Maxim Dounin
April 16, 2023 11:46PM
# HG changeset patch
# User Maxim Dounin <mdounin@mdounin.ru>
# Date 1681702266 -10800
# Mon Apr 17 06:31:06 2023 +0300
# Node ID cfedbdf904c75695664c6fb6826e310ff6f510de
# Parent 2aaba5bbc0366bffe1f468105b1185cd48efbc93
Tests: simplified http SSL tests with IO::Socket::SSL.

The http SSL tests which previously used IO::Socket::SSL were converted
to use improved IO::Socket::SSL infrastructure in Test::Nginx.

diff --git a/ssl.t b/ssl.t
--- a/ssl.t
+++ b/ssl.t
@@ -14,6 +14,7 @@ use strict;
use Test::More;

use Socket qw/ CRLF /;
+use IO::Select;

BEGIN { use FindBin; chdir($FindBin::Bin); }

@@ -278,11 +279,9 @@ sub test_tls13 {
}

sub get {
- my ($uri, $port, $ctx) = @_;
- my $s = get_ssl_socket($port, $ctx) or return;
- my $r = http_get($uri, socket => $s);
- $s->close();
- return $r;
+ my ($uri, $port, $ctx, %extra) = @_;
+ my $s = get_ssl_socket($port, $ctx, %extra) or return;
+ return http_get($uri, socket => $s);
}

sub get_body {
@@ -297,16 +296,16 @@ sub get_body {
http($chs . CRLF . $body x $len . CRLF, socket => $s, start => 1)
for 1 .. $n;
my $r = http("0" . CRLF . CRLF, socket => $s);
- $s->close();
return $r;
}

sub cert {
my ($uri, $port) = @_;
- my $s = get_ssl_socket($port, undef,
+ return get(
+ $uri, $port, undef,
SSL_cert_file => "$d/subject.crt",
- SSL_key_file => "$d/subject.key") or return;
- http_get($uri, socket => $s);
+ SSL_key_file => "$d/subject.key"
+ );
}

sub get_ssl_context {
@@ -318,45 +317,32 @@ sub get_ssl_context {

sub get_ssl_socket {
my ($port, $ctx, %extra) = @_;
- my $s;
-
- eval {
- local $SIG{ALRM} = sub { die "timeout\n" };
- local $SIG{PIPE} = sub { die "sigpipe\n" };
- alarm(8);
- $s = IO::Socket::SSL->new(
- Proto => 'tcp',
- PeerAddr => '127.0.0.1',
- PeerPort => port($port),
- SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
- SSL_reuse_ctx => $ctx,
- SSL_error_trap => sub { die $_[1] },
- %extra
- );
- alarm(0);
- };
- alarm(0);
-
- if ($@) {
- log_in("died: $@");
- return undef;
- }
-
- return $s;
+ return http(
+ '', PeerAddr => '127.0.0.1:' . port($port), start => 1,
+ SSL => 1,
+ SSL_reuse_ctx => $ctx,
+ %extra
+ );
}

sub get_ssl_shutdown {
my ($port) = @_;

- my $s = IO::Socket::INET->new('127.0.0.1:' . port($port));
- my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!");
- my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!");
- Net::SSLeay::set_fd($ssl, fileno($s));
- Net::SSLeay::connect($ssl) or die("ssl connect");
- Net::SSLeay::write($ssl, 'GET /' . CRLF . 'extra');
- Net::SSLeay::read($ssl);
- Net::SSLeay::set_shutdown($ssl, 1);
- Net::SSLeay::shutdown($ssl);
+ my $s = http(
+ 'GET /' . CRLF . 'extra',
+ PeerAddr => '127.0.0.1:' . port($port), start => 1,
+ SSL => 1
+ );
+
+ $s->blocking(0);
+ while (IO::Select->new($s)->can_read(8)) {
+ my $n = $s->sysread(my $buf, 16384);
+ next if !defined $n && $!{EWOULDBLOCK};
+ last;
+ }
+ $s->blocking(1);
+
+ return $s->stop_SSL();
}

###############################################################################
diff --git a/ssl_certificate_chain.t b/ssl_certificate_chain.t
--- a/ssl_certificate_chain.t
+++ b/ssl_certificate_chain.t
@@ -133,41 +133,27 @@ system("openssl ca -batch -config $d/ca.

###############################################################################

-is(get_ssl_socket(port(8080)), undef, 'incomplete chain');
-ok(get_ssl_socket(port(8081)), 'intermediate');
-ok(get_ssl_socket(port(8082)), 'intermediate server');
+ok(!get_ssl_socket(8080), 'incomplete chain');
+ok(get_ssl_socket(8081), 'intermediate');
+ok(get_ssl_socket(8082), 'intermediate server');

###############################################################################

sub get_ssl_socket {
my ($port) = @_;
- my ($s, $verify);
+ my ($verify);

- eval {
- local $SIG{ALRM} = sub { die "timeout\n" };
- local $SIG{PIPE} = sub { die "sigpipe\n" };
- alarm(8);
- $s = IO::Socket::SSL->new(
- Proto => 'tcp',
- PeerAddr => '127.0.0.1',
- PeerPort => $port,
- SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_PEER(),
- SSL_ca_file => "$d/root.crt",
- SSL_verify_callback => sub {
- my ($ok) = @_;
- $verify = $ok;
- return $ok;
- },
- SSL_error_trap => sub { die $_[1] }
- );
- alarm(0);
- };
- alarm(0);
-
- if ($@) {
- log_in("died: $@");
- return undef;
- }
+ http(
+ '', PeerAddr => '127.0.0.1:' . port($port), start => 1,
+ SSL => 1,
+ SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_PEER(),
+ SSL_ca_file => "$d/root.crt",
+ SSL_verify_callback => sub {
+ my ($ok) = @_;
+ $verify = $ok;
+ return $ok;
+ }
+ );

return $verify;
}
diff --git a/ssl_client_escaped_cert.t b/ssl_client_escaped_cert.t
--- a/ssl_client_escaped_cert.t
+++ b/ssl_client_escaped_cert.t
@@ -91,31 +91,12 @@ is($escaped, $cert, 'ssl_client_escaped_

sub cert {
my ($uri) = @_;
- my $s;
-
- eval {
- local $SIG{ALRM} = sub { die "timeout\n" };
- local $SIG{PIPE} = sub { die "sigpipe\n" };
- alarm(8);
- $s = IO::Socket::SSL->new(
- Proto => 'tcp',
- PeerAddr => '127.0.0.1',
- PeerPort => port(8443),
- SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
- SSL_cert_file => "$d/localhost.crt",
- SSL_key_file => "$d/localhost.key",
- SSL_error_trap => sub { die $_[1] },
- );
- alarm(0);
- };
- alarm(0);
-
- if ($@) {
- log_in("died: $@");
- return undef;
- }
-
- http_get($uri, socket => $s);
+ return http_get(
+ $uri,
+ SSL => 1,
+ SSL_cert_file => "$d/localhost.crt",
+ SSL_key_file => "$d/localhost.key"
+ );
}

###############################################################################
diff --git a/ssl_crl.t b/ssl_crl.t
--- a/ssl_crl.t
+++ b/ssl_crl.t
@@ -162,37 +162,12 @@ like(get(8082, 'end'), qr/FAILED/, 'crl

sub get {
my ($port, $cert) = @_;
- my $s = get_ssl_socket($port, $cert) or return;
- http_get('/t', socket => $s);
-}
-
-sub get_ssl_socket {
- my ($port, $cert) = @_;
- my ($s);
-
- eval {
- local $SIG{ALRM} = sub { die "timeout\n" };
- local $SIG{PIPE} = sub { die "sigpipe\n" };
- alarm(8);
- $s = IO::Socket::SSL->new(
- Proto => 'tcp',
- PeerAddr => '127.0.0.1',
- PeerPort => port($port),
- SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
- SSL_cert_file => "$d/$cert.crt",
- SSL_key_file => "$d/$cert.key",
- SSL_error_trap => sub { die $_[1] }
- );
- alarm(0);
- };
- alarm(0);
-
- if ($@) {
- log_in("died: $@");
- return undef;
- }
-
- return $s;
+ http_get(
+ '/t', PeerAddr => '127.0.0.1:' . port($port),
+ SSL => 1,
+ SSL_cert_file => "$d/$cert.crt",
+ SSL_key_file => "$d/$cert.key"
+ );
}

###############################################################################
diff --git a/ssl_curve.t b/ssl_curve.t
--- a/ssl_curve.t
+++ b/ssl_curve.t
@@ -75,43 +75,6 @@ foreach my $name ('localhost') {

###############################################################################

-like(get('/curve'), qr/^prime256v1 /m, 'ssl curve');
+like(http_get('/curve', SSL => 1), qr/^prime256v1 /m, 'ssl curve');

###############################################################################
-
-sub get {
- my ($uri, $port, $ctx) = @_;
- my $s = get_ssl_socket($port) or return;
- my $r = http_get($uri, socket => $s);
- $s->close();
- return $r;
-}
-
-sub get_ssl_socket {
- my ($port, $ctx) = @_;
- my $s;
-
- eval {
- local $SIG{ALRM} = sub { die "timeout\n" };
- local $SIG{PIPE} = sub { die "sigpipe\n" };
- alarm(8);
- $s = IO::Socket::SSL->new(
- Proto => 'tcp',
- PeerAddr => '127.0.0.1',
- PeerPort => port(8443),
- SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
- SSL_error_trap => sub { die $_[1] },
- );
- alarm(0);
- };
- alarm(0);
-
- if ($@) {
- log_in("died: $@");
- return undef;
- }
-
- return $s;
-}
-
-###############################################################################
diff --git a/ssl_password_file.t b/ssl_password_file.t
--- a/ssl_password_file.t
+++ b/ssl_password_file.t
@@ -49,7 +49,7 @@ http {
ssl_password_file password_http;

server {
- listen 127.0.0.1:8081 ssl;
+ listen 127.0.0.1:8443 ssl;
listen 127.0.0.1:8080;
server_name localhost;

@@ -132,33 +132,6 @@ is($@, '', 'ssl_password_file works');
# simple tests to ensure that nothing broke with ssl_password_file directive

like(http_get('/'), qr/200 OK.*http/ms, 'http');
-like(http_get('/', socket => get_ssl_socket()), qr/200 OK.*https/ms, 'https');
+like(http_get('/', SSL => 1), qr/200 OK.*https/ms, 'https');

###############################################################################
-
-sub get_ssl_socket {
- my $s;
-
- eval {
- local $SIG{ALRM} = sub { die "timeout\n" };
- local $SIG{PIPE} = sub { die "sigpipe\n" };
- alarm(8);
- $s = IO::Socket::SSL->new(
- Proto => 'tcp',
- PeerAddr => '127.0.0.1:' . port(8081),
- SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
- SSL_error_trap => sub { die $_[1] }
- );
- alarm(0);
- };
- alarm(0);
-
- if ($@) {
- log_in("died: $@");
- return undef;
- }
-
- return $s;
-}
-
-###############################################################################
diff --git a/ssl_proxy_protocol.t b/ssl_proxy_protocol.t
--- a/ssl_proxy_protocol.t
+++ b/ssl_proxy_protocol.t
@@ -148,24 +148,7 @@ sub pp_get {

my $s = http($proxy, start => 1);

- eval {
- local $SIG{ALRM} = sub { die "timeout\n" };
- local $SIG{PIPE} = sub { die "sigpipe\n" };
- alarm(8);
- IO::Socket::SSL->start_SSL($s,
- SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
- SSL_error_trap => sub { die $_[1] }
- );
- alarm(0);
- };
- alarm(0);
-
- if ($@) {
- log_in("died: $@");
- return undef;
- }
-
- return http(<<EOF, socket => $s);
+ return http(<<EOF, socket => $s, SSL => 1);
GET $url HTTP/1.0
Host: localhost

diff --git a/ssl_reject_handshake.t b/ssl_reject_handshake.t
--- a/ssl_reject_handshake.t
+++ b/ssl_reject_handshake.t
@@ -136,44 +136,14 @@ like(get('virtual2', 8082), qr/unrecogni

sub get {
my ($host, $port) = @_;
- my $s = get_ssl_socket($host, $port) or return $@;
- $host = 'localhost' if !defined $host;
- my $r = http(<<EOF, socket => $s);
-GET / HTTP/1.0
-Host: $host
-
-EOF
-
- $s->close();
+ my $r = http(
+ "GET / HTTP/1.0\nHost: " . ($host || 'localhost') . "\n\n",
+ PeerAddr => '127.0.0.1:' . port($port),
+ SSL => 1,
+ SSL_hostname => $host
+ )
+ or return "$@";
return $r;
}

-sub get_ssl_socket {
- my ($host, $port) = @_;
- my $s;
-
- eval {
- local $SIG{ALRM} = sub { die "timeout\n" };
- local $SIG{PIPE} = sub { die "sigpipe\n" };
- alarm(8);
- $s = IO::Socket::SSL->new(
- Proto => 'tcp',
- PeerAddr => '127.0.0.1',
- PeerPort => port($port),
- SSL_hostname => $host,
- SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
- SSL_error_trap => sub { die $_[1] },
- );
- alarm(0);
- };
- alarm(0);
-
- if ($@) {
- log_in("died: $@");
- return undef;
- }
-
- return $s;
-}
-
###############################################################################
diff --git a/ssl_session_reuse.t b/ssl_session_reuse.t
--- a/ssl_session_reuse.t
+++ b/ssl_session_reuse.t
@@ -16,7 +16,7 @@ use Test::More;
BEGIN { use FindBin; chdir($FindBin::Bin); }

use lib 'lib';
-use Test::Nginx;
+use Test::Nginx qw/ :DEFAULT http_end /;

###############################################################################

@@ -192,58 +192,26 @@ like(`grep -F '[crit]' ${\($t->testdir()
###############################################################################

sub test_tls13 {
- return get('/protocol', 8443) =~ /TLSv1.3/;
+ return http_get('/protocol', SSL => 1) =~ /TLSv1.3/;
}

sub test_reuse {
my ($port) = @_;
- my $ctx = get_ssl_context();
- get('/', $port, $ctx);
- return (get('/', $port, $ctx) =~ qr/^body r$/m) ? 1 : 0;
-}

-sub get {
- my ($uri, $port, $ctx) = @_;
- my $s = get_ssl_socket($port, $ctx) or return;
- my $r = http_get($uri, socket => $s);
- $s->close();
- return $r;
-}
-
-sub get_ssl_context {
- return IO::Socket::SSL::SSL_Context->new(
- SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
+ my $s = http_get(
+ '/', PeerAddr => '127.0.0.1:' . port($port), start => 1,
+ SSL => 1,
SSL_session_cache_size => 100
);
-}
-
-sub get_ssl_socket {
- my ($port, $ctx, %extra) = @_;
- my $s;
+ http_end($s);

- eval {
- local $SIG{ALRM} = sub { die "timeout\n" };
- local $SIG{PIPE} = sub { die "sigpipe\n" };
- alarm(8);
- $s = IO::Socket::SSL->new(
- Proto => 'tcp',
- PeerAddr => '127.0.0.1',
- PeerPort => port($port),
- SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
- SSL_reuse_ctx => $ctx,
- SSL_error_trap => sub { die $_[1] },
- %extra
- );
- alarm(0);
- };
- alarm(0);
+ my $r = http_get(
+ '/', PeerAddr => '127.0.0.1:' . port($port),
+ SSL => 1,
+ SSL_reuse_ctx => $s
+ );

- if ($@) {
- log_in("died: $@");
- return undef;
- }
-
- return $s;
+ return ($r =~ qr/^body r$/m) ? 1 : 0;
}

###############################################################################
diff --git a/ssl_sni.t b/ssl_sni.t
--- a/ssl_sni.t
+++ b/ssl_sni.t
@@ -37,42 +37,34 @@ http {
%%TEST_GLOBALS_HTTP%%

server {
- listen 127.0.0.1:8080 ssl;
+ listen 127.0.0.1:8443 ssl;
server_name localhost;

ssl_certificate_key localhost.key;
ssl_certificate localhost.crt;

location / {
- return 200 $server_name;
+ return 200 $server_name:$ssl_server_name;
}

location /protocol {
return 200 $ssl_protocol;
}
+
+ location /name {
+ return 200 $ssl_session_reused:$ssl_server_name;
+ }
}

server {
- listen 127.0.0.1:8080;
+ listen 127.0.0.1:8443;
server_name example.com;

ssl_certificate_key example.com.key;
ssl_certificate example.com.crt;

location / {
- return 200 $server_name;
- }
- }
-
- server {
- listen 127.0.0.1:8081 ssl;
- server_name localhost;
-
- ssl_certificate_key localhost.key;
- ssl_certificate localhost.crt;
-
- location / {
- return 200 $ssl_session_reused:$ssl_server_name;
+ return 200 $server_name:$ssl_server_name;
}
}
}
@@ -104,19 +96,19 @@ foreach my $name ('localhost', 'example.
like(get_cert_cn(), qr!/CN=localhost!, 'default cert');
like(get_cert_cn('example.com'), qr!/CN=example.com!, 'sni cert');

-like(https_get_host('example.com'), qr!example.com!,
+like(get_host('example.com'), qr!example.com:example.com!,
'host exists, sni exists, and host is equal sni');

-like(https_get_host('example.com', 'example.org'), qr!example.com!,
+like(get_host('example.com', 'example.org'), qr!example.com:example.org!,
'host exists, sni not found');

TODO: {
local $TODO = 'sni restrictions';

-like(https_get_host('example.com', 'localhost'), qr!400 Bad Request!,
+like(get_host('example.com', 'localhost'), qr!400 Bad Request!,
'host exists, sni exists, and host is not equal sni');

-like(https_get_host('example.org', 'example.com'), qr!400 Bad Request!,
+like(get_host('example.org', 'example.com'), qr!400 Bad Request!,
'host not found, sni exists');

}
@@ -127,7 +119,7 @@ my $ctx = new IO::Socket::SSL::SSL_Conte
SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
SSL_session_cache_size => 100);

-like(get('/', 'localhost', 8081, $ctx), qr/^\.:localhost$/m, 'ssl server name');
+like(get('/name', 'localhost', $ctx), qr/^\.:localhost$/m, 'ssl server name');

TODO: {
local $TODO = 'no TLSv1.3 sessions, old Net::SSLeay'
@@ -137,7 +129,7 @@ local $TODO = 'no TLSv1.3 sessions, old
local $TODO = 'no TLSv1.3 sessions in LibreSSL'
if $t->has_module('LibreSSL') && test_tls13();

-like(get('/', 'localhost', 8081, $ctx), qr/^r:localhost$/m,
+like(get('/name', 'localhost', $ctx), qr/^r:localhost$/m,
'ssl server name - reused');

}
@@ -148,58 +140,29 @@ sub test_tls13 {
get('/protocol', 'localhost') =~ /TLSv1.3/;
}

-sub get_ssl_socket {
- my ($host, $port, $ctx) = @_;
- my $s;
-
- eval {
- local $SIG{ALRM} = sub { die "timeout\n" };
- local $SIG{PIPE} = sub { die "sigpipe\n" };
- alarm(8);
- $s = IO::Socket::SSL->new(
- Proto => 'tcp',
- PeerAddr => '127.0.0.1:' . port($port || 8080),
- SSL_hostname => $host,
- SSL_reuse_ctx => $ctx,
- SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
- SSL_error_trap => sub { die $_[1] }
- );
- alarm(0);
- };
- alarm(0);
-
- if ($@) {
- log_in("died: $@");
- return undef;
- }
-
- return $s;
-}
-
sub get_cert_cn {
my ($host) = @_;
- my $s = get_ssl_socket($host);
-
+ my $s = http('', start => 1, SSL => 1, SSL_hostname => $host);
return $s->dump_peer_certificate();
}

-sub https_get_host {
+sub get_host {
my ($host, $sni) = @_;
- my $s = get_ssl_socket($sni ? $sni : $host);
-
- return http(<<EOF, socket => $s);
-GET / HTTP/1.0
-Host: $host
-
-EOF
+ return http(
+ "GET / HTTP/1.0\nHost: $host\n\n",
+ SSL => 1,
+ SSL_hostname => $sni || $host
+ );
}

sub get {
- my ($uri, $host, $port, $ctx) = @_;
- my $s = get_ssl_socket($host, $port, $ctx) or return;
- my $r = http_get($uri, socket => $s);
- $s->close();
- return $r;
+ my ($uri, $host, $ctx) = @_;
+ return http_get(
+ $uri,
+ SSL => 1,
+ SSL_hostname => $host,
+ SSL_reuse_ctx => $ctx
+ );
}

###############################################################################
diff --git a/ssl_sni_sessions.t b/ssl_sni_sessions.t
--- a/ssl_sni_sessions.t
+++ b/ssl_sni_sessions.t
@@ -110,15 +110,14 @@ foreach my $name ('localhost') {

$t->run();

-plan(skip_all => 'no TLS 1.3 sessions')
- if get('default', port(8443), get_ssl_context()) =~ /TLSv1.3/
- && ($Net::SSLeay::VERSION < 1.88 || $IO::Socket::SSL::VERSION < 2.061);
-plan(skip_all => 'no TLS 1.3 sessions in LibreSSL')
- if get('default', port(8443), get_ssl_context()) =~ /TLSv1.3/
- && $t->has_module('LibreSSL');
+plan(skip_all => 'no TLSv1.3 sessions, old Net::SSLeay')
+ if $Net::SSLeay::VERSION < 1.88 && test_tls13();
+plan(skip_all => 'no TLSv1.3 sessions, old IO::Socket::SSL')
+ if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
+plan(skip_all => 'no TLSv1.3 sessions in LibreSSL')
+ if $t->has_module('LibreSSL') && test_tls13();
plan(skip_all => 'no TLS 1.3 session cache in BoringSSL')
- if get('default', port(8443), get_ssl_context()) =~ /TLSv1.3/
- && $t->has_module('BoringSSL');
+ if $t->has_module('BoringSSL') && test_tls13();

$t->plan(6);

@@ -128,8 +127,8 @@ plan(skip_all => 'no TLS 1.3 session cac

my $ctx = get_ssl_context();

-like(get('default', port(8443), $ctx), qr!default:\.!, 'default server');
-like(get('default', port(8443), $ctx), qr!default:r!, 'default server reused');
+like(get('default', 8443, $ctx), qr!default:\.!, 'default server');
+like(get('default', 8443, $ctx), qr!default:r!, 'default server reused');

# check that sessions are still properly saved and restored
# when using an SNI-based virtual server with different session cache;
@@ -143,16 +142,16 @@ like(get('default', port(8443), $ctx), q

$ctx = get_ssl_context();

-like(get('nocache', port(8443), $ctx), qr!nocache:\.!, 'without cache');
-like(get('nocache', port(8443), $ctx), qr!nocache:r!, 'without cache reused');
+like(get('nocache', 8443, $ctx), qr!nocache:\.!, 'without cache');
+like(get('nocache', 8443, $ctx), qr!nocache:r!, 'without cache reused');

# make sure tickets can be used if an SNI-based virtual server
# uses a different set of session ticket keys explicitly set

$ctx = get_ssl_context();

-like(get('tickets', port(8444), $ctx), qr!tickets:\.!, 'tickets');
-like(get('tickets', port(8444), $ctx), qr!tickets:r!, 'tickets reused');
+like(get('tickets', 8444, $ctx), qr!tickets:\.!, 'tickets');
+like(get('tickets', 8444, $ctx), qr!tickets:r!, 'tickets reused');

###############################################################################

@@ -163,46 +162,19 @@ sub get_ssl_context {
);
}

-sub get_ssl_socket {
+sub get {
my ($host, $port, $ctx) = @_;
- my $s;
-
- eval {
- local $SIG{ALRM} = sub { die "timeout\n" };
- local $SIG{PIPE} = sub { die "sigpipe\n" };
- alarm(8);
- $s = IO::Socket::SSL->new(
- Proto => 'tcp',
- PeerAddr => '127.0.0.1',
- PeerPort => $port,
- SSL_hostname => $host,
- SSL_reuse_ctx => $ctx,
- SSL_error_trap => sub { die $_[1] }
- );
- alarm(0);
- };
- alarm(0);
-
- if ($@) {
- log_in("died: $@");
- return undef;
- }
-
- return $s;
+ return http(
+ "GET / HTTP/1.0\nHost: $host\n\n",
+ PeerAddr => '127.0.0.1:' . port($port),
+ SSL => 1,
+ SSL_hostname => $host,
+ SSL_reuse_ctx => $ctx
+ );
}

-sub get {
- my ($host, $port, $ctx) = @_;
-
- my $s = get_ssl_socket($host, $port, $ctx) or return;
- my $r = http(<<EOF, socket => $s);
-GET / HTTP/1.0
-Host: $host
-
-EOF
-
- $s->close();
- return $r;
+sub test_tls13 {
+ return get('default', 8443) =~ /TLSv1.3/;
}

###############################################################################
diff --git a/ssl_verify_depth.t b/ssl_verify_depth.t
--- a/ssl_verify_depth.t
+++ b/ssl_verify_depth.t
@@ -172,37 +172,13 @@ like(get(8082, 'end'), qr/SUCCESS/, 've

sub get {
my ($port, $cert) = @_;
- my $s = get_ssl_socket($port, $cert) or return;
- http_get("/t?$cert", socket => $s);
-}
-
-sub get_ssl_socket {
- my ($port, $cert) = @_;
- my ($s);
-
- eval {
- local $SIG{ALRM} = sub { die "timeout\n" };
- local $SIG{PIPE} = sub { die "sigpipe\n" };
- alarm(8);
- $s = IO::Socket::SSL->new(
- Proto => 'tcp',
- PeerAddr => '127.0.0.1',
- PeerPort => port($port),
- SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
- SSL_cert_file => "$d/$cert.crt",
- SSL_key_file => "$d/$cert.key",
- SSL_error_trap => sub { die $_[1] }
- );
- alarm(0);
- };
- alarm(0);
-
- if ($@) {
- log_in("died: $@");
- return undef;
- }
-
- return $s;
+ http_get(
+ "/t?$cert",
+ PeerAddr => '127.0.0.1:' . port($port),
+ SSL => 1,
+ SSL_cert_file => "$d/$cert.crt",
+ SSL_key_file => "$d/$cert.key"
+ );
}

###############################################################################
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[PATCH 00 of 11] SSL tests simplified

Maxim Dounin 589 April 16, 2023 11:46PM

[PATCH 01 of 11] Tests: SIGPIPE handling in mail tests

Maxim Dounin 106 April 16, 2023 11:46PM

[PATCH 03 of 11] Tests: added has_feature() tests for IO::Socket::SSL

Maxim Dounin 112 April 16, 2023 11:46PM

Re: [PATCH 03 of 11] Tests: added has_feature() tests for IO::Socket::SSL

Sergey Kandaurov 117 May 03, 2023 12:22PM

Re: [PATCH 03 of 11] Tests: added has_feature() tests for IO::Socket::SSL

Maxim Dounin 118 May 03, 2023 11:58PM

[PATCH 04 of 11] Tests: fixed server_tokens tests for build names with spaces

Maxim Dounin 112 April 16, 2023 11:46PM

Re: [PATCH 04 of 11] Tests: fixed server_tokens tests for build names with spaces

Sergey Kandaurov 80 May 11, 2023 07:50AM

Re: [PATCH 04 of 11] Tests: fixed server_tokens tests for build names with spaces

Maxim Dounin 102 May 14, 2023 02:54PM

[PATCH 05 of 11] Tests: added has_feature() test for SSL libraries

Maxim Dounin 108 April 16, 2023 11:46PM

[PATCH 09 of 11] Tests: simplified stream SSL tests with IO::Socket::SSL

Maxim Dounin 111 April 16, 2023 11:46PM

[PATCH 06 of 11] Tests: reworked mail SSL tests to use IO::Socket::SSL

Maxim Dounin 124 April 16, 2023 11:46PM

Re: [PATCH 06 of 11] Tests: reworked mail SSL tests to use IO::Socket::SSL

Sergey Kandaurov 173 May 11, 2023 10:40AM

Re: [PATCH 06 of 11] Tests: reworked mail SSL tests to use IO::Socket::SSL

Maxim Dounin 104 May 14, 2023 05:12PM

[PATCH 08 of 11] Tests: reworked stream SSL tests to use IO::Socket::SSL

Maxim Dounin 114 April 16, 2023 11:46PM

[PATCH 07 of 11] Tests: simplified mail_imap_ssl.t

Maxim Dounin 108 April 16, 2023 11:46PM

[PATCH 10 of 11] Tests: reworked http SSL tests to use IO::Socket::SSL

Maxim Dounin 112 April 16, 2023 11:46PM

Re: [PATCH 10 of 11] Tests: reworked http SSL tests to use IO::Socket::SSL

Sergey Kandaurov 107 May 11, 2023 10:28AM

Re: [PATCH 10 of 11] Tests: reworked http SSL tests to use IO::Socket::SSL

Maxim Dounin 125 May 18, 2023 11:18AM

[PATCH 11 of 11] Tests: simplified http SSL tests with IO::Socket::SSL

Maxim Dounin 112 April 16, 2023 11:46PM

[PATCH 0 of 6] SSL tests refactoring fixes

Sergey Kandaurov 89 May 22, 2023 03:58PM

[PATCH 1 of 6] Tests: unbreak ssl_stapling.t after IO::Socket::SSL refactoring

Sergey Kandaurov 105 May 22, 2023 03:58PM

Re: [PATCH 1 of 6] Tests: unbreak ssl_stapling.t after IO::Socket::SSL refactoring

Maxim Dounin 81 May 22, 2023 04:38PM

[PATCH 2 of 6] Tests: unbreak tests with IO::Socket:SSL lacking SSL_session_key

Sergey Kandaurov 89 May 22, 2023 03:58PM

Re: [PATCH 2 of 6] Tests: unbreak tests with IO::Socket:SSL lacking SSL_session_key

Maxim Dounin 81 May 22, 2023 07:44PM

Re: [PATCH 2 of 6] Tests: unbreak tests with IO::Socket:SSL lacking SSL_session_key

Sergey Kandaurov 99 May 23, 2023 06:36AM

Re: [PATCH 2 of 6] Tests: unbreak tests with IO::Socket:SSL lacking SSL_session_key

Maxim Dounin 144 May 23, 2023 09:32AM

[PATCH 3 of 6] Tests: unbreak stream_ssl_variables.t with old IO::Socket::SSL

Sergey Kandaurov 86 May 22, 2023 04:00PM

Re: [PATCH 3 of 6] Tests: unbreak stream_ssl_variables.t with old IO::Socket::SSL

Maxim Dounin 86 May 22, 2023 07:52PM

[PATCH 4 of 6] Tests: avoid specifying PSS in sigalgs unless in TLSv1.3

Sergey Kandaurov 88 May 22, 2023 04:00PM

Re: [PATCH 4 of 6] Tests: avoid specifying PSS in sigalgs unless in TLSv1.3

Maxim Dounin 84 May 22, 2023 09:08PM

Re: [PATCH 4 of 6] Tests: avoid specifying PSS in sigalgs unless in TLSv1.3

Sergey Kandaurov 158 May 23, 2023 08:24AM

[PATCH 5 of 6] Tests: added missing socket_ssl_alpn guard in mail_ssl.t

Sergey Kandaurov 92 May 22, 2023 04:00PM

Re: [PATCH 5 of 6] Tests: added missing socket_ssl_alpn guard in mail_ssl.t

Maxim Dounin 84 May 22, 2023 10:18PM

Re: [PATCH 5 of 6] Tests: added missing socket_ssl_alpn guard in mail_ssl.t

Sergey Kandaurov 149 May 23, 2023 08:56AM

[PATCH 6 of 6] Tests: added missing socket_ssl_reused prerequisites

Sergey Kandaurov 90 May 22, 2023 04:00PM

Re: [PATCH 6 of 6] Tests: added missing socket_ssl_reused prerequisites

Maxim Dounin 78 May 22, 2023 10:40PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 207
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready