Mercurial > hg > nginx-tests

diff ssl_sni_sessions.t @ 1866:a797d7428fa5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: simplified http SSL tests with IO::Socket::SSL. The http SSL tests which previously used IO::Socket::SSL were converted to use improved IO::Socket::SSL infrastructure in Test::Nginx.
author Maxim Dounin <mdounin@mdounin.ru>
date Thu, 18 May 2023 18:07:19 +0300
parents cdcd75657e52
children c924ae8d7104
line wrap: on
line diff
--- a/ssl_sni_sessions.t
+++ b/ssl_sni_sessions.t
@@ -110,15 +110,14 @@ foreach my $name ('localhost') {
 
 $t->run();
 
-plan(skip_all => 'no TLS 1.3 sessions')
-	if get('default', port(8443), get_ssl_context()) =~ /TLSv1.3/
-	&& ($Net::SSLeay::VERSION < 1.88 || $IO::Socket::SSL::VERSION < 2.061);
-plan(skip_all => 'no TLS 1.3 sessions in LibreSSL')
-	if get('default', port(8443), get_ssl_context()) =~ /TLSv1.3/
-	&& $t->has_module('LibreSSL');
+plan(skip_all => 'no TLSv1.3 sessions, old Net::SSLeay')
+	if $Net::SSLeay::VERSION < 1.88 && test_tls13();
+plan(skip_all => 'no TLSv1.3 sessions, old IO::Socket::SSL')
+	if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
+plan(skip_all => 'no TLSv1.3 sessions in LibreSSL')
+        if $t->has_module('LibreSSL') && test_tls13();
 plan(skip_all => 'no TLS 1.3 session cache in BoringSSL')
-	if get('default', port(8443), get_ssl_context()) =~ /TLSv1.3/
-	&& $t->has_module('BoringSSL');
+	if $t->has_module('BoringSSL') && test_tls13();
 
 $t->plan(6);
 
@@ -128,8 +127,8 @@ plan(skip_all => 'no TLS 1.3 session cac
 
 my $ctx = get_ssl_context();
 
-like(get('default', port(8443), $ctx), qr!default:\.!, 'default server');
-like(get('default', port(8443), $ctx), qr!default:r!, 'default server reused');
+like(get('default', 8443, $ctx), qr!default:\.!, 'default server');
+like(get('default', 8443, $ctx), qr!default:r!, 'default server reused');
 
 # check that sessions are still properly saved and restored
 # when using an SNI-based virtual server with different session cache;
@@ -143,16 +142,16 @@ like(get('default', port(8443), $ctx), q
 
 $ctx = get_ssl_context();
 
-like(get('nocache', port(8443), $ctx), qr!nocache:\.!, 'without cache');
-like(get('nocache', port(8443), $ctx), qr!nocache:r!, 'without cache reused');
+like(get('nocache', 8443, $ctx), qr!nocache:\.!, 'without cache');
+like(get('nocache', 8443, $ctx), qr!nocache:r!, 'without cache reused');
 
 # make sure tickets can be used if an SNI-based virtual server
 # uses a different set of session ticket keys explicitly set
 
 $ctx = get_ssl_context();
 
-like(get('tickets', port(8444), $ctx), qr!tickets:\.!, 'tickets');
-like(get('tickets', port(8444), $ctx), qr!tickets:r!, 'tickets reused');
+like(get('tickets', 8444, $ctx), qr!tickets:\.!, 'tickets');
+like(get('tickets', 8444, $ctx), qr!tickets:r!, 'tickets reused');
 
 ###############################################################################
 
@@ -163,46 +162,19 @@ sub get_ssl_context {
 	);
 }
 
-sub get_ssl_socket {
+sub get {
 	my ($host, $port, $ctx) = @_;
-	my $s;
-
-	eval {
-		local $SIG{ALRM} = sub { die "timeout\n" };
-		local $SIG{PIPE} = sub { die "sigpipe\n" };
-		alarm(8);
-		$s = IO::Socket::SSL->new(
-			Proto => 'tcp',
-			PeerAddr => '127.0.0.1',
-			PeerPort => $port,
-			SSL_hostname => $host,
-			SSL_reuse_ctx => $ctx,
-			SSL_error_trap => sub { die $_[1] }
-		);
-		alarm(0);
-	};
-	alarm(0);
-
-	if ($@) {
-		log_in("died: $@");
-		return undef;
-	}
-
-	return $s;
+	return http(
+		"GET / HTTP/1.0\nHost: $host\n\n",
+		PeerAddr => '127.0.0.1:' . port($port),
+		SSL => 1,
+		SSL_hostname => $host,
+		SSL_reuse_ctx => $ctx
+	);
 }
 
-sub get {
-	my ($host, $port, $ctx) = @_;
-
-	my $s = get_ssl_socket($host, $port, $ctx) or return;
-	my $r = http(<<EOF, socket => $s);
-GET / HTTP/1.0
-Host: $host
-
-EOF
-
-	$s->close();
-	return $r;
+sub test_tls13 {
+	return get('default', 8443) =~ /TLSv1.3/;
 }
 
 ###############################################################################