Mercurial > hg > nginx-tests
changeset 1849:72d206b37df1
Tests: fixed upstream zone ssl tests with LibreSSL and TLSv1.3.
LibreSSL does not support session reuse with TLSv1.3.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 23 Mar 2023 19:50:30 +0300 |
parents | 727741cdff74 |
children | 2a7fc70900a5 |
files | stream_upstream_zone_ssl.t upstream_zone_ssl.t |
diffstat | 2 files changed, 54 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/stream_upstream_zone_ssl.t Thu Mar 23 19:50:29 2023 +0300 +++ b/stream_upstream_zone_ssl.t Thu Mar 23 19:50:30 2023 +0300 @@ -82,6 +82,19 @@ ssl_certificate localhost.crt; ssl_session_cache builtin; } + + server { + listen 127.0.0.1:8085; + proxy_pass 127.0.0.1:8086; + } + + server { + listen 127.0.0.1:8086 ssl; + return $ssl_protocol; + + ssl_certificate_key localhost.key; + ssl_certificate localhost.crt; + } } EOF @@ -112,13 +125,33 @@ is(stream('127.0.0.1:' . port(8080))->read(), '.', 'ssl 2'); is(stream('127.0.0.1:' . port(8081))->read(), '.', 'ssl session new'); + +TODO: { +local $TODO = 'no TLSv1.3 sessions in LibreSSL' + if $t->has_module('LibreSSL') and test_tls13(); + is(stream('127.0.0.1:' . port(8081))->read(), 'r', 'ssl session reused'); is(stream('127.0.0.1:' . port(8081))->read(), 'r', 'ssl session reused 2'); +} + is(stream('127.0.0.1:' . port(8082))->read(), '.', 'backup ssl'); is(stream('127.0.0.1:' . port(8082))->read(), '.', 'backup ssl 2'); is(stream('127.0.0.1:' . port(8083))->read(), '.', 'backup ssl session new'); + +TODO: { +local $TODO = 'no TLSv1.3 sessions in LibreSSL' + if $t->has_module('LibreSSL') and test_tls13(); + is(stream('127.0.0.1:' . port(8083))->read(), 'r', 'backup ssl session reused'); +} + ############################################################################### + +sub test_tls13 { + stream('127.0.0.1:' . port(8085))->read() =~ /TLSv1.3/; +} + +###############################################################################
--- a/upstream_zone_ssl.t Thu Mar 23 19:50:29 2023 +0300 +++ b/upstream_zone_ssl.t Thu Mar 23 19:50:30 2023 +0300 @@ -56,6 +56,7 @@ location / { add_header X-Session $ssl_session_reused; + add_header X-Protocol $ssl_protocol; } } @@ -114,12 +115,32 @@ like(http_get('/ssl'), qr/200 OK.*X-Session: \./s, 'ssl'); like(http_get('/ssl'), qr/200 OK.*X-Session: \./s, 'ssl 2'); like(http_get('/ssl_reuse'), qr/200 OK.*X-Session: \./s, 'ssl session new'); + +TODO: { +local $TODO = 'no TLSv1.3 sessions in LibreSSL' + if $t->has_module('LibreSSL') and test_tls13(); + like(http_get('/ssl_reuse'), qr/200 OK.*X-Session: r/s, 'ssl session reused'); like(http_get('/ssl_reuse'), qr/200 OK.*X-Session: r/s, 'ssl session reused 2'); +} + like(http_get('/backup'), qr/200 OK.*X-Session: \./s, 'backup'); like(http_get('/backup'), qr/200 OK.*X-Session: \./s, 'backup 2'); like(http_get('/backup_reuse'), qr/200 OK.*X-Session: \./s, 'backup new'); + +TODO: { +local $TODO = 'no TLSv1.3 sessions in LibreSSL' + if $t->has_module('LibreSSL') and test_tls13(); + like(http_get('/backup_reuse'), qr/200 OK.*X-Session: r/s, 'backup reused'); +} + ############################################################################### + +sub test_tls13 { + http_get('/ssl') =~ /TLSv1.3/; +} + +###############################################################################