Mercurial > hg > nginx-tests
annotate h3_ssl_early_data.t @ 1948:78452573505c
Tests: improved server tokens tests to accept alternative names.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 20 Feb 2024 20:10:15 +0300 |
parents | 22f45bf99a9e |
children |
rev | line source |
---|---|
1917
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for TLS early data with HTTP/3. |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 use Test::Nginx::HTTP3; |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 ############################################################################### |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDERR; $| = 1; |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 select STDOUT; $| = 1; |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 my $t = Test::Nginx->new()->has(qw/http http_v3 cryptx/) |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 ->has_daemon('openssl')->plan(5) |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 ->write_file_expand('nginx.conf', <<'EOF'); |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 %%TEST_GLOBALS%% |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 daemon off; |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 events { |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 } |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 http { |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 %%TEST_GLOBALS_HTTP%% |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 ssl_certificate_key localhost.key; |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 ssl_certificate localhost.crt; |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 ssl_early_data on; |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 add_header X-Session $ssl_session_reused always; |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 add_header X-Early $ssl_early_data always; |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 server { |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 listen 127.0.0.1:%%PORT_8980_UDP%% quic; |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 server_name localhost; |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 } |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 } |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 EOF |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 $t->write_file('openssl.conf', <<EOF); |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 [ req ] |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 default_bits = 2048 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 encrypt_key = no |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 distinguished_name = req_distinguished_name |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 [ req_distinguished_name ] |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 EOF |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 my $d = $t->testdir(); |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 foreach my $name ('localhost') { |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 system('openssl req -x509 -new ' |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 . "-config $d/openssl.conf -subj /CN=$name/ " |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 . "-out $d/$name.crt -keyout $d/$name.key " |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 . ">>$d/openssl.out 2>&1") == 0 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 or die "Can't create certificate for $name: $!\n"; |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 } |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 $t->run(); |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 ############################################################################### |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 my $s = Test::Nginx::HTTP3->new(8980); |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 my $frames = $s->read(all => [{ sid => $s->new_stream(), fin => 1 }]); |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 my ($frame) = grep { $_->{type} eq "HEADERS" } @$frames; |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 is($frame->{headers}->{'x-session'}, '.', 'new session'); |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 local $TODO = 'no TLSv1.3 sessions in LibreSSL' if $t->has_module('LibreSSL'); |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 my $psk_list = $s->{psk_list}; |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 $s = Test::Nginx::HTTP3->new(8980, psk_list => $psk_list, early_data => {}); |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 TODO: { |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 local $TODO = 'no 0-RTT in OpenSSL compat layer' |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 unless $t->has_module('OpenSSL [.0-9]+\+quic') |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 or $t->has_module('BoringSSL') |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 or $t->has_module('LibreSSL'); |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 $frames = $s->read(all => [{ sid => 0, fin => 1 }]); |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 ($frame) = grep { $_->{type} eq "HEADERS" } @$frames; |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 is($frame->{headers}->{'x-session'}, 'r', 'reused session 0rtt'); |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 is($frame->{headers}->{'x-early'}, '1', 'reused session is early'); |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 } |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 $frames = $s->read(all => [{ sid => $s->new_stream(), fin => 1 }]); |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 ($frame) = grep { $_->{type} eq "HEADERS" } @$frames; |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 is($frame->{headers}->{'x-session'}, 'r', 'reused session 1rtt'); |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 is($frame->{headers}->{'x-early'}, undef, 'reused session not early'); |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 |
24fea64f233f
Tests: TLS early data tests with HTTP/3.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 ############################################################################### |