179
180 sub http_daemon {
181 my $server = IO::Socket::INET->new(
182 Proto => 'tcp',
183 LocalHost => '127.0.0.1:' . port(8081),
184 Listen => 5,
185 Reuse => 1
186 )
187 or die "Can't create listening socket: $!\n";
188
189 local $SIG{PIPE} = 'IGNORE';
190
191 while (my $client = $server->accept()) {
192 $client->autoflush(1);
193
194 while (<$client>) {
195 last if (/^\x0d?\x0a?$/);
196 }
197
198 print $client <<EOF;
199 HTTP/1.1 200 OK
200 Connection: close
201
202 EOF
203
204 close $client;
205 }
206 }
207
208 ###############################################################################