> On 18 Mar 2023, at 18:14, Maxim Dounin <mdounin@mdounin.ru> wrote:
>
> # HG changeset patch
> # User Maxim Dounin <mdounin@mdounin.ru>
> # Date 1679107816 -10800
> # Sat Mar 18 05:50:16 2023 +0300
> # Node ID 97b09b6633f69747c0d6ef13c76739bdd6b7f3bb
> # Parent 125fb8461d88a81a62ccb40d0e205a01ecc759f5
> Tests: separate SSL session reuse tests in mail.
>
> Instead of being mixed with generic SSL tests, session reuse variants
> are now tested in a separate file.
>
> diff --git a/mail_ssl.t b/mail_ssl.t
> --- a/mail_ssl.t
> +++ b/mail_ssl.t
> @@ -37,7 +37,7 @@ eval { exists &Net::SSLeay::P_alpn_selec
> plan(skip_all => 'Net::SSLeay with OpenSSL ALPN support required') if $@;
>
> my $t = Test::Nginx->new()->has(qw/mail mail_ssl imap pop3 smtp/)
> - ->has_daemon('openssl')->plan(22);
> + ->has_daemon('openssl')->plan(18);
>
> $t->write_file_expand('nginx.conf', <<'EOF');
>
> @@ -51,44 +51,25 @@ events {
> mail {
> ssl_certificate_key localhost.key;
> ssl_certificate localhost.crt;
> - ssl_session_tickets off;
>
> ssl_password_file password;
>
> auth_http http://127.0.0.1:8080; # unused
>
> - ssl_session_cache none;
> -
> server {
> listen 127.0.0.1:8143;
> listen 127.0.0.1:8145 ssl;
> protocol imap;
> -
> - ssl_session_cache builtin;
> }
>
> server {
> - listen 127.0.0.1:8146 ssl;
> - protocol imap;
> -
> - ssl_session_cache off;
> - }
> -
> - server {
> - listen 127.0.0.1:8147;
> + listen 127.0.0.1:8148;
> protocol imap;
>
> # Special case for enabled "ssl" directive.
>
> ssl on;
> - ssl_session_cache builtin:1000;
> - }
>
> - server {
> - listen 127.0.0.1:8148 ssl;
> - protocol imap;
> -
> - ssl_session_cache shared:SSL:1m;
> ssl_certificate_key inherits.key;
> ssl_certificate inherits.crt;
> }
> @@ -169,46 +150,16 @@ open STDERR, ">&", \*OLDERR;
>
> ###############################################################################
>
> +my ($s, $ssl, $ses);
> +

$ses is no longer used there, and other cleanup on top off this change:

diff --git a/mail_ssl.t b/mail_ssl.t
--- a/mail_ssl.t
+++ b/mail_ssl.t
@@ -150,7 +150,7 @@ open STDERR, ">&", \*OLDERR;

###############################################################################

-my ($s, $ssl, $ses);
+my ($s, $ssl);

# simple tests to ensure that nothing broke with ssl_password_file directive

@@ -170,7 +170,7 @@ like(Net::SSLeay::dump_peer_certificate(

# alpn

-ok(get_ssl_socket(8148, undef, ['imap']), 'alpn');
+ok(get_ssl_socket(8148, ['imap']), 'alpn');

SKIP: {
$t->{_configure_args} =~ /LibreSSL ([\d\.]+)/;
@@ -181,7 +181,7 @@ skip 'OpenSSL too old', 1 if defined $1
TODO: {
local $TODO = 'not yet' unless $t->has_version('1.21.4');

-ok(!get_ssl_socket(8148, undef, ['unknown']), 'alpn rejected');
+ok(!get_ssl_socket(8148, ['unknown']), 'alpn rejected');

}

@@ -268,11 +268,10 @@ ok(!get_ssl_socket(8148, undef, ['unknow
###############################################################################

sub get_ssl_socket {
- my ($port, $ses, $alpn) = @_;
+ my ($port, $alpn) = @_;

my $s = IO::Socket::INET->new('127.0.0.1:' . port($port));
my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!");
- Net::SSLeay::set_session($ssl, $ses) if defined $ses;
Net::SSLeay::set_alpn_protos($ssl, $alpn) if defined $alpn;
Net::SSLeay::set_fd($ssl, fileno($s));
Net::SSLeay::connect($ssl) == 1 or return;
diff --git a/mail_ssl_session_reuse.t b/mail_ssl_session_reuse.t
--- a/mail_ssl_session_reuse.t
+++ b/mail_ssl_session_reuse.t
@@ -132,8 +132,6 @@ my $ctx = Net::SSLeay::CTX_new() or die(

###############################################################################

-my ($ssl, $ses);
-
# session reuse:
#
# - only tickets, the default

--
Sergey Kandaurov
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel