Welcome! Log In Create A New Profile

Advanced

[PATCH 03 of 11] Tests: added has_feature() tests for IO::Socket::SSL

Maxim Dounin
April 16, 2023 11:46PM
# HG changeset patch
# User Maxim Dounin <mdounin@mdounin.ru>
# Date 1681702252 -10800
# Mon Apr 17 06:30:52 2023 +0300
# Node ID f704912ed09f3494a815709710c3744b0adca50b
# Parent 6f0148ef1991d92a003c8529c8cce9a8dd49e706
Tests: added has_feature() tests for IO::Socket::SSL.

The following distinct features supported:

- "socket_ssl", which requires IO::Socket::SSL and also implies
existance of the IO::Socket::SSL::SSL_VERIFY_NONE() symbol.
It is used by most of the tests.

- "socket_ssl_sni", which requires IO::Socket::SSL with the can_client_sni()
function (1.84), and SNI support available in Net::SSLeay and the OpenSSL
library being used. Used by ssl_sni.t, ssl_sni_sessions.t,
stream_ssl_preread.t. Additional Net::SSLeay testing is believed to be
unneeded and was removed.

- "socket_ssl_alpn", which requires IO::Socket::SSL with ALPN support (2.009),
and ALPN support in Net::SSLeay and the OpenSSL library being used.
Used by h2_ssl.t, h2_ssl_verify_client.t, stream_ssl_alpn.t,
stream_ssl_preread_alpn.t.

- "socket_ssl_sslversion", which requires IO::Socket::SSL with
the get_sslversion() and get_sslversion_int() methods (1.964).
Used by mail_imap_ssl.t.

- "socket_ssl_reused", which requires IO::Socket::SSL with
the get_session_reused() method (2.057). To be used in the following
patches.

This makes it possible to simplify and unify various SSL tests.

diff --git a/h2_ssl.t b/h2_ssl.t
--- a/h2_ssl.t
+++ b/h2_ssl.t
@@ -25,7 +25,7 @@ use Test::Nginx::HTTP2;
select STDERR; $| = 1;
select STDOUT; $| = 1;

-my $t = Test::Nginx->new()->has(qw/http http_ssl http_v2/)
+my $t = Test::Nginx->new()->has(qw/http http_ssl http_v2 socket_ssl_alpn/)
->has_daemon('openssl');

$t->write_file_expand('nginx.conf', <<'EOF');
@@ -55,15 +55,6 @@ http {

EOF

-eval { require IO::Socket::SSL; die if $IO::Socket::SSL::VERSION < 1.56; };
-plan(skip_all => 'IO::Socket::SSL version >= 1.56 required') if $@;
-
-eval { IO::Socket::SSL->can_alpn() or die; };
-plan(skip_all => 'IO::Socket::SSL with OpenSSL ALPN support required') if $@;
-
-eval { exists &Net::SSLeay::P_alpn_selected or die; };
-plan(skip_all => 'Net::SSLeay with OpenSSL ALPN support required') if $@;
-
$t->write_file('openssl.conf', <<EOF);
[ req ]
default_bits = 2048
diff --git a/h2_ssl_proxy_cache.t b/h2_ssl_proxy_cache.t
--- a/h2_ssl_proxy_cache.t
+++ b/h2_ssl_proxy_cache.t
@@ -23,10 +23,8 @@ use Test::Nginx::HTTP2;
select STDERR; $| = 1;
select STDOUT; $| = 1;

-eval { require IO::Socket::SSL; };
-plan(skip_all => 'IO::Socket::SSL not installed') if $@;
-
-my $t = Test::Nginx->new()->has(qw/http http_ssl http_v2 proxy cache/)
+my $t = Test::Nginx->new()
+ ->has(qw/http http_ssl http_v2 proxy cache socket_ssl/)
->has_daemon('openssl');

$t->write_file_expand('nginx.conf', <<'EOF');
diff --git a/h2_ssl_variables.t b/h2_ssl_variables.t
--- a/h2_ssl_variables.t
+++ b/h2_ssl_variables.t
@@ -23,12 +23,7 @@ use Test::Nginx::HTTP2;
select STDERR; $| = 1;
select STDOUT; $| = 1;

-eval { require IO::Socket::SSL; };
-plan(skip_all => 'IO::Socket::SSL not installed') if $@;
-eval { IO::Socket::SSL::SSL_VERIFY_NONE(); };
-plan(skip_all => 'IO::Socket::SSL too old') if $@;
-
-my $t = Test::Nginx->new()->has(qw/http http_ssl http_v2 rewrite/)
+my $t = Test::Nginx->new()->has(qw/http http_ssl http_v2 rewrite socket_ssl/)
->has_daemon('openssl')->plan(8);

$t->write_file_expand('nginx.conf', <<'EOF');
diff --git a/h2_ssl_verify_client.t b/h2_ssl_verify_client.t
--- a/h2_ssl_verify_client.t
+++ b/h2_ssl_verify_client.t
@@ -23,14 +23,7 @@ use Test::Nginx::HTTP2;
select STDERR; $| = 1;
select STDOUT; $| = 1;

-eval { require IO::Socket::SSL; };
-plan(skip_all => 'IO::Socket::SSL not installed') if $@;
-eval { IO::Socket::SSL->can_client_sni() or die; };
-plan(skip_all => 'IO::Socket::SSL with OpenSSL SNI support required') if $@;
-eval { IO::Socket::SSL->can_alpn() or die; };
-plan(skip_all => 'OpenSSL ALPN support required') if $@;
-
-my $t = Test::Nginx->new()->has(qw/http http_ssl sni http_v2/)
+my $t = Test::Nginx->new()->has(qw/http http_ssl sni http_v2 socket_ssl_alpn/)
->has_daemon('openssl');

$t->write_file_expand('nginx.conf', <<'EOF');
diff --git a/lib/Test/Nginx.pm b/lib/Test/Nginx.pm
--- a/lib/Test/Nginx.pm
+++ b/lib/Test/Nginx.pm
@@ -241,6 +241,31 @@ sub has_feature($) {
return $^O ne 'MSWin32';
}

+ if ($feature =~ /^socket_ssl/) {
+ eval { require IO::Socket::SSL; };
+ return 0 if $@;
+ eval { IO::Socket::SSL::SSL_VERIFY_NONE(); };
+ return 0 if $@;
+ if ($feature eq 'socket_ssl') {
+ return 1;
+ }
+ if ($feature eq 'socket_ssl_sni') {
+ eval { IO::Socket::SSL->can_client_sni() or die; };
+ return !$@;
+ }
+ if ($feature eq 'socket_ssl_alpn') {
+ eval { IO::Socket::SSL->can_alpn() or die; };
+ return !$@;
+ }
+ if ($feature eq 'socket_ssl_sslversion') {
+ return IO::Socket::SSL->can('get_sslversion');
+ }
+ if ($feature eq 'socket_ssl_reused') {
+ return IO::Socket::SSL->can('get_session_reused');
+ }
+ return 0;
+ }
+
return 0;
}

diff --git a/mail_imap_ssl.t b/mail_imap_ssl.t
--- a/mail_imap_ssl.t
+++ b/mail_imap_ssl.t
@@ -26,14 +26,10 @@ use Test::Nginx::IMAP;
select STDERR; $| = 1;
select STDOUT; $| = 1;

-eval { require IO::Socket::SSL; };
-plan(skip_all => 'IO::Socket::SSL not installed') if $@;
-eval { IO::Socket::SSL::SSL_VERIFY_NONE(); };
-plan(skip_all => 'IO::Socket::SSL too old') if $@;
-
local $SIG{PIPE} = 'IGNORE';

-my $t = Test::Nginx->new()->has(qw/mail mail_ssl imap http rewrite/)
+my $t = Test::Nginx->new()
+ ->has(qw/mail mail_ssl imap http rewrite socket_ssl_sslversion/)
->has_daemon('openssl')->plan(13)
->write_file_expand('nginx.conf', <<'EOF');

@@ -215,12 +211,10 @@ my $s = Test::Nginx::IMAP->new(PeerAddr

my ($cipher, $sslversion);

-if ($IO::Socket::SSL::VERSION >= 1.964) {
- $s = get_ssl_socket(8143);
- $cipher = $s->get_cipher();
- $sslversion = $s->get_sslversion();
- $sslversion =~ s/_/./;
-}
+$s = get_ssl_socket(8143);
+$cipher = $s->get_cipher();
+$sslversion = $s->get_sslversion();
+$sslversion =~ s/_/./;

undef $s;

@@ -239,10 +233,6 @@ like($f, qr!^on:SUCCESS:(/?CN=2.example.
like($f, qr!^on:SUCCESS:(/?CN=3.example.com):\1:\w+:\w+:[^:]+:s5$!m,
'log - trusted cert');

-SKIP: {
-skip 'IO::Socket::SSL version >= 1.964 required', 1
- if $IO::Socket::SSL::VERSION < 1.964;
-
TODO: {
local $TODO = 'not yet' unless $t->has_version('1.21.2');

@@ -251,8 +241,6 @@ like($f, qr|^$cipher:$sslversion$|m, 'lo

}

-}
-
###############################################################################

sub get_ssl_socket {
diff --git a/mail_resolver.t b/mail_resolver.t
--- a/mail_resolver.t
+++ b/mail_resolver.t
@@ -23,14 +23,9 @@ use Test::Nginx::SMTP;
select STDERR; $| = 1;
select STDOUT; $| = 1;

-eval { require IO::Socket::SSL; };
-plan(skip_all => 'IO::Socket::SSL not installed') if $@;
-eval { IO::Socket::SSL::SSL_VERIFY_NONE(); };
-plan(skip_all => 'IO::Socket::SSL too old') if $@;
-
local $SIG{PIPE} = 'IGNORE';

-my $t = Test::Nginx->new()->has(qw/mail mail_ssl smtp http rewrite/)
+my $t = Test::Nginx->new()->has(qw/mail mail_ssl smtp http rewrite socket_ssl/)
->has_daemon('openssl')->plan(11)
->write_file_expand('nginx.conf', <<'EOF');

diff --git a/proxy_ssl.t b/proxy_ssl.t
--- a/proxy_ssl.t
+++ b/proxy_ssl.t
@@ -21,11 +21,9 @@ use Test::Nginx;
select STDERR; $| = 1;
select STDOUT; $| = 1;

-eval { require IO::Socket::SSL; };
-plan(skip_all => 'IO::Socket::SSL not installed') if $@;
-
-my $t = Test::Nginx->new()->has(qw/http proxy http_ssl/)->has_daemon('openssl')
- ->plan(8)->write_file_expand('nginx.conf', <<'EOF');
+my $t = Test::Nginx->new()->has(qw/http proxy http_ssl socket_ssl/)
+ ->has_daemon('openssl')->plan(8)
+ ->write_file_expand('nginx.conf', <<'EOF');

%%TEST_GLOBALS%%

diff --git a/ssl.t b/ssl.t
--- a/ssl.t
+++ b/ssl.t
@@ -25,12 +25,7 @@ use Test::Nginx;
select STDERR; $| = 1;
select STDOUT; $| = 1;

-eval { require IO::Socket::SSL; };
-plan(skip_all => 'IO::Socket::SSL not installed') if $@;
-eval { IO::Socket::SSL::SSL_VERIFY_NONE(); };
-plan(skip_all => 'IO::Socket::SSL too old') if $@;
-
-my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite proxy/)
+my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite proxy socket_ssl/)
->has_daemon('openssl')->plan(21);

$t->write_file_expand('nginx.conf', <<'EOF');
diff --git a/ssl_certificate_chain.t b/ssl_certificate_chain.t
--- a/ssl_certificate_chain.t
+++ b/ssl_certificate_chain.t
@@ -22,12 +22,7 @@ use Test::Nginx;
select STDERR; $| = 1;
select STDOUT; $| = 1;

-eval { require IO::Socket::SSL; };
-plan(skip_all => 'IO::Socket::SSL not installed') if $@;
-eval { IO::Socket::SSL::SSL_VERIFY_NONE(); };
-plan(skip_all => 'IO::Socket::SSL too old') if $@;
-
-my $t = Test::Nginx->new()->has(qw/http http_ssl/)
+my $t = Test::Nginx->new()->has(qw/http http_ssl socket_ssl/)
->has_daemon('openssl')->plan(3);

$t->write_file_expand('nginx.conf', <<'EOF');
diff --git a/ssl_client_escaped_cert.t b/ssl_client_escaped_cert.t
--- a/ssl_client_escaped_cert.t
+++ b/ssl_client_escaped_cert.t
@@ -22,12 +22,7 @@ use Test::Nginx;
select STDERR; $| = 1;
select STDOUT; $| = 1;

-eval { require IO::Socket::SSL; };
-plan(skip_all => 'IO::Socket::SSL not installed') if $@;
-eval { IO::Socket::SSL::SSL_VERIFY_NONE(); };
-plan(skip_all => 'IO::Socket::SSL too old') if $@;
-
-my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite/)
+my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite socket_ssl/)
->has_daemon('openssl')->plan(3);

$t->write_file_expand('nginx.conf', <<'EOF');
diff --git a/ssl_crl.t b/ssl_crl.t
--- a/ssl_crl.t
+++ b/ssl_crl.t
@@ -22,12 +22,7 @@ use Test::Nginx;
select STDERR; $| = 1;
select STDOUT; $| = 1;

-eval { require IO::Socket::SSL; };
-plan(skip_all => 'IO::Socket::SSL not installed') if $@;
-eval { IO::Socket::SSL::SSL_VERIFY_NONE(); };
-plan(skip_all => 'IO::Socket::SSL too old') if $@;
-
-my $t = Test::Nginx->new()->has(qw/http http_ssl/)
+my $t = Test::Nginx->new()->has(qw/http http_ssl socket_ssl/)
->has_daemon('openssl')->plan(3);

$t->write_file_expand('nginx.conf', <<'EOF');
diff --git a/ssl_curve.t b/ssl_curve.t
--- a/ssl_curve.t
+++ b/ssl_curve.t
@@ -22,12 +22,7 @@ use Test::Nginx;
select STDERR; $| = 1;
select STDOUT; $| = 1;

-eval { require IO::Socket::SSL; };
-plan(skip_all => 'IO::Socket::SSL not installed') if $@;
-eval { IO::Socket::SSL::SSL_VERIFY_NONE(); };
-plan(skip_all => 'IO::Socket::SSL too old') if $@;
-
-my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite/)
+my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite socket_ssl/)
->has_daemon('openssl');

$t->{_configure_args} =~ /OpenSSL (\d+)/;
diff --git a/ssl_password_file.t b/ssl_password_file.t
--- a/ssl_password_file.t
+++ b/ssl_password_file.t
@@ -25,14 +25,9 @@ use Test::Nginx;
select STDERR; $| = 1;
select STDOUT; $| = 1;

-eval { require IO::Socket::SSL; };
-plan(skip_all => 'IO::Socket::SSL not installed') if $@;
-eval { IO::Socket::SSL::SSL_VERIFY_NONE(); };
-plan(skip_all => 'IO::Socket::SSL too old') if $@;
-
plan(skip_all => 'win32') if $^O eq 'MSWin32';

-my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite/)
+my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite socket_ssl/)
->has_daemon('openssl');

$t->plan(3)->write_file_expand('nginx.conf', <<'EOF');
diff --git a/ssl_proxy_protocol.t b/ssl_proxy_protocol.t
--- a/ssl_proxy_protocol.t
+++ b/ssl_proxy_protocol.t
@@ -24,12 +24,7 @@ use Test::Nginx;
select STDERR; $| = 1;
select STDOUT; $| = 1;

-eval { require IO::Socket::SSL; };
-plan(skip_all => 'IO::Socket::SSL not installed') if $@;
-eval { IO::Socket::SSL::SSL_VERIFY_NONE(); };
-plan(skip_all => 'IO::Socket::SSL too old') if $@;
-
-my $t = Test::Nginx->new()->has(qw/http http_ssl access realip/)
+my $t = Test::Nginx->new()->has(qw/http http_ssl access realip socket_ssl/)
->has_daemon('openssl');

$t->write_file_expand('nginx.conf', <<'EOF')->plan(18);
diff --git a/ssl_proxy_upgrade.t b/ssl_proxy_upgrade.t
--- a/ssl_proxy_upgrade.t
+++ b/ssl_proxy_upgrade.t
@@ -29,12 +29,8 @@ use Test::Nginx;
select STDERR; $| = 1;
select STDOUT; $| = 1;

-eval { require IO::Socket::SSL; };
-plan(skip_all => 'IO::Socket::SSL not installed') if $@;
-eval { IO::Socket::SSL::SSL_VERIFY_NONE(); };
-plan(skip_all => 'IO::Socket::SSL too old') if $@;
-
-my $t = Test::Nginx->new()->has(qw/http proxy http_ssl/)->has_daemon('openssl')
+my $t = Test::Nginx->new()->has(qw/http proxy http_ssl socket_ssl/)
+ ->has_daemon('openssl')
->write_file_expand('nginx.conf', <<'EOF')->plan(30);

%%TEST_GLOBALS%%
diff --git a/ssl_reject_handshake.t b/ssl_reject_handshake.t
--- a/ssl_reject_handshake.t
+++ b/ssl_reject_handshake.t
@@ -22,12 +22,8 @@ use Test::Nginx;
select STDERR; $| = 1;
select STDOUT; $| = 1;

-eval { require IO::Socket::SSL; };
-plan(skip_all => 'IO::Socket::SSL not installed') if $@;
-eval { IO::Socket::SSL->can_client_sni() or die; };
-plan(skip_all => 'IO::Socket::SSL with OpenSSL SNI support required') if $@;
-
-my $t = Test::Nginx->new()->has(qw/http http_ssl sni/)->has_daemon('openssl');
+my $t = Test::Nginx->new()->has(qw/http http_ssl sni socket_ssl/)
+ ->has_daemon('openssl');

$t->write_file_expand('nginx.conf', <<'EOF');

diff --git a/ssl_session_reuse.t b/ssl_session_reuse.t
--- a/ssl_session_reuse.t
+++ b/ssl_session_reuse.t
@@ -23,12 +23,7 @@ use Test::Nginx;
select STDERR; $| = 1;
select STDOUT; $| = 1;

-eval { require IO::Socket::SSL; };
-plan(skip_all => 'IO::Socket::SSL not installed') if $@;
-eval { IO::Socket::SSL::SSL_VERIFY_NONE(); };
-plan(skip_all => 'IO::Socket::SSL too old') if $@;
-
-my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite/)
+my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite socket_ssl/)
->has_daemon('openssl')->plan(8);

$t->write_file_expand('nginx.conf', <<'EOF');
diff --git a/ssl_sni.t b/ssl_sni.t
--- a/ssl_sni.t
+++ b/ssl_sni.t
@@ -22,8 +22,8 @@ use Test::Nginx;
select STDERR; $| = 1;
select STDOUT; $| = 1;

-my $t = Test::Nginx->new()->has(qw/http http_ssl sni rewrite/)
- ->has_daemon('openssl')
+my $t = Test::Nginx->new()->has(qw/http http_ssl sni rewrite socket_ssl_sni/)
+ ->has_daemon('openssl')->plan(8)
->write_file_expand('nginx.conf', <<'EOF');

%%TEST_GLOBALS%%
@@ -79,25 +79,6 @@ http {

EOF

-eval { require IO::Socket::SSL; die if $IO::Socket::SSL::VERSION < 1.56; };
-plan(skip_all => 'IO::Socket::SSL version >= 1.56 required') if $@;
-
-eval {
- if (IO::Socket::SSL->can('can_client_sni')) {
- IO::Socket::SSL->can_client_sni() or die;
- }
-};
-plan(skip_all => 'IO::Socket::SSL with OpenSSL SNI support required') if $@;
-
-eval {
- my $ctx = Net::SSLeay::CTX_new() or die;
- my $ssl = Net::SSLeay::new($ctx) or die;
- Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die;
-};
-plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@;
-
-$t->plan(8);
-
$t->write_file('openssl.conf', <<EOF);
[ req ]
default_bits = 2048
diff --git a/ssl_sni_sessions.t b/ssl_sni_sessions.t
--- a/ssl_sni_sessions.t
+++ b/ssl_sni_sessions.t
@@ -21,9 +21,9 @@ use Test::Nginx;
select STDERR; $| = 1;
select STDOUT; $| = 1;

-my $t = Test::Nginx->new()->has(qw/http http_ssl sni rewrite/);
-
-$t->has_daemon('openssl')->write_file_expand('nginx.conf', <<'EOF');
+my $t = Test::Nginx->new()->has(qw/http http_ssl sni rewrite socket_ssl_sni/)
+ ->has_daemon('openssl')
+ ->write_file_expand('nginx.conf', <<'EOF');

%%TEST_GLOBALS%%

@@ -87,23 +87,6 @@ http {

EOF

-eval { require IO::Socket::SSL; die if $IO::Socket::SSL::VERSION < 1.56; };
-plan(skip_all => 'IO::Socket::SSL version >= 1.56 required') if $@;
-
-eval {
- if (IO::Socket::SSL->can('can_client_sni')) {
- IO::Socket::SSL->can_client_sni() or die;
- }
-};
-plan(skip_all => 'IO::Socket::SSL with OpenSSL SNI support required') if $@;
-
-eval {
- my $ctx = Net::SSLeay::CTX_new() or die;
- my $ssl = Net::SSLeay::new($ctx) or die;
- Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die;
-};
-plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@;
-
$t->write_file('openssl.conf', <<EOF);
[ req ]
default_bits = 2048
diff --git a/ssl_verify_depth.t b/ssl_verify_depth.t
--- a/ssl_verify_depth.t
+++ b/ssl_verify_depth.t
@@ -22,12 +22,8 @@ use Test::Nginx;
select STDERR; $| = 1;
select STDOUT; $| = 1;

-eval { require IO::Socket::SSL; };
-plan(skip_all => 'IO::Socket::SSL not installed') if $@;
-eval { IO::Socket::SSL::SSL_VERIFY_NONE(); };
-plan(skip_all => 'IO::Socket::SSL too old') if $@;
-
-my $t = Test::Nginx->new()->has(qw/http http_ssl/)->has_daemon('openssl');
+my $t = Test::Nginx->new()->has(qw/http http_ssl socket_ssl/)
+ ->has_daemon('openssl');

plan(skip_all => 'LibreSSL') if $t->has_module('LibreSSL');

diff --git a/stream_js_fetch_https.t b/stream_js_fetch_https.t
--- a/stream_js_fetch_https.t
+++ b/stream_js_fetch_https.t
@@ -23,12 +23,9 @@ use Test::Nginx::Stream qw/ stream /;
select STDERR; $| = 1;
select STDOUT; $| = 1;

-eval { require IO::Socket::SSL; };
-plan(skip_all => 'IO::Socket::SSL not installed') if $@;
-eval { IO::Socket::SSL::SSL_VERIFY_NONE(); };
-plan(skip_all => 'IO::Socket::SSL too old') if $@;
-
-my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite stream stream_return/)
+my $t = Test::Nginx->new()
+ ->has(qw/http http_ssl rewrite stream stream_return socket_ssl/)
+ ->has_daemon('openssl')
->write_file_expand('nginx.conf', <<'EOF');

%%TEST_GLOBALS%%
diff --git a/stream_proxy_protocol_ssl.t b/stream_proxy_protocol_ssl.t
--- a/stream_proxy_protocol_ssl.t
+++ b/stream_proxy_protocol_ssl.t
@@ -24,11 +24,8 @@ use Test::Nginx qw/ :DEFAULT http_end /;
select STDERR; $| = 1;
select STDOUT; $| = 1;

-eval { require IO::Socket::SSL; };
-plan(skip_all => 'IO::Socket::SSL not installed') if $@;
-
-my $t = Test::Nginx->new()->has(qw/stream stream_ssl/)->has_daemon('openssl')
- ->plan(2);
+my $t = Test::Nginx->new()->has(qw/stream stream_ssl socket_ssl/)
+ ->has_daemon('openssl')->plan(2);

$t->write_file_expand('nginx.conf', <<'EOF');

diff --git a/stream_ssl_alpn.t b/stream_ssl_alpn.t
--- a/stream_ssl_alpn.t
+++ b/stream_ssl_alpn.t
@@ -23,8 +23,10 @@ use Test::Nginx::Stream qw/ stream /;
select STDERR; $| = 1;
select STDOUT; $| = 1;

-my $t = Test::Nginx->new()->has(qw/stream stream_ssl stream_return/)
- ->has_daemon('openssl')->write_file_expand('nginx.conf', <<'EOF');
+my $t = Test::Nginx->new()
+ ->has(qw/stream stream_ssl stream_return socket_ssl_alpn/)
+ ->has_daemon('openssl')
+ ->write_file_expand('nginx.conf', <<'EOF');

%%TEST_GLOBALS%%

@@ -51,15 +53,6 @@ stream {

EOF

-eval { require IO::Socket::SSL; die if $IO::Socket::SSL::VERSION < 1.56; };
-plan(skip_all => 'IO::Socket::SSL version >= 1.56 required') if $@;
-
-eval { IO::Socket::SSL->can_alpn() or die; };
-plan(skip_all => 'IO::Socket::SSL with OpenSSL ALPN support required') if $@;
-
-eval { exists &Net::SSLeay::P_alpn_selected or die; };
-plan(skip_all => 'Net::SSLeay with OpenSSL ALPN support required') if $@;
-
$t->write_file('openssl.conf', <<EOF);
[ req ]
default_bits = 2048
diff --git a/stream_ssl_preread.t b/stream_ssl_preread.t
--- a/stream_ssl_preread.t
+++ b/stream_ssl_preread.t
@@ -24,7 +24,8 @@ select STDERR; $| = 1;
select STDOUT; $| = 1;

my $t = Test::Nginx->new()->has(qw/stream stream_map stream_ssl_preread/)
- ->has(qw/stream_ssl stream_return/)->has_daemon('openssl')
+ ->has(qw/stream_ssl stream_return socket_ssl_sni/)
+ ->has_daemon('openssl')->plan(13)
->write_file_expand('nginx.conf', <<'EOF');

%%TEST_GLOBALS%%
@@ -107,25 +108,6 @@ stream {

EOF

-eval { require IO::Socket::SSL; die if $IO::Socket::SSL::VERSION < 1.56; };
-plan(skip_all => 'IO::Socket::SSL version >= 1.56 required') if $@;
-
-eval {
- if (IO::Socket::SSL->can('can_client_sni')) {
- IO::Socket::SSL->can_client_sni() or die;
- }
-};
-plan(skip_all => 'IO::Socket::SSL with OpenSSL SNI support required') if $@;
-
-eval {
- my $ctx = Net::SSLeay::CTX_new() or die;
- my $ssl = Net::SSLeay::new($ctx) or die;
- Net::SSLeay::set_tlsext_host_name($ssl, 'example.org') == 1 or die;
-};
-plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@;
-
-$t->plan(13);
-
$t->write_file('openssl.conf', <<EOF);
[ req ]
default_bits = 2048
diff --git a/stream_ssl_preread_alpn.t b/stream_ssl_preread_alpn.t
--- a/stream_ssl_preread_alpn.t
+++ b/stream_ssl_preread_alpn.t
@@ -24,7 +24,8 @@ select STDERR; $| = 1;
select STDOUT; $| = 1;

my $t = Test::Nginx->new()->has(qw/stream stream_map stream_ssl_preread/)
- ->has(qw/stream_ssl stream_return/)->has_daemon('openssl')
+ ->has(qw/stream_ssl stream_return socket_ssl_alpn/)
+ ->has_daemon('openssl')->plan(5)
->write_file_expand('nginx.conf', <<'EOF');

%%TEST_GLOBALS%%
@@ -75,17 +76,6 @@ stream {

EOF

-eval { require IO::Socket::SSL; die if $IO::Socket::SSL::VERSION < 1.56; };
-plan(skip_all => 'IO::Socket::SSL version >= 1.56 required') if $@;
-
-eval { IO::Socket::SSL->can_alpn() or die; };
-plan(skip_all => 'IO::Socket::SSL with OpenSSL ALPN support required') if $@;
-
-eval { exists &Net::SSLeay::P_alpn_selected or die; };
-plan(skip_all => 'Net::SSLeay with OpenSSL ALPN support required') if $@;
-
-$t->plan(5);
-
$t->write_file('openssl.conf', <<EOF);
[ req ]
default_bits = 2048
diff --git a/stream_ssl_realip.t b/stream_ssl_realip.t
--- a/stream_ssl_realip.t
+++ b/stream_ssl_realip.t
@@ -24,13 +24,9 @@ use Test::Nginx qw/ :DEFAULT http_end /;
select STDERR; $| = 1;
select STDOUT; $| = 1;

-eval { require IO::Socket::SSL; };
-plan(skip_all => 'IO::Socket::SSL not installed') if $@;
-eval { IO::Socket::SSL::SSL_VERIFY_NONE(); };
-plan(skip_all => 'IO::Socket::SSL too old') if $@;
-
my $t = Test::Nginx->new()->has(qw/stream stream_return stream_realip/)
- ->has(qw/stream_ssl/)->has_daemon('openssl')
+ ->has(qw/stream_ssl socket_ssl/)
+ ->has_daemon('openssl')
->write_file_expand('nginx.conf', <<'EOF');

%%TEST_GLOBALS%%
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[PATCH 00 of 11] SSL tests simplified

Maxim Dounin 619 April 16, 2023 11:46PM

[PATCH 01 of 11] Tests: SIGPIPE handling in mail tests

Maxim Dounin 121 April 16, 2023 11:46PM

[PATCH 03 of 11] Tests: added has_feature() tests for IO::Socket::SSL

Maxim Dounin 126 April 16, 2023 11:46PM

Re: [PATCH 03 of 11] Tests: added has_feature() tests for IO::Socket::SSL

Sergey Kandaurov 132 May 03, 2023 12:22PM

Re: [PATCH 03 of 11] Tests: added has_feature() tests for IO::Socket::SSL

Maxim Dounin 132 May 03, 2023 11:58PM

[PATCH 04 of 11] Tests: fixed server_tokens tests for build names with spaces

Maxim Dounin 157 April 16, 2023 11:46PM

Re: [PATCH 04 of 11] Tests: fixed server_tokens tests for build names with spaces

Sergey Kandaurov 94 May 11, 2023 07:50AM

Re: [PATCH 04 of 11] Tests: fixed server_tokens tests for build names with spaces

Maxim Dounin 116 May 14, 2023 02:54PM

[PATCH 05 of 11] Tests: added has_feature() test for SSL libraries

Maxim Dounin 123 April 16, 2023 11:46PM

[PATCH 09 of 11] Tests: simplified stream SSL tests with IO::Socket::SSL

Maxim Dounin 127 April 16, 2023 11:46PM

[PATCH 06 of 11] Tests: reworked mail SSL tests to use IO::Socket::SSL

Maxim Dounin 140 April 16, 2023 11:46PM

Re: [PATCH 06 of 11] Tests: reworked mail SSL tests to use IO::Socket::SSL

Sergey Kandaurov 214 May 11, 2023 10:40AM

Re: [PATCH 06 of 11] Tests: reworked mail SSL tests to use IO::Socket::SSL

Maxim Dounin 118 May 14, 2023 05:12PM

[PATCH 08 of 11] Tests: reworked stream SSL tests to use IO::Socket::SSL

Maxim Dounin 131 April 16, 2023 11:46PM

[PATCH 07 of 11] Tests: simplified mail_imap_ssl.t

Maxim Dounin 121 April 16, 2023 11:46PM

[PATCH 10 of 11] Tests: reworked http SSL tests to use IO::Socket::SSL

Maxim Dounin 125 April 16, 2023 11:46PM

Re: [PATCH 10 of 11] Tests: reworked http SSL tests to use IO::Socket::SSL

Sergey Kandaurov 123 May 11, 2023 10:28AM

Re: [PATCH 10 of 11] Tests: reworked http SSL tests to use IO::Socket::SSL

Maxim Dounin 142 May 18, 2023 11:18AM

[PATCH 11 of 11] Tests: simplified http SSL tests with IO::Socket::SSL

Maxim Dounin 127 April 16, 2023 11:46PM

[PATCH 0 of 6] SSL tests refactoring fixes

Sergey Kandaurov 102 May 22, 2023 03:58PM

[PATCH 1 of 6] Tests: unbreak ssl_stapling.t after IO::Socket::SSL refactoring

Sergey Kandaurov 119 May 22, 2023 03:58PM

Re: [PATCH 1 of 6] Tests: unbreak ssl_stapling.t after IO::Socket::SSL refactoring

Maxim Dounin 93 May 22, 2023 04:38PM

[PATCH 2 of 6] Tests: unbreak tests with IO::Socket:SSL lacking SSL_session_key

Sergey Kandaurov 104 May 22, 2023 03:58PM

Re: [PATCH 2 of 6] Tests: unbreak tests with IO::Socket:SSL lacking SSL_session_key

Maxim Dounin 96 May 22, 2023 07:44PM

Re: [PATCH 2 of 6] Tests: unbreak tests with IO::Socket:SSL lacking SSL_session_key

Sergey Kandaurov 118 May 23, 2023 06:36AM

Re: [PATCH 2 of 6] Tests: unbreak tests with IO::Socket:SSL lacking SSL_session_key

Maxim Dounin 165 May 23, 2023 09:32AM

[PATCH 3 of 6] Tests: unbreak stream_ssl_variables.t with old IO::Socket::SSL

Sergey Kandaurov 99 May 22, 2023 04:00PM

Re: [PATCH 3 of 6] Tests: unbreak stream_ssl_variables.t with old IO::Socket::SSL

Maxim Dounin 101 May 22, 2023 07:52PM

[PATCH 4 of 6] Tests: avoid specifying PSS in sigalgs unless in TLSv1.3

Sergey Kandaurov 104 May 22, 2023 04:00PM

Re: [PATCH 4 of 6] Tests: avoid specifying PSS in sigalgs unless in TLSv1.3

Maxim Dounin 97 May 22, 2023 09:08PM

Re: [PATCH 4 of 6] Tests: avoid specifying PSS in sigalgs unless in TLSv1.3

Sergey Kandaurov 200 May 23, 2023 08:24AM

[PATCH 5 of 6] Tests: added missing socket_ssl_alpn guard in mail_ssl.t

Sergey Kandaurov 106 May 22, 2023 04:00PM

Re: [PATCH 5 of 6] Tests: added missing socket_ssl_alpn guard in mail_ssl.t

Maxim Dounin 98 May 22, 2023 10:18PM

Re: [PATCH 5 of 6] Tests: added missing socket_ssl_alpn guard in mail_ssl.t

Sergey Kandaurov 186 May 23, 2023 08:56AM

[PATCH 6 of 6] Tests: added missing socket_ssl_reused prerequisites

Sergey Kandaurov 104 May 22, 2023 04:00PM

Re: [PATCH 6 of 6] Tests: added missing socket_ssl_reused prerequisites

Maxim Dounin 90 May 22, 2023 10:40PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 177
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready