Mercurial > hg > nginx-tests
comparison stream_ssl_session_reuse.t @ 1833:fd9d077fee02
Tests: separate SSL session reuse tests in stream.
Instead of being mixed with generic SSL tests, session reuse variants
are now tested in a separate file.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 23 Mar 2023 19:49:55 +0300 |
parents | stream_ssl.t@1f125771f1a1 |
children | df96e9d6c095 |
comparison
equal
deleted
inserted
replaced
1832:2e541778e5d8 | 1833:fd9d077fee02 |
---|---|
1 #!/usr/bin/perl | |
2 | |
3 # (C) Sergey Kandaurov | |
4 # (C) Maxim Dounin | |
5 # (C) Nginx, Inc. | |
6 | |
7 # Tests for stream ssl module, session reuse. | |
8 | |
9 ############################################################################### | |
10 | |
11 use warnings; | |
12 use strict; | |
13 | |
14 use Test::More; | |
15 | |
16 use Socket qw/ $CRLF /; | |
17 | |
18 BEGIN { use FindBin; chdir($FindBin::Bin); } | |
19 | |
20 use lib 'lib'; | |
21 use Test::Nginx; | |
22 | |
23 ############################################################################### | |
24 | |
25 select STDERR; $| = 1; | |
26 select STDOUT; $| = 1; | |
27 | |
28 eval { | |
29 require Net::SSLeay; | |
30 Net::SSLeay::load_error_strings(); | |
31 Net::SSLeay::SSLeay_add_ssl_algorithms(); | |
32 Net::SSLeay::randomize(); | |
33 }; | |
34 plan(skip_all => 'Net::SSLeay not installed') if $@; | |
35 | |
36 my $t = Test::Nginx->new()->has(qw/stream stream_ssl/)->has_daemon('openssl'); | |
37 | |
38 $t->plan(7)->write_file_expand('nginx.conf', <<'EOF'); | |
39 | |
40 %%TEST_GLOBALS%% | |
41 | |
42 daemon off; | |
43 | |
44 events { | |
45 } | |
46 | |
47 stream { | |
48 %%TEST_GLOBALS_STREAM%% | |
49 | |
50 ssl_certificate localhost.crt; | |
51 ssl_certificate_key localhost.key; | |
52 | |
53 server { | |
54 listen 127.0.0.1:8443 ssl; | |
55 proxy_pass 127.0.0.1:8081; | |
56 } | |
57 | |
58 server { | |
59 listen 127.0.0.1:8444 ssl; | |
60 proxy_pass 127.0.0.1:8081; | |
61 | |
62 ssl_session_cache shared:SSL:1m; | |
63 ssl_session_tickets on; | |
64 } | |
65 | |
66 server { | |
67 listen 127.0.0.1:8445 ssl; | |
68 proxy_pass 127.0.0.1:8081; | |
69 | |
70 ssl_session_cache shared:SSL:1m; | |
71 ssl_session_tickets off; | |
72 } | |
73 | |
74 server { | |
75 listen 127.0.0.1:8446 ssl; | |
76 proxy_pass 127.0.0.1:8081; | |
77 | |
78 ssl_session_cache builtin; | |
79 ssl_session_tickets off; | |
80 } | |
81 | |
82 server { | |
83 listen 127.0.0.1:8447 ssl; | |
84 proxy_pass 127.0.0.1:8081; | |
85 | |
86 ssl_session_cache builtin:1000; | |
87 ssl_session_tickets off; | |
88 } | |
89 | |
90 server { | |
91 listen 127.0.0.1:8448 ssl; | |
92 proxy_pass 127.0.0.1:8081; | |
93 | |
94 ssl_session_cache none; | |
95 ssl_session_tickets off; | |
96 } | |
97 | |
98 server { | |
99 listen 127.0.0.1:8449 ssl; | |
100 proxy_pass 127.0.0.1:8081; | |
101 | |
102 ssl_session_cache off; | |
103 ssl_session_tickets off; | |
104 } | |
105 } | |
106 | |
107 EOF | |
108 | |
109 $t->write_file('openssl.conf', <<EOF); | |
110 [ req ] | |
111 default_bits = 2048 | |
112 encrypt_key = no | |
113 distinguished_name = req_distinguished_name | |
114 [ req_distinguished_name ] | |
115 EOF | |
116 | |
117 my $d = $t->testdir(); | |
118 | |
119 foreach my $name ('localhost') { | |
120 system('openssl req -x509 -new ' | |
121 . "-config $d/openssl.conf -subj /CN=$name/ " | |
122 . "-out $d/$name.crt -keyout $d/$name.key " | |
123 . ">>$d/openssl.out 2>&1") == 0 | |
124 or die "Can't create certificate for $name: $!\n"; | |
125 } | |
126 | |
127 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!"); | |
128 | |
129 $t->run_daemon(\&http_daemon); | |
130 | |
131 $t->run(); | |
132 | |
133 $t->waitforsocket('127.0.0.1:' . port(8081)); | |
134 | |
135 ############################################################################### | |
136 | |
137 # session reuse: | |
138 # | |
139 # - only tickets, the default | |
140 # - tickets and shared cache, should work always | |
141 # - only shared cache | |
142 # - only builtin cache | |
143 # - only builtin cache with explicitly configured size | |
144 # - only cache none | |
145 # - only cache off | |
146 | |
147 is(test_reuse(8443), 1, 'tickets reused'); | |
148 is(test_reuse(8444), 1, 'tickets and cache reused'); | |
149 is(test_reuse(8445), 1, 'cache shared reused'); | |
150 is(test_reuse(8446), 1, 'cache builtin reused'); | |
151 is(test_reuse(8447), 1, 'cache builtin size reused'); | |
152 is(test_reuse(8448), 0, 'cache none not reused'); | |
153 is(test_reuse(8449), 0, 'cache off not reused'); | |
154 | |
155 ############################################################################### | |
156 | |
157 sub test_reuse { | |
158 my ($port) = @_; | |
159 my ($s, $ssl) = get_ssl_socket($port); | |
160 Net::SSLeay::write($ssl, "GET / HTTP/1.0$CRLF$CRLF"); | |
161 Net::SSLeay::read($ssl); | |
162 my $ses = Net::SSLeay::get_session($ssl); | |
163 ($s, $ssl) = get_ssl_socket($port, $ses); | |
164 return Net::SSLeay::session_reused($ssl); | |
165 } | |
166 | |
167 sub get_ssl_socket { | |
168 my ($port, $ses) = @_; | |
169 | |
170 my $s = IO::Socket::INET->new('127.0.0.1:' . port($port)); | |
171 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!"); | |
172 Net::SSLeay::set_session($ssl, $ses) if defined $ses; | |
173 Net::SSLeay::set_fd($ssl, fileno($s)); | |
174 Net::SSLeay::connect($ssl) or die("ssl connect"); | |
175 return ($s, $ssl); | |
176 } | |
177 | |
178 ############################################################################### | |
179 | |
180 sub http_daemon { | |
181 my $server = IO::Socket::INET->new( | |
182 Proto => 'tcp', | |
183 LocalHost => '127.0.0.1:' . port(8081), | |
184 Listen => 5, | |
185 Reuse => 1 | |
186 ) | |
187 or die "Can't create listening socket: $!\n"; | |
188 | |
189 local $SIG{PIPE} = 'IGNORE'; | |
190 | |
191 while (my $client = $server->accept()) { | |
192 $client->autoflush(1); | |
193 | |
194 while (<$client>) { | |
195 last if (/^\x0d?\x0a?$/); | |
196 } | |
197 | |
198 print $client <<EOF; | |
199 HTTP/1.1 200 OK | |
200 Connection: close | |
201 | |
202 EOF | |
203 | |
204 close $client; | |
205 } | |
206 } | |
207 | |
208 ############################################################################### |