Mercurial > hg > nginx-tests
annotate ssl_session_ticket_key.t @ 1993:6b1222de8286
Tests: fixed prerequisites for regular expressions in maps.
Regular expressions in maps are only recognized when nginx is compiled
with the PCRE library. The simplest way to make sure it is the case
is to require the rewrite module, which cannot be compiled in without
the PCRE library.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 01 Aug 2024 10:37:20 +0300 |
parents | a095b971fbcc |
children |
rev | line source |
---|---|
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for rotation of SSL session ticket keys. |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
18 use Test::Nginx qw/ :DEFAULT http_end /; |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 ############################################################################### |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 select STDERR; $| = 1; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDOUT; $| = 1; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
25 eval { require Net::SSLeay; die if $Net::SSLeay::VERSION < 1.86; }; |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 plan(skip_all => 'Net::SSLeay version => 1.86 required') if $@; |
1869
5c50786e5da9
Tests: unbreak ssl_session_ticket_key.t with old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1865
diff
changeset
|
27 eval { require IO::Socket::SSL; die if $IO::Socket::SSL::VERSION < 2.030; }; |
5c50786e5da9
Tests: unbreak ssl_session_ticket_key.t with old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1865
diff
changeset
|
28 plan(skip_all => 'IO::Socket::SSL version => 2.030 required') if $@; |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 |
1971
ab45ee8011df
Tests: guarded session ticket tests for old OpenSSL versions.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1966
diff
changeset
|
30 my $t = Test::Nginx->new()->has(qw/http http_ssl tickets socket_ssl/) |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
31 ->has_daemon('openssl')->plan(2) |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
32 ->write_file_expand('nginx.conf', <<'EOF'); |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 %%TEST_GLOBALS%% |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 daemon off; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 worker_processes 2; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 events { |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 } |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 http { |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 %%TEST_GLOBALS_HTTP%% |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 ssl_certificate_key localhost.key; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 ssl_certificate localhost.crt; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
48 add_header X-SSL-Protocol $ssl_protocol; |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
49 |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 server { |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
51 listen 127.0.0.1:8443 ssl; |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 server_name localhost; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 ssl_session_cache shared:SSL:1m; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 ssl_session_timeout 2; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 } |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 } |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 EOF |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 $t->write_file('openssl.conf', <<EOF); |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 [ req ] |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 default_bits = 2048 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 encrypt_key = no |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 distinguished_name = req_distinguished_name |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 [ req_distinguished_name ] |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 EOF |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 my $d = $t->testdir(); |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 foreach my $name ('localhost') { |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 system('openssl req -x509 -new ' |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 . "-config $d/openssl.conf -subj /CN=$name/ " |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 . "-out $d/$name.crt -keyout $d/$name.key " |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 . ">>$d/openssl.out 2>&1") == 0 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 or die "Can't create certificate for $name: $!\n"; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 } |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
79 $t->write_file('index.html', ''); |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
80 |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 $t->run(); |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 ############################################################################### |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 # the test uses multiple worker processes to check shared tickey key rotation |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 # |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 # before 1.23.2, any test can fail depending on which worker served connection: |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 # the 1st test fails if served by another worker, because keys aren't shared |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 # the 2nd test fails if served by the same worker due to the lack of rotation |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 # |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 # with a single worker process it is only the 2nd test that fails |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 my $key = get_ticket_key_name(); |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 select undef, undef, undef, 0.5; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 is(get_ticket_key_name(), $key, 'ticket key match'); |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 select undef, undef, undef, 2.5; |
1840
0381a0a212e1
Tests: fixed ssl_session_ticket_key.t with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1816
diff
changeset
|
99 |
1971
ab45ee8011df
Tests: guarded session ticket tests for old OpenSSL versions.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1966
diff
changeset
|
100 local $TODO = 'no ticket key callback' |
ab45ee8011df
Tests: guarded session ticket tests for old OpenSSL versions.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1966
diff
changeset
|
101 if $t->has_module('OpenSSL') and not $t->has_feature('openssl:0.9.8h'); |
1869
5c50786e5da9
Tests: unbreak ssl_session_ticket_key.t with old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1865
diff
changeset
|
102 local $TODO = 'no TLSv1.3 sessions, old Net::SSLeay' |
5c50786e5da9
Tests: unbreak ssl_session_ticket_key.t with old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1865
diff
changeset
|
103 if $Net::SSLeay::VERSION < 1.88 && test_tls13(); |
5c50786e5da9
Tests: unbreak ssl_session_ticket_key.t with old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1865
diff
changeset
|
104 local $TODO = 'no TLSv1.3 sessions, old IO::Socket::SSL' |
5c50786e5da9
Tests: unbreak ssl_session_ticket_key.t with old IO::Socket::SSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1865
diff
changeset
|
105 if $IO::Socket::SSL::VERSION < 2.061 && test_tls13(); |
1840
0381a0a212e1
Tests: fixed ssl_session_ticket_key.t with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1816
diff
changeset
|
106 local $TODO = 'no TLSv1.3 sessions in LibreSSL' |
0381a0a212e1
Tests: fixed ssl_session_ticket_key.t with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1816
diff
changeset
|
107 if $t->has_module('LibreSSL') && test_tls13(); |
1966
c924ae8d7104
Tests: session reuse handling with Net::SSLeay with LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1869
diff
changeset
|
108 local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)' |
c924ae8d7104
Tests: session reuse handling with Net::SSLeay with LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1869
diff
changeset
|
109 if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13(); |
1840
0381a0a212e1
Tests: fixed ssl_session_ticket_key.t with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1816
diff
changeset
|
110 |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 cmp_ok(get_ticket_key_name(), 'ne', $key, 'ticket key next'); |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 ############################################################################### |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 sub get_ticket_key_name { |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
116 my $asn = get_ssl_session(); |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 my $any = qr/[\x00-\xff]/; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 next: |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 # tag(10) | len{2} | OCTETSTRING(4) | len{2} | ticket(key_name|..) |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 $asn =~ /\xaa\x81($any)\x04\x81($any)($any{16})/g; |
1840
0381a0a212e1
Tests: fixed ssl_session_ticket_key.t with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1816
diff
changeset
|
121 return '' if !defined $3; |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 goto next if unpack("C", $1) - unpack("C", $2) != 3; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 my $key = unpack "H*", $3; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 Test::Nginx::log_core('||', "ticket key: $key"); |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 return $key; |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 } |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 sub get_ssl_session { |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
129 my $cache = IO::Socket::SSL::Session_Cache->new(100); |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
131 my $s = http_get( |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
132 '/', start => 1, |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
133 SSL => 1, |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
134 SSL_session_cache => $cache, |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
135 SSL_session_key => 1 |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
136 ); |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
137 |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
138 return unless $s; |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
139 http_end($s); |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
140 |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
141 my $sess = $cache->get_session(1); |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
142 return '' unless defined $sess; |
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
143 return Net::SSLeay::i2d_SSL_SESSION($sess); |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
144 } |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
145 |
1840
0381a0a212e1
Tests: fixed ssl_session_ticket_key.t with LibreSSL and TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1816
diff
changeset
|
146 sub test_tls13 { |
1865
0e1865aa9b33
Tests: reworked http SSL tests to use IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1840
diff
changeset
|
147 return http_get('/', SSL => 1) =~ /TLSv1.3/; |
1816
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
148 } |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
149 |
5817625792bd
Tests: ssl session ticket key rotation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
150 ############################################################################### |