[PATCH 2 of 5] Tests: relaxed SSL version used in testing
Maxim Dounin
mdounin at mdounin.ru
Wed May 1 01:53:08 UTC 2024
# HG changeset patch
# User Maxim Dounin <mdounin at mdounin.ru>
# Date 1714527724 -10800
# Wed May 01 04:42:04 2024 +0300
# Node ID f1b147125456b5904e9a8d080c338e0207602f16
# Parent 8566a3522573e6b59dea2995c2d1c4c4524ecc86
Tests: relaxed SSL version used in testing.
This ensures that tests can be properly run with old OpenSSL versions
when using recent versions of IO::Socket::SSL (which defaults to TLS 1.2+
starting with IO::Socket:SSL version 2.082, and therefore not compatible
with OpenSSL before 1.0.1).
diff --git a/h2_ssl.t b/h2_ssl.t
--- a/h2_ssl.t
+++ b/h2_ssl.t
@@ -154,6 +154,7 @@ sub get_ssl_socket {
Proto => 'tcp',
PeerAddr => '127.0.0.1',
PeerPort => port(8080),
+ SSL_version => 'SSLv23',
SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
SSL_alpn_protocols => $alpn,
SSL_error_trap => sub { die $_[1] }
diff --git a/h2_ssl_verify_client.t b/h2_ssl_verify_client.t
--- a/h2_ssl_verify_client.t
+++ b/h2_ssl_verify_client.t
@@ -112,6 +112,7 @@ sub get_ssl_socket {
Proto => 'tcp',
PeerAddr => '127.0.0.1',
PeerPort => port(8080),
+ SSL_version => 'SSLv23',
SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
SSL_alpn_protocols => [ 'h2' ],
SSL_hostname => $sni,
diff --git a/lib/Test/Nginx.pm b/lib/Test/Nginx.pm
--- a/lib/Test/Nginx.pm
+++ b/lib/Test/Nginx.pm
@@ -872,6 +872,7 @@ sub http_start($;%) {
require IO::Socket::SSL;
IO::Socket::SSL->start_SSL(
$s,
+ SSL_version => 'SSLv23',
SSL_verify_mode =>
IO::Socket::SSL::SSL_VERIFY_NONE(),
%extra
diff --git a/lib/Test/Nginx/HTTP2.pm b/lib/Test/Nginx/HTTP2.pm
--- a/lib/Test/Nginx/HTTP2.pm
+++ b/lib/Test/Nginx/HTTP2.pm
@@ -548,6 +548,7 @@ sub new_socket {
);
require IO::Socket::SSL if $extra{'SSL'};
IO::Socket::SSL->start_SSL($s,
+ SSL_version => 'SSLv23',
SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
SSL_npn_protocols => $npn ? [ $npn ] : undef,
SSL_alpn_protocols => $alpn ? [ $alpn ] : undef,
diff --git a/lib/Test/Nginx/IMAP.pm b/lib/Test/Nginx/IMAP.pm
--- a/lib/Test/Nginx/IMAP.pm
+++ b/lib/Test/Nginx/IMAP.pm
@@ -38,6 +38,7 @@ sub new {
require IO::Socket::SSL;
IO::Socket::SSL->start_SSL(
$self->{_socket},
+ SSL_version => 'SSLv23',
SSL_verify_mode =>
IO::Socket::SSL::SSL_VERIFY_NONE(),
@_
diff --git a/lib/Test/Nginx/POP3.pm b/lib/Test/Nginx/POP3.pm
--- a/lib/Test/Nginx/POP3.pm
+++ b/lib/Test/Nginx/POP3.pm
@@ -38,6 +38,7 @@ sub new {
require IO::Socket::SSL;
IO::Socket::SSL->start_SSL(
$self->{_socket},
+ SSL_version => 'SSLv23',
SSL_verify_mode =>
IO::Socket::SSL::SSL_VERIFY_NONE(),
@_
diff --git a/lib/Test/Nginx/SMTP.pm b/lib/Test/Nginx/SMTP.pm
--- a/lib/Test/Nginx/SMTP.pm
+++ b/lib/Test/Nginx/SMTP.pm
@@ -38,6 +38,7 @@ sub new {
require IO::Socket::SSL;
IO::Socket::SSL->start_SSL(
$self->{_socket},
+ SSL_version => 'SSLv23',
SSL_verify_mode =>
IO::Socket::SSL::SSL_VERIFY_NONE(),
@_
diff --git a/lib/Test/Nginx/Stream.pm b/lib/Test/Nginx/Stream.pm
--- a/lib/Test/Nginx/Stream.pm
+++ b/lib/Test/Nginx/Stream.pm
@@ -54,6 +54,7 @@ sub new {
require IO::Socket::SSL;
IO::Socket::SSL->start_SSL(
$self->{_socket},
+ SSL_version => 'SSLv23',
SSL_verify_mode =>
IO::Socket::SSL::SSL_VERIFY_NONE(),
@_
diff --git a/ssl.t b/ssl.t
--- a/ssl.t
+++ b/ssl.t
@@ -313,6 +313,7 @@ sub cert {
sub get_ssl_context {
return IO::Socket::SSL::SSL_Context->new(
+ SSL_version => 'SSLv23',
SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
SSL_session_cache_size => 100
);
diff --git a/ssl_proxy_upgrade.t b/ssl_proxy_upgrade.t
--- a/ssl_proxy_upgrade.t
+++ b/ssl_proxy_upgrade.t
@@ -170,6 +170,7 @@ sub upgrade_connect {
my $s = IO::Socket::SSL->new(
Proto => 'tcp',
PeerAddr => '127.0.0.1:' . port(8080),
+ SSL_version => 'SSLv23',
SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
)
or die "Can't connect to nginx: $!\n";
diff --git a/ssl_sni.t b/ssl_sni.t
--- a/ssl_sni.t
+++ b/ssl_sni.t
@@ -116,6 +116,7 @@ like(get_host('example.org', 'example.co
# $ssl_server_name in sessions
my $ctx = new IO::Socket::SSL::SSL_Context(
+ SSL_version => 'SSLv23',
SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
SSL_session_cache_size => 100);
diff --git a/ssl_sni_sessions.t b/ssl_sni_sessions.t
--- a/ssl_sni_sessions.t
+++ b/ssl_sni_sessions.t
@@ -157,6 +157,7 @@ like(get('tickets', 8444, $ctx), qr!tick
sub get_ssl_context {
return IO::Socket::SSL::SSL_Context->new(
+ SSL_version => 'SSLv23',
SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
SSL_session_cache_size => 100
);
diff --git a/stream_proxy_protocol_ssl.t b/stream_proxy_protocol_ssl.t
--- a/stream_proxy_protocol_ssl.t
+++ b/stream_proxy_protocol_ssl.t
@@ -152,6 +152,7 @@ sub stream_daemon_ssl {
eval {
IO::Socket::SSL->start_SSL($client,
SSL_server => 1,
+ SSL_version => 'SSLv23',
SSL_cert_file => "$d/localhost.crt",
SSL_key_file => "$d/localhost.key",
SSL_error_trap => sub { die $_[1] }
diff --git a/stream_ssl_realip.t b/stream_ssl_realip.t
--- a/stream_ssl_realip.t
+++ b/stream_ssl_realip.t
@@ -133,6 +133,7 @@ sub pp_get {
local $SIG{PIPE} = sub { die "sigpipe\n" };
alarm(8);
IO::Socket::SSL->start_SSL($s,
+ SSL_version => 'SSLv23',
SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
SSL_error_trap => sub { die $_[1] }
);
More information about the nginx-devel
mailing list