Mercurial > hg > nginx-tests
annotate ssl_sni_sessions.t @ 1233:4a57ca616f8e
Tests: skip ssl_sni_sessions.t on win32 prior to 1.13.5.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Mon, 23 Oct 2017 18:23:11 +0300 |
parents | 0af58b78df35 |
children | 97c8280de681 |
rev | line source |
---|---|
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
2 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
3 # (C) Maxim Dounin |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
4 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
5 # Tests for SSL session resumption with SNI. |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
6 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
7 ############################################################################### |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
8 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
9 use warnings; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
10 use strict; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
11 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
12 use Test::More; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
13 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
14 BEGIN { use FindBin; chdir($FindBin::Bin); } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
15 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
16 use lib 'lib'; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
17 use Test::Nginx; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
18 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
19 ############################################################################### |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
20 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
21 select STDERR; $| = 1; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
22 select STDOUT; $| = 1; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
23 |
1233
4a57ca616f8e
Tests: skip ssl_sni_sessions.t on win32 prior to 1.13.5.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1220
diff
changeset
|
24 my $t = Test::Nginx->new()->has(qw/http http_ssl sni rewrite/); |
4a57ca616f8e
Tests: skip ssl_sni_sessions.t on win32 prior to 1.13.5.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1220
diff
changeset
|
25 |
4a57ca616f8e
Tests: skip ssl_sni_sessions.t on win32 prior to 1.13.5.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1220
diff
changeset
|
26 plan(skip_all => 'win32') if $^O eq 'MSWin32' and !$t->has_version('1.13.5'); |
4a57ca616f8e
Tests: skip ssl_sni_sessions.t on win32 prior to 1.13.5.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1220
diff
changeset
|
27 |
4a57ca616f8e
Tests: skip ssl_sni_sessions.t on win32 prior to 1.13.5.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1220
diff
changeset
|
28 $t->has_daemon('openssl')->write_file_expand('nginx.conf', <<'EOF'); |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
29 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
30 %%TEST_GLOBALS%% |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
31 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
32 daemon off; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
33 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
34 events { |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
35 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
36 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
37 http { |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
38 %%TEST_GLOBALS_HTTP%% |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
39 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
40 ssl_certificate_key localhost.key; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
41 ssl_certificate localhost.crt; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
42 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
43 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
44 listen 127.0.0.1:8080 ssl; |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
45 server_name default; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
46 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
47 ssl_session_tickets off; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
48 ssl_session_cache shared:cache1:1m; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
49 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
50 location / { |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
51 return 200 $ssl_server_name:$ssl_session_reused; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
52 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
53 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
54 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
55 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
56 listen 127.0.0.1:8080; |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
57 server_name nocache; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
58 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
59 ssl_session_tickets off; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
60 ssl_session_cache shared:cache2:1m; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
61 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
62 location / { |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
63 return 200 $ssl_server_name:$ssl_session_reused; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
64 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
65 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
66 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
67 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
68 listen 127.0.0.1:8081 ssl; |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
69 server_name default; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
70 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
71 ssl_session_ticket_key ticket1.key; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
72 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
73 location / { |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
74 return 200 $ssl_server_name:$ssl_session_reused; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
75 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
76 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
77 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
78 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
79 listen 127.0.0.1:8081; |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
80 server_name tickets; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
81 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
82 ssl_session_ticket_key ticket2.key; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
83 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
84 location / { |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
85 return 200 $ssl_server_name:$ssl_session_reused; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
86 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
87 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
88 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
89 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
90 EOF |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
91 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
92 eval { require IO::Socket::SSL; die if $IO::Socket::SSL::VERSION < 1.56; }; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
93 plan(skip_all => 'IO::Socket::SSL version >= 1.56 required') if $@; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
94 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
95 eval { |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
96 if (IO::Socket::SSL->can('can_client_sni')) { |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
97 IO::Socket::SSL->can_client_sni() or die; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
98 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
99 }; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
100 plan(skip_all => 'IO::Socket::SSL with OpenSSL SNI support required') if $@; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
101 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
102 eval { |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
103 my $ctx = Net::SSLeay::CTX_new() or die; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
104 my $ssl = Net::SSLeay::new($ctx) or die; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
105 Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
106 }; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
107 plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
108 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
109 $t->plan(6); |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
110 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
111 $t->write_file('openssl.conf', <<EOF); |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
112 [ req ] |
1116
8ef51dbb5d69
Tests: reduced OpenSSL default key length to 1024.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
113 default_bits = 1024 |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
114 encrypt_key = no |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
115 distinguished_name = req_distinguished_name |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
116 [ req_distinguished_name ] |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
117 EOF |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
118 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
119 my $d = $t->testdir(); |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
120 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
121 foreach my $name ('localhost') { |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
122 system('openssl req -x509 -new ' |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1132
diff
changeset
|
123 . "-config $d/openssl.conf -subj /CN=$name/ " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1132
diff
changeset
|
124 . "-out $d/$name.crt -keyout $d/$name.key " |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
125 . ">>$d/openssl.out 2>&1") == 0 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
126 or die "Can't create certificate for $name: $!\n"; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
127 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
128 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
129 $t->write_file('ticket1.key', '1' x 48); |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
130 $t->write_file('ticket2.key', '2' x 48); |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
131 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
132 $t->run(); |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
133 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
134 ############################################################################### |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
135 |
752
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
136 # check that everything works fine with default server |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
137 |
752
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
138 my $ctx = get_ssl_context(); |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
139 |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
140 like(get('default', port(8080), $ctx), qr!default:\.!, 'default server'); |
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
141 like(get('default', port(8080), $ctx), qr!default:r!, 'default server reused'); |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
142 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
143 # check that sessions are still properly saved and restored |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
144 # when using an SNI-based virtual server with different session cache; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
145 # as session resumption happens before SNI, only default server |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
146 # settings are expected to matter |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
147 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
148 # this didn't work before nginx 1.9.6 (and caused segfaults if no session |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
149 # cache was configured the SNI-based virtual server), because OpenSSL, when |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
150 # creating new sessions, uses callbacks from the default server context, but |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
151 # provides access to the SNI-selected server context only (ticket #235) |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
152 |
752
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
153 $ctx = get_ssl_context(); |
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
154 |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
155 like(get('nocache', port(8080), $ctx), qr!nocache:\.!, 'without cache'); |
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
156 like(get('nocache', port(8080), $ctx), qr!nocache:r!, 'without cache reused'); |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
157 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
158 # make sure tickets can be used if an SNI-based virtual server |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
159 # uses a different set of session ticket keys explicitly set |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
160 |
752
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
161 $ctx = get_ssl_context(); |
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
162 |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
163 like(get('tickets', port(8081), $ctx), qr!tickets:\.!, 'tickets'); |
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
164 like(get('tickets', port(8081), $ctx), qr!tickets:r!, 'tickets reused'); |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
165 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
166 ############################################################################### |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
167 |
752
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
168 sub get_ssl_context { |
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
169 return IO::Socket::SSL::SSL_Context->new( |
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
170 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
171 SSL_session_cache_size => 100 |
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
172 ); |
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
173 } |
80e17d44088c
Tests: avoid using SSL_session_key.
Maxim Dounin <mdounin@mdounin.ru>
parents:
751
diff
changeset
|
174 |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
175 sub get_ssl_socket { |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
176 my ($host, $port, $ctx) = @_; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
177 my $s; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
178 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
179 eval { |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
180 local $SIG{ALRM} = sub { die "timeout\n" }; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
181 local $SIG{PIPE} = sub { die "sigpipe\n" }; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
182 alarm(2); |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
183 $s = IO::Socket::SSL->new( |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
184 Proto => 'tcp', |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
185 PeerAddr => '127.0.0.1', |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
186 PeerPort => $port, |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
187 SSL_hostname => $host, |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
188 SSL_reuse_ctx => $ctx, |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
189 SSL_error_trap => sub { die $_[1] } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
190 ); |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
191 alarm(0); |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
192 }; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
193 alarm(0); |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
194 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
195 if ($@) { |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
196 log_in("died: $@"); |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
197 return undef; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
198 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
199 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
200 return $s; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
201 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
202 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
203 sub get { |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
204 my ($host, $port, $ctx) = @_; |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
205 |
1132
3d312b6a1a19
Tests: avoid $ssl_session_reused tests failure with OpenSSL 1.1.0.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
206 my $s = get_ssl_socket($host, $port, $ctx) or return; |
3d312b6a1a19
Tests: avoid $ssl_session_reused tests failure with OpenSSL 1.1.0.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
207 my $r = http(<<EOF, socket => $s); |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
208 GET / HTTP/1.0 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
209 Host: $host |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
210 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
211 EOF |
1132
3d312b6a1a19
Tests: avoid $ssl_session_reused tests failure with OpenSSL 1.1.0.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
212 |
3d312b6a1a19
Tests: avoid $ssl_session_reused tests failure with OpenSSL 1.1.0.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
213 $s->close(); |
3d312b6a1a19
Tests: avoid $ssl_session_reused tests failure with OpenSSL 1.1.0.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
214 return $r; |
751
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
215 } |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
216 |
f17f83b3d8c9
Tests: session resumption with SNI.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
217 ############################################################################### |