[nginx-tests] Tests: relaxed SSL version used in testing.
Maxim Dounin
mdounin at mdounin.ru
Sun May 5 21:05:01 UTC 2024
details: http://freenginx.org/hg/nginx-tests/rev/6d3a8f4eb9b2
branches:
changeset: 1970:6d3a8f4eb9b2
user: Maxim Dounin <mdounin at mdounin.ru>
date: Mon May 06 00:03:13 2024 +0300
description:
Tests: relaxed SSL version used in testing.
This ensures that tests can be properly run with old OpenSSL versions
when using recent versions of IO::Socket::SSL (which defaults to TLS 1.2+
starting with IO::Socket:SSL version 2.082, and therefore not compatible
with OpenSSL before 1.0.1).
diffstat:
h2_ssl.t | 1 +
h2_ssl_verify_client.t | 1 +
lib/Test/Nginx.pm | 1 +
lib/Test/Nginx/HTTP2.pm | 1 +
lib/Test/Nginx/IMAP.pm | 1 +
lib/Test/Nginx/POP3.pm | 1 +
lib/Test/Nginx/SMTP.pm | 1 +
lib/Test/Nginx/Stream.pm | 1 +
ssl.t | 1 +
ssl_proxy_upgrade.t | 1 +
ssl_sni.t | 1 +
ssl_sni_sessions.t | 1 +
stream_proxy_protocol_ssl.t | 1 +
stream_ssl_realip.t | 1 +
14 files changed, 14 insertions(+), 0 deletions(-)
diffs (154 lines):
diff --git a/h2_ssl.t b/h2_ssl.t
--- a/h2_ssl.t
+++ b/h2_ssl.t
@@ -154,6 +154,7 @@ sub get_ssl_socket {
Proto => 'tcp',
PeerAddr => '127.0.0.1',
PeerPort => port(8080),
+ SSL_version => 'SSLv23',
SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
SSL_alpn_protocols => $alpn,
SSL_error_trap => sub { die $_[1] }
diff --git a/h2_ssl_verify_client.t b/h2_ssl_verify_client.t
--- a/h2_ssl_verify_client.t
+++ b/h2_ssl_verify_client.t
@@ -112,6 +112,7 @@ sub get_ssl_socket {
Proto => 'tcp',
PeerAddr => '127.0.0.1',
PeerPort => port(8080),
+ SSL_version => 'SSLv23',
SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
SSL_alpn_protocols => [ 'h2' ],
SSL_hostname => $sni,
diff --git a/lib/Test/Nginx.pm b/lib/Test/Nginx.pm
--- a/lib/Test/Nginx.pm
+++ b/lib/Test/Nginx.pm
@@ -872,6 +872,7 @@ sub http_start($;%) {
require IO::Socket::SSL;
IO::Socket::SSL->start_SSL(
$s,
+ SSL_version => 'SSLv23',
SSL_verify_mode =>
IO::Socket::SSL::SSL_VERIFY_NONE(),
%extra
diff --git a/lib/Test/Nginx/HTTP2.pm b/lib/Test/Nginx/HTTP2.pm
--- a/lib/Test/Nginx/HTTP2.pm
+++ b/lib/Test/Nginx/HTTP2.pm
@@ -548,6 +548,7 @@ sub new_socket {
);
require IO::Socket::SSL if $extra{'SSL'};
IO::Socket::SSL->start_SSL($s,
+ SSL_version => 'SSLv23',
SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
SSL_npn_protocols => $npn ? [ $npn ] : undef,
SSL_alpn_protocols => $alpn ? [ $alpn ] : undef,
diff --git a/lib/Test/Nginx/IMAP.pm b/lib/Test/Nginx/IMAP.pm
--- a/lib/Test/Nginx/IMAP.pm
+++ b/lib/Test/Nginx/IMAP.pm
@@ -38,6 +38,7 @@ sub new {
require IO::Socket::SSL;
IO::Socket::SSL->start_SSL(
$self->{_socket},
+ SSL_version => 'SSLv23',
SSL_verify_mode =>
IO::Socket::SSL::SSL_VERIFY_NONE(),
@_
diff --git a/lib/Test/Nginx/POP3.pm b/lib/Test/Nginx/POP3.pm
--- a/lib/Test/Nginx/POP3.pm
+++ b/lib/Test/Nginx/POP3.pm
@@ -38,6 +38,7 @@ sub new {
require IO::Socket::SSL;
IO::Socket::SSL->start_SSL(
$self->{_socket},
+ SSL_version => 'SSLv23',
SSL_verify_mode =>
IO::Socket::SSL::SSL_VERIFY_NONE(),
@_
diff --git a/lib/Test/Nginx/SMTP.pm b/lib/Test/Nginx/SMTP.pm
--- a/lib/Test/Nginx/SMTP.pm
+++ b/lib/Test/Nginx/SMTP.pm
@@ -38,6 +38,7 @@ sub new {
require IO::Socket::SSL;
IO::Socket::SSL->start_SSL(
$self->{_socket},
+ SSL_version => 'SSLv23',
SSL_verify_mode =>
IO::Socket::SSL::SSL_VERIFY_NONE(),
@_
diff --git a/lib/Test/Nginx/Stream.pm b/lib/Test/Nginx/Stream.pm
--- a/lib/Test/Nginx/Stream.pm
+++ b/lib/Test/Nginx/Stream.pm
@@ -54,6 +54,7 @@ sub new {
require IO::Socket::SSL;
IO::Socket::SSL->start_SSL(
$self->{_socket},
+ SSL_version => 'SSLv23',
SSL_verify_mode =>
IO::Socket::SSL::SSL_VERIFY_NONE(),
@_
diff --git a/ssl.t b/ssl.t
--- a/ssl.t
+++ b/ssl.t
@@ -315,6 +315,7 @@ sub cert {
sub get_ssl_context {
return IO::Socket::SSL::SSL_Context->new(
+ SSL_version => 'SSLv23',
SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
SSL_session_cache_size => 100
);
diff --git a/ssl_proxy_upgrade.t b/ssl_proxy_upgrade.t
--- a/ssl_proxy_upgrade.t
+++ b/ssl_proxy_upgrade.t
@@ -170,6 +170,7 @@ sub upgrade_connect {
my $s = IO::Socket::SSL->new(
Proto => 'tcp',
PeerAddr => '127.0.0.1:' . port(8080),
+ SSL_version => 'SSLv23',
SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
)
or die "Can't connect to nginx: $!\n";
diff --git a/ssl_sni.t b/ssl_sni.t
--- a/ssl_sni.t
+++ b/ssl_sni.t
@@ -116,6 +116,7 @@ like(get_host('example.org', 'example.co
# $ssl_server_name in sessions
my $ctx = new IO::Socket::SSL::SSL_Context(
+ SSL_version => 'SSLv23',
SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
SSL_session_cache_size => 100);
diff --git a/ssl_sni_sessions.t b/ssl_sni_sessions.t
--- a/ssl_sni_sessions.t
+++ b/ssl_sni_sessions.t
@@ -159,6 +159,7 @@ like(get('tickets', 8444, $ctx), qr!tick
sub get_ssl_context {
return IO::Socket::SSL::SSL_Context->new(
+ SSL_version => 'SSLv23',
SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
SSL_session_cache_size => 100
);
diff --git a/stream_proxy_protocol_ssl.t b/stream_proxy_protocol_ssl.t
--- a/stream_proxy_protocol_ssl.t
+++ b/stream_proxy_protocol_ssl.t
@@ -152,6 +152,7 @@ sub stream_daemon_ssl {
eval {
IO::Socket::SSL->start_SSL($client,
SSL_server => 1,
+ SSL_version => 'SSLv23',
SSL_cert_file => "$d/localhost.crt",
SSL_key_file => "$d/localhost.key",
SSL_error_trap => sub { die $_[1] }
diff --git a/stream_ssl_realip.t b/stream_ssl_realip.t
--- a/stream_ssl_realip.t
+++ b/stream_ssl_realip.t
@@ -133,6 +133,7 @@ sub pp_get {
local $SIG{PIPE} = sub { die "sigpipe\n" };
alarm(8);
IO::Socket::SSL->start_SSL($s,
+ SSL_version => 'SSLv23',
SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
SSL_error_trap => sub { die $_[1] }
);
More information about the nginx-devel
mailing list