[nginx-tests] Tests: session reuse handling with Net::SSLeay wit...
Maxim Dounin
mdounin at mdounin.ru
Sun May 5 21:02:55 UTC 2024
details: http://freenginx.org/hg/nginx-tests/rev/c924ae8d7104
branches:
changeset: 1966:c924ae8d7104
user: Maxim Dounin <mdounin at mdounin.ru>
date: Mon May 06 00:01:46 2024 +0300
description:
Tests: session reuse handling with Net::SSLeay with LibreSSL.
LibreSSL does not support session reuse with TLSv1.3, and this causes
various test failures if Net::SSLeay is compiled with LibreSSL. Notably,
this affects macOS, where Net::SSLeay compiled with LibreSSL is shipped
with the OS.
Fix is to mark relevant tests as TODO if Net::SSLeay is compiled with
LibreSSL, similarly to what we already do for LibreSSL on the server side.
diffstat:
mail_ssl_session_reuse.t | 2 ++
ssl.t | 2 ++
ssl_certificate.t | 2 ++
ssl_ocsp.t | 4 ++++
ssl_session_reuse.t | 2 ++
ssl_session_ticket_key.t | 2 ++
ssl_sni.t | 2 ++
ssl_sni_sessions.t | 2 ++
stream_ssl_certificate.t | 2 ++
stream_ssl_session_reuse.t | 2 ++
stream_ssl_variables.t | 2 ++
11 files changed, 24 insertions(+), 0 deletions(-)
diffs (141 lines):
diff --git a/mail_ssl_session_reuse.t b/mail_ssl_session_reuse.t
--- a/mail_ssl_session_reuse.t
+++ b/mail_ssl_session_reuse.t
@@ -140,6 +140,8 @@ local $TODO = 'no TLSv1.3 sessions, old
if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
local $TODO = 'no TLSv1.3 sessions in LibreSSL'
if $t->has_module('LibreSSL') && test_tls13();
+local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)'
+ if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13();
is(test_reuse(8993), 1, 'tickets reused');
is(test_reuse(8994), 1, 'tickets and cache reused');
diff --git a/ssl.t b/ssl.t
--- a/ssl.t
+++ b/ssl.t
@@ -186,6 +186,8 @@ local $TODO = 'no TLSv1.3 sessions, old
if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
local $TODO = 'no TLSv1.3 sessions in LibreSSL'
if $t->has_module('LibreSSL') && test_tls13();
+local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)'
+ if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13();
like(get('/', 8085, $ctx), qr/^body r$/m, 'session reused');
diff --git a/ssl_certificate.t b/ssl_certificate.t
--- a/ssl_certificate.t
+++ b/ssl_certificate.t
@@ -171,6 +171,8 @@ local $TODO = 'no TLSv1.3 sessions, old
if $Net::SSLeay::VERSION < 1.88 && test_tls13();
local $TODO = 'no TLSv1.3 sessions, old IO::Socket::SSL'
if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
+local $TODO = 'not TLSv1.3 sessions in Net::SSLeay (LibreSSL)'
+ if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13();
like(get('default', 8080, $s), qr/default:r/, 'session reused');
diff --git a/ssl_ocsp.t b/ssl_ocsp.t
--- a/ssl_ocsp.t
+++ b/ssl_ocsp.t
@@ -361,6 +361,8 @@ local $TODO = 'no TLSv1.3 sessions, old
if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
local $TODO = 'no TLSv1.3 sessions in LibreSSL'
if $t->has_module('LibreSSL') && test_tls13();
+local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)'
+ if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13();
like(get('ec-end', ses => $s),
qr/200 OK.*SUCCESS:r/s, 'session reused');
@@ -393,6 +395,8 @@ local $TODO = 'no TLSv1.3 sessions, old
if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
local $TODO = 'no TLSv1.3 sessions in LibreSSL'
if $t->has_module('LibreSSL') && test_tls13();
+local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)'
+ if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13();
like(get('ec-end', ses => $s),
qr/400 Bad.*FAILED:certificate revoked:r/s, 'session reused - revoked');
diff --git a/ssl_session_reuse.t b/ssl_session_reuse.t
--- a/ssl_session_reuse.t
+++ b/ssl_session_reuse.t
@@ -167,6 +167,8 @@ local $TODO = 'no TLSv1.3 sessions, old
if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
local $TODO = 'no TLSv1.3 sessions in LibreSSL'
if $t->has_module('LibreSSL') && test_tls13();
+local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)'
+ if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13();
is(test_reuse(8443), 1, 'tickets reused');
is(test_reuse(8444), 1, 'tickets and cache reused');
diff --git a/ssl_session_ticket_key.t b/ssl_session_ticket_key.t
--- a/ssl_session_ticket_key.t
+++ b/ssl_session_ticket_key.t
@@ -105,6 +105,8 @@ local $TODO = 'no TLSv1.3 sessions, old
if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
local $TODO = 'no TLSv1.3 sessions in LibreSSL'
if $t->has_module('LibreSSL') && test_tls13();
+local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)'
+ if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13();
cmp_ok(get_ticket_key_name(), 'ne', $key, 'ticket key next');
diff --git a/ssl_sni.t b/ssl_sni.t
--- a/ssl_sni.t
+++ b/ssl_sni.t
@@ -128,6 +128,8 @@ local $TODO = 'no TLSv1.3 sessions, old
if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
local $TODO = 'no TLSv1.3 sessions in LibreSSL'
if $t->has_module('LibreSSL') && test_tls13();
+local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)'
+ if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13();
like(get('/name', 'localhost', $ctx), qr/^r:localhost$/m,
'ssl server name - reused');
diff --git a/ssl_sni_sessions.t b/ssl_sni_sessions.t
--- a/ssl_sni_sessions.t
+++ b/ssl_sni_sessions.t
@@ -116,6 +116,8 @@ plan(skip_all => 'no TLSv1.3 sessions, o
if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
plan(skip_all => 'no TLSv1.3 sessions in LibreSSL')
if $t->has_module('LibreSSL') && test_tls13();
+plan(skip_all => 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)')
+ if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13();
plan(skip_all => 'no TLS 1.3 session cache in BoringSSL')
if $t->has_module('BoringSSL') && test_tls13();
diff --git a/stream_ssl_certificate.t b/stream_ssl_certificate.t
--- a/stream_ssl_certificate.t
+++ b/stream_ssl_certificate.t
@@ -148,6 +148,8 @@ local $TODO = 'no TLSv1.3 sessions, old
if $Net::SSLeay::VERSION < 1.88 && test_tls13();
local $TODO = 'no TLSv1.3 sessions, old IO::Socket::SSL'
if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
+local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)'
+ if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13();
like(get('default', 8080, $s), qr/default:r/, 'session reused');
diff --git a/stream_ssl_session_reuse.t b/stream_ssl_session_reuse.t
--- a/stream_ssl_session_reuse.t
+++ b/stream_ssl_session_reuse.t
@@ -144,6 +144,8 @@ local $TODO = 'no TLSv1.3 sessions, old
if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
local $TODO = 'no TLSv1.3 sessions in LibreSSL'
if $t->has_module('LibreSSL') && test_tls13();
+local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)'
+ if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13();
is(test_reuse(8443), 1, 'tickets reused');
is(test_reuse(8444), 1, 'tickets and cache reused');
diff --git a/stream_ssl_variables.t b/stream_ssl_variables.t
--- a/stream_ssl_variables.t
+++ b/stream_ssl_variables.t
@@ -98,6 +98,8 @@ local $TODO = 'no TLSv1.3 sessions, old
if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
local $TODO = 'no TLSv1.3 sessions in LibreSSL'
if $t->has_module('LibreSSL') && test_tls13();
+local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)'
+ if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13();
$s = stream(
PeerAddr => '127.0.0.1:' . port(8443),
More information about the nginx-devel
mailing list