Hello!
On Mon, May 22, 2023 at 11:52:14PM +0400, Sergey Kandaurov wrote:
> # HG changeset patch
> # User Sergey Kandaurov <pluknet@nginx.com>
> # Date 1684773874 -14400
> # Mon May 22 20:44:34 2023 +0400
> # Node ID 4a3a451716ba26f8fc4be1ccc88dd8596101a6b2
> # Parent 231b14e2041afed10f5c2e6f62aad298854a6379
> Tests: unbreak tests with IO::Socket:SSL lacking SSL_session_key.
>
> diff --git a/ssl_certificate.t b/ssl_certificate.t
> --- a/ssl_certificate.t
> +++ b/ssl_certificate.t
> @@ -171,6 +171,8 @@ local $TODO = 'no TLSv1.3 sessions, old
> if $Net::SSLeay::VERSION < 1.88 && test_tls13();
> local $TODO = 'no TLSv1.3 sessions, old IO::Socket::SSL'
> if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
> +local $TODO = 'no SSL_session_key, old IO::Socket::SSL'
> + if $IO::Socket::SSL::VERSION < 1.965;
>
> like(get('default', 8080, $s), qr/default:r/, 'session reused');
>
Should be:
diff -r a797d7428fa5 ssl_certificate.t
--- a/ssl_certificate.t Thu May 18 18:07:19 2023 +0300
+++ b/ssl_certificate.t Mon May 22 22:20:59 2023 +0000
@@ -177,6 +177,8 @@
TODO: {
# ticket key name mismatch prevents session resumption
local $TODO = 'not yet' unless $t->has_version('1.23.2');
+local $TODO = 'no SSL_session_key, old IO::Socket::SSL'
+ if $IO::Socket::SSL::VERSION < 1.965;
like(get('default', 8081, $s), qr/default:r/, 'session id context match');
as the "session reused" is passed regardless of SSL_session_key
presence.
> diff --git a/stream_ssl_certificate.t b/stream_ssl_certificate.t
> --- a/stream_ssl_certificate.t
> +++ b/stream_ssl_certificate.t
> @@ -148,6 +148,8 @@ local $TODO = 'no TLSv1.3 sessions, old
> if $Net::SSLeay::VERSION < 1.88 && test_tls13();
> local $TODO = 'no TLSv1.3 sessions, old IO::Socket::SSL'
> if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
> +local $TODO = 'no SSL_session_key, old IO::Socket::SSL'
> + if $IO::Socket::SSL::VERSION < 1.965;
>
> like(get('default', 8080, $s), qr/default:r/, 'session reused');
>
The same here.
Additionally, ssl_session_ticket_key.t also uses SSL_session_key,
but it currently happens to be skipped at least on CentOS 7 due to
old Net::SSLeay. Given IO::Socket::SSL changes, appropriate
version for it is probably 2.029.
diff --git a/ssl_session_ticket_key.t b/ssl_session_ticket_key.t
--- a/ssl_session_ticket_key.t
+++ b/ssl_session_ticket_key.t
@@ -24,6 +24,8 @@ select STDOUT; $| = 1;
eval { require Net::SSLeay; die if $Net::SSLeay::VERSION < 1.86; };
plan(skip_all => 'Net::SSLeay version => 1.86 required') if $@;
+eval { require IO::Socket::SSL; die if $IO::Socket::SSL::VERSION < 2.029; };
+plan(skip_all => 'IO::Socket::SSL version => 2.029 required') if $@;
my $t = Test::Nginx->new()->has(qw/http http_ssl socket_ssl/)
->has_daemon('openssl')->plan(2)
--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel