Mercurial > hg > nginx-tests

changeset 1912:f61d1b4ac638

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: unbreak quic_ciphers.t with AEAD_AES_128_CCM enabled. Although CCM ciphers are disabled in a stock OpenSSL as rarely used, "to reduce ClientHello bloat", AEAD_AES_128_CCM is apparently turned back in certain distributions such as RHEL. Previously, this caused testing connections to fail as the CCM cipher being negotiated isn't supported yet in nginx. Now the test is skipped instead on failure. While here, fixed nearby style.
author Sergey Kandaurov <pluknet@nginx.com>
date Wed, 14 Jun 2023 16:57:01 +0400
parents 2c5ae1e75db4
children 032ccd3118cb
files quic_ciphers.t
diffstat 1 files changed, 12 insertions(+), 7 deletions(-) [+]
line wrap: on
line diff
--- a/quic_ciphers.t
+++ b/quic_ciphers.t
@@ -77,8 +77,6 @@ foreach my $name ('localhost') {
 
 ###############################################################################
 
-my ($s, $sid, $frames, $frame);
-
 is(get("\x13\x01"), 'TLS_AES_128_GCM_SHA256', 'TLS_AES_128_GCM_SHA256');
 is(get("\x13\x02"), 'TLS_AES_256_GCM_SHA384', 'TLS_AES_256_GCM_SHA384');
 is(get("\x13\x03"), 'TLS_CHACHA20_POLY1305_SHA256',
@@ -88,21 +86,28 @@ is(get("\x13\x03"), 'TLS_CHACHA20_POLY13
 
 is(get("\x13\x02\x13\x01"), 'TLS_AES_256_GCM_SHA384', 'ciphers many');
 
+# prefer TLS_AES_128_CCM_SHA256 and fail gracefully as we are not there yet,
+# the cipher might be patched to be enabled by default in certain distributions
+
+my $s = Test::Nginx::HTTP3->new(8980, ciphers => "\x13\x04\x13\x01");
+
 TODO: {
-local $TODO = 'CCM cipher disabled';
+todo_skip 'not yet', 1 unless $s;
 
-is(get("\x13\x04\x13\x01"), 'TLS_AES_128_CCM_SHA256', 'TLS_AES_128_CCM_SHA256');
+like(get("\x13\x04\x13\x01", $s), qr/TLS_AES_128_[GC]CM_SHA256/,
+	'TLS_AES_128_CCM_SHA256');
 
 }
 
 ###############################################################################
 
 sub get {
-	my ($ciphers) = @_;
-	my $s = Test::Nginx::HTTP3->new(8980, ciphers => $ciphers);
+	my ($ciphers, $sock) = @_;
+	my $s = Test::Nginx::HTTP3->new(8980, ciphers => $ciphers,
+		socket => $sock) or return;
 	my $frames = $s->read(all => [{ sid => $s->new_stream(), fin => 1 }]);
 
-	($frame) = grep { $_->{type} eq "HEADERS" } @$frames;
+	my ($frame) = grep { $_->{type} eq "HEADERS" } @$frames;
 	return $frame->{headers}->{'x-cipher'};
 }