Mercurial > hg > nginx-tests
annotate ssl_sni_sessions.t @ 1601:376cbc2c2b20
Tests: ssl_reject_handshake tests.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Thu, 22 Oct 2020 18:55:53 +0100 |
parents | dbce8fb5f5f8 |
children | 0c5f0c016d2b |
rev | line source |
---|---|
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
2 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
3 # (C) Maxim Dounin |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
4 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
5 # Tests for SSL session resumption with SNI. |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
6 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
7 ############################################################################### |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
8 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
9 use warnings; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
10 use strict; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
11 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
12 use Test::More; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
13 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
14 BEGIN { use FindBin; chdir($FindBin::Bin); } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
15 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
16 use lib 'lib'; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
17 use Test::Nginx; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
18 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
19 ############################################################################### |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
20 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
21 select STDERR; $| = 1; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
22 select STDOUT; $| = 1; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
23 |
1233
4a57ca616f8e
Tests: skip ssl_sni_sessions.t on win32 prior to 1.13.5.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1220
diff
changeset
|
24 my $t = Test::Nginx->new()->has(qw/http http_ssl sni rewrite/); |
4a57ca616f8e
Tests: skip ssl_sni_sessions.t on win32 prior to 1.13.5.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1220
diff
changeset
|
25 |
4a57ca616f8e
Tests: skip ssl_sni_sessions.t on win32 prior to 1.13.5.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1220
diff
changeset
|
26 $t->has_daemon('openssl')->write_file_expand('nginx.conf', <<'EOF'); |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
27 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
28 %%TEST_GLOBALS%% |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
29 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
30 daemon off; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
31 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
32 events { |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
33 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
34 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
35 http { |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
36 %%TEST_GLOBALS_HTTP%% |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
37 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
38 ssl_certificate_key localhost.key; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
39 ssl_certificate localhost.crt; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
40 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
41 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
42 listen 127.0.0.1:8080 ssl; |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
43 server_name default; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
44 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
45 ssl_session_tickets off; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
46 ssl_session_cache shared:cache1:1m; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
47 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
48 location / { |
1478
f9718a0773b9
Tests: skip TLS 1.3 session reuse tests with older Perl modules.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1421
diff
changeset
|
49 return 200 $ssl_server_name:$ssl_session_reused:$ssl_protocol; |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
50 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
51 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
52 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
53 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
54 listen 127.0.0.1:8080; |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
55 server_name nocache; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
56 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
57 ssl_session_tickets off; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
58 ssl_session_cache shared:cache2:1m; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
59 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
60 location / { |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
61 return 200 $ssl_server_name:$ssl_session_reused; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
62 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
63 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
64 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
65 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
66 listen 127.0.0.1:8081 ssl; |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
67 server_name default; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
68 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
69 ssl_session_ticket_key ticket1.key; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
70 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
71 location / { |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
72 return 200 $ssl_server_name:$ssl_session_reused; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
73 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
74 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
75 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
76 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
77 listen 127.0.0.1:8081; |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
78 server_name tickets; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
79 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
80 ssl_session_ticket_key ticket2.key; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
81 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
82 location / { |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
83 return 200 $ssl_server_name:$ssl_session_reused; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
84 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
85 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
86 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
87 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
88 EOF |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
89 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
90 eval { require IO::Socket::SSL; die if $IO::Socket::SSL::VERSION < 1.56; }; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
91 plan(skip_all => 'IO::Socket::SSL version >= 1.56 required') if $@; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
92 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
93 eval { |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
94 if (IO::Socket::SSL->can('can_client_sni')) { |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
95 IO::Socket::SSL->can_client_sni() or die; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
96 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
97 }; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
98 plan(skip_all => 'IO::Socket::SSL with OpenSSL SNI support required') if $@; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
99 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
100 eval { |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
101 my $ctx = Net::SSLeay::CTX_new() or die; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
102 my $ssl = Net::SSLeay::new($ctx) or die; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
103 Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
104 }; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
105 plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
106 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
107 $t->write_file('openssl.conf', <<EOF); |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
108 [ req ] |
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1478
diff
changeset
|
109 default_bits = 2048 |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
110 encrypt_key = no |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
111 distinguished_name = req_distinguished_name |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
112 [ req_distinguished_name ] |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
113 EOF |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
114 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
115 my $d = $t->testdir(); |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
116 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
117 foreach my $name ('localhost') { |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
118 system('openssl req -x509 -new ' |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1132
diff
changeset
|
119 . "-config $d/openssl.conf -subj /CN=$name/ " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1132
diff
changeset
|
120 . "-out $d/$name.crt -keyout $d/$name.key " |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
121 . ">>$d/openssl.out 2>&1") == 0 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
122 or die "Can't create certificate for $name: $!\n"; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
123 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
124 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
125 $t->write_file('ticket1.key', '1' x 48); |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
126 $t->write_file('ticket2.key', '2' x 48); |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
127 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
128 $t->run(); |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
129 |
1478
f9718a0773b9
Tests: skip TLS 1.3 session reuse tests with older Perl modules.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1421
diff
changeset
|
130 plan(skip_all => 'no TLS 1.3 sessions') |
f9718a0773b9
Tests: skip TLS 1.3 session reuse tests with older Perl modules.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1421
diff
changeset
|
131 if get('default', port(8080), get_ssl_context()) =~ /TLSv1.3/ |
f9718a0773b9
Tests: skip TLS 1.3 session reuse tests with older Perl modules.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1421
diff
changeset
|
132 && ($Net::SSLeay::VERSION < 1.88 || $IO::Socket::SSL::VERSION < 2.061); |
f9718a0773b9
Tests: skip TLS 1.3 session reuse tests with older Perl modules.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1421
diff
changeset
|
133 |
f9718a0773b9
Tests: skip TLS 1.3 session reuse tests with older Perl modules.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1421
diff
changeset
|
134 $t->plan(6); |
f9718a0773b9
Tests: skip TLS 1.3 session reuse tests with older Perl modules.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1421
diff
changeset
|
135 |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
136 ############################################################################### |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
137 |
752
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
138 # check that everything works fine with default server |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
139 |
752
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
140 my $ctx = get_ssl_context(); |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
141 |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
142 like(get('default', port(8080), $ctx), qr!default:\.!, 'default server'); |
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
143 like(get('default', port(8080), $ctx), qr!default:r!, 'default server reused'); |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
144 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
145 # check that sessions are still properly saved and restored |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
146 # when using an SNI-based virtual server with different session cache; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
147 # as session resumption happens before SNI, only default server |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
148 # settings are expected to matter |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
149 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
150 # this didn't work before nginx 1.9.6 (and caused segfaults if no session |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
151 # cache was configured the SNI-based virtual server), because OpenSSL, when |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
152 # creating new sessions, uses callbacks from the default server context, but |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
153 # provides access to the SNI-selected server context only (ticket #235) |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
154 |
752
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
155 $ctx = get_ssl_context(); |
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
156 |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
157 like(get('nocache', port(8080), $ctx), qr!nocache:\.!, 'without cache'); |
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
158 like(get('nocache', port(8080), $ctx), qr!nocache:r!, 'without cache reused'); |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
159 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
160 # make sure tickets can be used if an SNI-based virtual server |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
161 # uses a different set of session ticket keys explicitly set |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
162 |
752
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
163 $ctx = get_ssl_context(); |
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
164 |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
165 like(get('tickets', port(8081), $ctx), qr!tickets:\.!, 'tickets'); |
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
166 like(get('tickets', port(8081), $ctx), qr!tickets:r!, 'tickets reused'); |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
167 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
168 ############################################################################### |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
169 |
752
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
170 sub get_ssl_context { |
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
171 return IO::Socket::SSL::SSL_Context->new( |
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
172 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
173 SSL_session_cache_size => 100 |
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
174 ); |
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
175 } |
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
176 |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
177 sub get_ssl_socket { |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
178 my ($host, $port, $ctx) = @_; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
179 my $s; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
180 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
181 eval { |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
182 local $SIG{ALRM} = sub { die "timeout\n" }; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
183 local $SIG{PIPE} = sub { die "sigpipe\n" }; |
1421
4e48bf51714f
Tests: aligned various generic read timeouts to http_end().
Sergey Kandaurov <pluknet@nginx.com>
parents:
1407
diff
changeset
|
184 alarm(8); |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
185 $s = IO::Socket::SSL->new( |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
186 Proto => 'tcp', |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
187 PeerAddr => '127.0.0.1', |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
188 PeerPort => $port, |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
189 SSL_hostname => $host, |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
190 SSL_reuse_ctx => $ctx, |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
191 SSL_error_trap => sub { die $_[1] } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
192 ); |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
193 alarm(0); |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
194 }; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
195 alarm(0); |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
196 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
197 if ($@) { |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
198 log_in("died: $@"); |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
199 return undef; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
200 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
201 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
202 return $s; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
203 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
204 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
205 sub get { |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
206 my ($host, $port, $ctx) = @_; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
207 |
1132
3d312b6a1a19
Tests: avoid $ssl_session_reused tests failure with OpenSSL 1.1.0.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
208 my $s = get_ssl_socket($host, $port, $ctx) or return; |
3d312b6a1a19
Tests: avoid $ssl_session_reused tests failure with OpenSSL 1.1.0.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
209 my $r = http(<<EOF, socket => $s); |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
210 GET / HTTP/1.0 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
211 Host: $host |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
212 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
213 EOF |
1132
3d312b6a1a19
Tests: avoid $ssl_session_reused tests failure with OpenSSL 1.1.0.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
214 |
3d312b6a1a19
Tests: avoid $ssl_session_reused tests failure with OpenSSL 1.1.0.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
215 $s->close(); |
3d312b6a1a19
Tests: avoid $ssl_session_reused tests failure with OpenSSL 1.1.0.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
216 return $r; |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
217 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
218 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
219 ############################################################################### |