Mercurial > hg > nginx-tests
changeset 1849:72d206b37df1
Tests: fixed upstream zone ssl tests with LibreSSL and TLSv1.3.
LibreSSL does not support session reuse with TLSv1.3.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Thu, 23 Mar 2023 19:50:30 +0300 |
| parents | 727741cdff74 |
| children | 2a7fc70900a5 |
| files | stream_upstream_zone_ssl.t upstream_zone_ssl.t |
| diffstat | 2 files changed, 54 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/stream_upstream_zone_ssl.t +++ b/stream_upstream_zone_ssl.t @@ -82,6 +82,19 @@ stream { ssl_certificate localhost.crt; ssl_session_cache builtin; } + + server { + listen 127.0.0.1:8085; + proxy_pass 127.0.0.1:8086; + } + + server { + listen 127.0.0.1:8086 ssl; + return $ssl_protocol; + + ssl_certificate_key localhost.key; + ssl_certificate localhost.crt; + } } EOF @@ -112,13 +125,33 @@ is(stream('127.0.0.1:' . port(8080))->re is(stream('127.0.0.1:' . port(8080))->read(), '.', 'ssl 2'); is(stream('127.0.0.1:' . port(8081))->read(), '.', 'ssl session new'); + +TODO: { +local $TODO = 'no TLSv1.3 sessions in LibreSSL' + if $t->has_module('LibreSSL') and test_tls13(); + is(stream('127.0.0.1:' . port(8081))->read(), 'r', 'ssl session reused'); is(stream('127.0.0.1:' . port(8081))->read(), 'r', 'ssl session reused 2'); +} + is(stream('127.0.0.1:' . port(8082))->read(), '.', 'backup ssl'); is(stream('127.0.0.1:' . port(8082))->read(), '.', 'backup ssl 2'); is(stream('127.0.0.1:' . port(8083))->read(), '.', 'backup ssl session new'); + +TODO: { +local $TODO = 'no TLSv1.3 sessions in LibreSSL' + if $t->has_module('LibreSSL') and test_tls13(); + is(stream('127.0.0.1:' . port(8083))->read(), 'r', 'backup ssl session reused'); +} + ############################################################################### + +sub test_tls13 { + stream('127.0.0.1:' . port(8085))->read() =~ /TLSv1.3/; +} + +###############################################################################
--- a/upstream_zone_ssl.t +++ b/upstream_zone_ssl.t @@ -56,6 +56,7 @@ http { location / { add_header X-Session $ssl_session_reused; + add_header X-Protocol $ssl_protocol; } } @@ -114,12 +115,32 @@ foreach my $name ('localhost') { like(http_get('/ssl'), qr/200 OK.*X-Session: \./s, 'ssl'); like(http_get('/ssl'), qr/200 OK.*X-Session: \./s, 'ssl 2'); like(http_get('/ssl_reuse'), qr/200 OK.*X-Session: \./s, 'ssl session new'); + +TODO: { +local $TODO = 'no TLSv1.3 sessions in LibreSSL' + if $t->has_module('LibreSSL') and test_tls13(); + like(http_get('/ssl_reuse'), qr/200 OK.*X-Session: r/s, 'ssl session reused'); like(http_get('/ssl_reuse'), qr/200 OK.*X-Session: r/s, 'ssl session reused 2'); +} + like(http_get('/backup'), qr/200 OK.*X-Session: \./s, 'backup'); like(http_get('/backup'), qr/200 OK.*X-Session: \./s, 'backup 2'); like(http_get('/backup_reuse'), qr/200 OK.*X-Session: \./s, 'backup new'); + +TODO: { +local $TODO = 'no TLSv1.3 sessions in LibreSSL' + if $t->has_module('LibreSSL') and test_tls13(); + like(http_get('/backup_reuse'), qr/200 OK.*X-Session: r/s, 'backup reused'); +} + ############################################################################### + +sub test_tls13 { + http_get('/ssl') =~ /TLSv1.3/; +} + +###############################################################################