Welcome! Log In Create A New Profile

Advanced

[PATCH 05 of 11] Tests: added has_feature() test for SSL libraries

Maxim Dounin
April 16, 2023 11:46PM
# HG changeset patch
# User Maxim Dounin <mdounin@mdounin.ru>
# Date 1681702255 -10800
# Mon Apr 17 06:30:55 2023 +0300
# Node ID a8e22a3212da945e9060d4233905eb6de1399d34
# Parent 605cab711606724e5879e8a81d5d21797e5ddcfb
Tests: added has_feature() test for SSL libraries.

This makes it possible to further simplify various SSL tests. It also
avoids direct testing of the $t->{_configure_args} internal field, and
implements proper comparison of version numbers.

diff --git a/grpc_pass.t b/grpc_pass.t
--- a/grpc_pass.t
+++ b/grpc_pass.t
@@ -107,8 +107,7 @@ like(http_get('/basic'), qr/200 OK/, 'no
like(http_get('/grpc'), qr/200 OK/, 'grpc scheme');

SKIP: {
-$t->{_configure_args} =~ /OpenSSL ([\d\.]+)/;
-skip 'OpenSSL too old', 1 unless defined $1 and $1 ge '1.0.2';
+skip 'OpenSSL too old', 1 unless $t->has_feature('openssl:1.0.2');

like(http_get('/grpcs'), qr/200 OK/, 'grpcs scheme');

diff --git a/grpc_ssl.t b/grpc_ssl.t
--- a/grpc_ssl.t
+++ b/grpc_ssl.t
@@ -24,12 +24,9 @@ select STDERR; $| = 1;
select STDOUT; $| = 1;

my $t = Test::Nginx->new()->has(qw/http rewrite http_v2 grpc/)
- ->has(qw/upstream_keepalive http_ssl/)->has_daemon('openssl');
-
-$t->{_configure_args} =~ /OpenSSL ([\d\.]+)/;
-plan(skip_all => 'OpenSSL too old') unless defined $1 and $1 ge '1.0.2';
-
-$t->write_file_expand('nginx.conf', <<'EOF')->plan(38);
+ ->has(qw/upstream_keepalive http_ssl openssl:1.0.2/)
+ ->has_daemon('openssl')
+ ->write_file_expand('nginx.conf', <<'EOF')->plan(38);

%%TEST_GLOBALS%%

diff --git a/h2_ssl.t b/h2_ssl.t
--- a/h2_ssl.t
+++ b/h2_ssl.t
@@ -87,10 +87,12 @@ plan(skip_all => 'no ALPN negotiation')
###############################################################################

SKIP: {
-$t->{_configure_args} =~ /LibreSSL ([\d\.]+)/;
-skip 'LibreSSL too old', 1 if defined $1 and $1 lt '3.4.0';
-$t->{_configure_args} =~ /OpenSSL ([\d\.]+)/;
-skip 'OpenSSL too old', 1 if defined $1 and $1 lt '1.1.0';
+skip 'LibreSSL too old', 1
+ if $t->has_module('LibreSSL')
+ and not $t->has_feature('libressl:3.4.0');
+skip 'OpenSSL too old', 1
+ if $t->has_module('OpenSSL')
+ and not $t->has_feature('openssl:1.1.0');

TODO: {
local $TODO = 'not yet' unless $t->has_version('1.21.4');
diff --git a/lib/Test/Nginx.pm b/lib/Test/Nginx.pm
--- a/lib/Test/Nginx.pm
+++ b/lib/Test/Nginx.pm
@@ -266,6 +266,28 @@ sub has_feature($) {
return 0;
}

+ if ($feature =~ /^(openssl|libressl):([0-9.]+)/) {
+ my $library = $1;
+ my $need = $2;
+
+ $self->{_configure_args} = `$NGINX -V 2>&1`
+ if !defined $self->{_configure_args};
+
+ return 0 unless
+ $self->{_configure_args} =~ /with $library ([0-9.]+)/i;
+
+ my @v = split(/\./, $1);
+ my ($n, $v);
+
+ for $n (split(/\./, $need)) {
+ $v = shift @v || 0;
+ return 0 if $n > $v;
+ return 1 if $v > $n;
+ }
+
+ return 1;
+ }
+
return 0;
}

diff --git a/mail_ssl.t b/mail_ssl.t
--- a/mail_ssl.t
+++ b/mail_ssl.t
@@ -175,10 +175,12 @@ like(Net::SSLeay::dump_peer_certificate(
ok(get_ssl_socket(8148, ['imap']), 'alpn');

SKIP: {
-$t->{_configure_args} =~ /LibreSSL ([\d\.]+)/;
-skip 'LibreSSL too old', 1 if defined $1 and $1 lt '3.4.0';
-$t->{_configure_args} =~ /OpenSSL ([\d\.]+)/;
-skip 'OpenSSL too old', 1 if defined $1 and $1 lt '1.1.0';
+skip 'LibreSSL too old', 1
+ if $t->has_module('LibreSSL')
+ and not $t->has_feature('libressl:3.4.0');
+skip 'OpenSSL too old', 1
+ if $t->has_module('OpenSSL')
+ and not $t->has_feature('openssl:1.1.0');

TODO: {
local $TODO = 'not yet' unless $t->has_version('1.21.4');
diff --git a/mail_ssl_conf_command.t b/mail_ssl_conf_command.t
--- a/mail_ssl_conf_command.t
+++ b/mail_ssl_conf_command.t
@@ -32,11 +32,9 @@ eval {
};
plan(skip_all => 'Net::SSLeay not installed') if $@;

-my $t = Test::Nginx->new()->has(qw/mail mail_ssl imap/)
+my $t = Test::Nginx->new()->has(qw/mail mail_ssl imap openssl:1.0.2/)
->has_daemon('openssl');

-$t->{_configure_args} =~ /OpenSSL ([\d\.]+)/;
-plan(skip_all => 'OpenSSL too old') unless defined $1 and $1 ge '1.0.2';
plan(skip_all => 'no ssl_conf_command') if $t->has_module('BoringSSL');

$t->write_file_expand('nginx.conf', <<'EOF');
diff --git a/proxy_ssl_conf_command.t b/proxy_ssl_conf_command.t
--- a/proxy_ssl_conf_command.t
+++ b/proxy_ssl_conf_command.t
@@ -22,11 +22,10 @@ use Test::Nginx;
select STDERR; $| = 1;
select STDOUT; $| = 1;

-my $t = Test::Nginx->new()->has(qw/http http_ssl proxy uwsgi http_v2 grpc/)
+my $t = Test::Nginx->new()
+ ->has(qw/http http_ssl proxy uwsgi http_v2 grpc openssl:1.0.2/)
->has_daemon('openssl');

-$t->{_configure_args} =~ /OpenSSL ([\d\.]+)/;
-plan(skip_all => 'OpenSSL too old') unless defined $1 and $1 ge '1.0.2';
plan(skip_all => 'no ssl_conf_command') if $t->has_module('BoringSSL');

$t->write_file_expand('nginx.conf', <<'EOF');
diff --git a/ssl_certificate.t b/ssl_certificate.t
--- a/ssl_certificate.t
+++ b/ssl_certificate.t
@@ -39,12 +39,9 @@ eval {
};
plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@;

-my $t = Test::Nginx->new()->has(qw/http http_ssl geo/)
+my $t = Test::Nginx->new()->has(qw/http http_ssl geo openssl:1.0.2/)
->has_daemon('openssl');

-$t->{_configure_args} =~ /OpenSSL ([\d\.]+)/;
-plan(skip_all => 'OpenSSL too old') unless defined $1 and $1 ge '1.0.2';
-
$t->write_file_expand('nginx.conf', <<'EOF');

%%TEST_GLOBALS%%
diff --git a/ssl_certificate_perl.t b/ssl_certificate_perl.t
--- a/ssl_certificate_perl.t
+++ b/ssl_certificate_perl.t
@@ -37,10 +37,9 @@ eval {
};
plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@;

-my $t = Test::Nginx->new()->has(qw/http http_ssl perl/)->has_daemon('openssl');
-
-$t->{_configure_args} =~ /OpenSSL ([\d\.]+)/;
-plan(skip_all => 'OpenSSL too old') unless defined $1 and $1 ge '1.0.2';
+my $t = Test::Nginx->new()
+ ->has(qw/http http_ssl perl openssl:1.0.2/)
+ ->has_daemon('openssl');

$t->write_file_expand('nginx.conf', <<'EOF');

diff --git a/ssl_conf_command.t b/ssl_conf_command.t
--- a/ssl_conf_command.t
+++ b/ssl_conf_command.t
@@ -30,11 +30,9 @@ eval {
};
plan(skip_all => 'Net::SSLeay not installed') if $@;

-my $t = Test::Nginx->new()->has(qw/http http_ssl/)
+my $t = Test::Nginx->new()->has(qw/http http_ssl openssl:1.0.2/)
->has_daemon('openssl');

-$t->{_configure_args} =~ /OpenSSL ([\d\.]+)/;
-plan(skip_all => 'OpenSSL too old') unless defined $1 and $1 ge '1.0.2';
plan(skip_all => 'no ssl_conf_command') if $t->has_module('BoringSSL');

$t->write_file_expand('nginx.conf', <<'EOF');
diff --git a/ssl_curve.t b/ssl_curve.t
--- a/ssl_curve.t
+++ b/ssl_curve.t
@@ -22,12 +22,10 @@ use Test::Nginx;
select STDERR; $| = 1;
select STDOUT; $| = 1;

-my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite socket_ssl/)
+my $t = Test::Nginx->new()
+ ->has(qw/http http_ssl rewrite socket_ssl openssl:3.0.0/)
->has_daemon('openssl');

-$t->{_configure_args} =~ /OpenSSL (\d+)/;
-plan(skip_all => 'OpenSSL too old') unless defined $1 and $1 >= 3;
-
$t->write_file_expand('nginx.conf', <<'EOF');

%%TEST_GLOBALS%%
diff --git a/stream_proxy_ssl_conf_command.t b/stream_proxy_ssl_conf_command.t
--- a/stream_proxy_ssl_conf_command.t
+++ b/stream_proxy_ssl_conf_command.t
@@ -22,11 +22,10 @@ use Test::Nginx;
select STDERR; $| = 1;
select STDOUT; $| = 1;

-my $t = Test::Nginx->new()->has(qw/stream stream_ssl http http_ssl/)
+my $t = Test::Nginx->new()
+ ->has(qw/stream stream_ssl http http_ssl openssl:1.0.2/)
->has_daemon('openssl');

-$t->{_configure_args} =~ /OpenSSL ([\d\.]+)/;
-plan(skip_all => 'OpenSSL too old') unless defined $1 and $1 ge '1.0.2';
plan(skip_all => 'no ssl_conf_command') if $t->has_module('BoringSSL');

$t->write_file_expand('nginx.conf', <<'EOF');
diff --git a/stream_ssl_alpn.t b/stream_ssl_alpn.t
--- a/stream_ssl_alpn.t
+++ b/stream_ssl_alpn.t
@@ -81,10 +81,12 @@ is(get_ssl('wrong', 'second'), 'X second
is(get_ssl(), 'X X', 'no alpn');

SKIP: {
-$t->{_configure_args} =~ /LibreSSL ([\d\.]+)/;
-skip 'LibreSSL too old', 2 if defined $1 and $1 lt '3.4.0';
-$t->{_configure_args} =~ /OpenSSL ([\d\.]+)/;
-skip 'OpenSSL too old', 2 if defined $1 and $1 lt '1.1.0';
+skip 'LibreSSL too old', 2
+ if $t->has_module('LibreSSL')
+ and not $t->has_feature('libressl:3.4.0');
+skip 'OpenSSL too old', 2
+ if $t->has_module('OpenSSL')
+ and not $t->has_feature('openssl:1.1.0');

ok(!get_ssl('wrong'), 'alpn mismatch');

diff --git a/stream_ssl_certificate.t b/stream_ssl_certificate.t
--- a/stream_ssl_certificate.t
+++ b/stream_ssl_certificate.t
@@ -37,13 +37,10 @@ eval {
};
plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@;

-my $t = Test::Nginx->new()->has(qw/stream stream_ssl stream_geo stream_return/)
- ->has_daemon('openssl');
-
-$t->{_configure_args} =~ /OpenSSL ([\d\.]+)/;
-plan(skip_all => 'OpenSSL too old') unless defined $1 and $1 ge '1.0.2';
-
-$t->write_file_expand('nginx.conf', <<'EOF');
+my $t = Test::Nginx->new()
+ ->has(qw/stream stream_ssl stream_geo stream_return openssl:1.0.2/)
+ ->has_daemon('openssl')
+ ->write_file_expand('nginx.conf', <<'EOF');

%%TEST_GLOBALS%%

diff --git a/stream_ssl_conf_command.t b/stream_ssl_conf_command.t
--- a/stream_ssl_conf_command.t
+++ b/stream_ssl_conf_command.t
@@ -30,11 +30,10 @@ eval {
};
plan(skip_all => 'Net::SSLeay not installed') if $@;

-my $t = Test::Nginx->new()->has(qw/stream stream_ssl stream_return/)
+my $t = Test::Nginx->new()
+ ->has(qw/stream stream_ssl stream_return openssl:1.0.2/)
->has_daemon('openssl');

-$t->{_configure_args} =~ /OpenSSL ([\d\.]+)/;
-plan(skip_all => 'OpenSSL too old') unless defined $1 and $1 ge '1.0.2';
plan(skip_all => 'no ssl_conf_command') if $t->has_module('BoringSSL');

$t->write_file_expand('nginx.conf', <<'EOF');
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[PATCH 00 of 11] SSL tests simplified

Maxim Dounin 698 April 16, 2023 11:46PM

[PATCH 01 of 11] Tests: SIGPIPE handling in mail tests

Maxim Dounin 158 April 16, 2023 11:46PM

[PATCH 03 of 11] Tests: added has_feature() tests for IO::Socket::SSL

Maxim Dounin 156 April 16, 2023 11:46PM

Re: [PATCH 03 of 11] Tests: added has_feature() tests for IO::Socket::SSL

Sergey Kandaurov 161 May 03, 2023 12:22PM

Re: [PATCH 03 of 11] Tests: added has_feature() tests for IO::Socket::SSL

Maxim Dounin 167 May 03, 2023 11:58PM

[PATCH 04 of 11] Tests: fixed server_tokens tests for build names with spaces

Maxim Dounin 226 April 16, 2023 11:46PM

Re: [PATCH 04 of 11] Tests: fixed server_tokens tests for build names with spaces

Sergey Kandaurov 134 May 11, 2023 07:50AM

Re: [PATCH 04 of 11] Tests: fixed server_tokens tests for build names with spaces

Maxim Dounin 156 May 14, 2023 02:54PM

[PATCH 05 of 11] Tests: added has_feature() test for SSL libraries

Maxim Dounin 155 April 16, 2023 11:46PM

[PATCH 09 of 11] Tests: simplified stream SSL tests with IO::Socket::SSL

Maxim Dounin 163 April 16, 2023 11:46PM

[PATCH 06 of 11] Tests: reworked mail SSL tests to use IO::Socket::SSL

Maxim Dounin 178 April 16, 2023 11:46PM

Re: [PATCH 06 of 11] Tests: reworked mail SSL tests to use IO::Socket::SSL

Sergey Kandaurov 257 May 11, 2023 10:40AM

Re: [PATCH 06 of 11] Tests: reworked mail SSL tests to use IO::Socket::SSL

Maxim Dounin 144 May 14, 2023 05:12PM

[PATCH 08 of 11] Tests: reworked stream SSL tests to use IO::Socket::SSL

Maxim Dounin 159 April 16, 2023 11:46PM

[PATCH 07 of 11] Tests: simplified mail_imap_ssl.t

Maxim Dounin 161 April 16, 2023 11:46PM

[PATCH 10 of 11] Tests: reworked http SSL tests to use IO::Socket::SSL

Maxim Dounin 163 April 16, 2023 11:46PM

Re: [PATCH 10 of 11] Tests: reworked http SSL tests to use IO::Socket::SSL

Sergey Kandaurov 149 May 11, 2023 10:28AM

Re: [PATCH 10 of 11] Tests: reworked http SSL tests to use IO::Socket::SSL

Maxim Dounin 180 May 18, 2023 11:18AM

[PATCH 11 of 11] Tests: simplified http SSL tests with IO::Socket::SSL

Maxim Dounin 157 April 16, 2023 11:46PM

[PATCH 0 of 6] SSL tests refactoring fixes

Sergey Kandaurov 135 May 22, 2023 03:58PM

[PATCH 1 of 6] Tests: unbreak ssl_stapling.t after IO::Socket::SSL refactoring

Sergey Kandaurov 144 May 22, 2023 03:58PM

Re: [PATCH 1 of 6] Tests: unbreak ssl_stapling.t after IO::Socket::SSL refactoring

Maxim Dounin 170 May 22, 2023 04:38PM

[PATCH 2 of 6] Tests: unbreak tests with IO::Socket:SSL lacking SSL_session_key

Sergey Kandaurov 139 May 22, 2023 03:58PM

Re: [PATCH 2 of 6] Tests: unbreak tests with IO::Socket:SSL lacking SSL_session_key

Maxim Dounin 132 May 22, 2023 07:44PM

Re: [PATCH 2 of 6] Tests: unbreak tests with IO::Socket:SSL lacking SSL_session_key

Sergey Kandaurov 147 May 23, 2023 06:36AM

Re: [PATCH 2 of 6] Tests: unbreak tests with IO::Socket:SSL lacking SSL_session_key

Maxim Dounin 195 May 23, 2023 09:32AM

[PATCH 3 of 6] Tests: unbreak stream_ssl_variables.t with old IO::Socket::SSL

Sergey Kandaurov 135 May 22, 2023 04:00PM

Re: [PATCH 3 of 6] Tests: unbreak stream_ssl_variables.t with old IO::Socket::SSL

Maxim Dounin 131 May 22, 2023 07:52PM

[PATCH 4 of 6] Tests: avoid specifying PSS in sigalgs unless in TLSv1.3

Sergey Kandaurov 138 May 22, 2023 04:00PM

Re: [PATCH 4 of 6] Tests: avoid specifying PSS in sigalgs unless in TLSv1.3

Maxim Dounin 136 May 22, 2023 09:08PM

Re: [PATCH 4 of 6] Tests: avoid specifying PSS in sigalgs unless in TLSv1.3

Sergey Kandaurov 271 May 23, 2023 08:24AM

[PATCH 5 of 6] Tests: added missing socket_ssl_alpn guard in mail_ssl.t

Sergey Kandaurov 133 May 22, 2023 04:00PM

Re: [PATCH 5 of 6] Tests: added missing socket_ssl_alpn guard in mail_ssl.t

Maxim Dounin 130 May 22, 2023 10:18PM

Re: [PATCH 5 of 6] Tests: added missing socket_ssl_alpn guard in mail_ssl.t

Sergey Kandaurov 226 May 23, 2023 08:56AM

[PATCH 6 of 6] Tests: added missing socket_ssl_reused prerequisites

Sergey Kandaurov 130 May 22, 2023 04:00PM

Re: [PATCH 6 of 6] Tests: added missing socket_ssl_reused prerequisites

Maxim Dounin 117 May 22, 2023 10:40PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 118
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready