[PATCH 11 of 11] Tests: simplified http SSL tests with IO::Socket::SSL
Maxim Dounin
mdounin at mdounin.ru
Mon Apr 17 03:31:35 UTC 2023
# HG changeset patch
# User Maxim Dounin <mdounin at mdounin.ru>
# Date 1681702266 -10800
# Mon Apr 17 06:31:06 2023 +0300
# Node ID cfedbdf904c75695664c6fb6826e310ff6f510de
# Parent 2aaba5bbc0366bffe1f468105b1185cd48efbc93
Tests: simplified http SSL tests with IO::Socket::SSL.
The http SSL tests which previously used IO::Socket::SSL were converted
to use improved IO::Socket::SSL infrastructure in Test::Nginx.
diff --git a/ssl.t b/ssl.t
--- a/ssl.t
+++ b/ssl.t
@@ -14,6 +14,7 @@ use strict;
use Test::More;
use Socket qw/ CRLF /;
+use IO::Select;
BEGIN { use FindBin; chdir($FindBin::Bin); }
@@ -278,11 +279,9 @@ sub test_tls13 {
}
sub get {
- my ($uri, $port, $ctx) = @_;
- my $s = get_ssl_socket($port, $ctx) or return;
- my $r = http_get($uri, socket => $s);
- $s->close();
- return $r;
+ my ($uri, $port, $ctx, %extra) = @_;
+ my $s = get_ssl_socket($port, $ctx, %extra) or return;
+ return http_get($uri, socket => $s);
}
sub get_body {
@@ -297,16 +296,16 @@ sub get_body {
http($chs . CRLF . $body x $len . CRLF, socket => $s, start => 1)
for 1 .. $n;
my $r = http("0" . CRLF . CRLF, socket => $s);
- $s->close();
return $r;
}
sub cert {
my ($uri, $port) = @_;
- my $s = get_ssl_socket($port, undef,
+ return get(
+ $uri, $port, undef,
SSL_cert_file => "$d/subject.crt",
- SSL_key_file => "$d/subject.key") or return;
- http_get($uri, socket => $s);
+ SSL_key_file => "$d/subject.key"
+ );
}
sub get_ssl_context {
@@ -318,45 +317,32 @@ sub get_ssl_context {
sub get_ssl_socket {
my ($port, $ctx, %extra) = @_;
- my $s;
-
- eval {
- local $SIG{ALRM} = sub { die "timeout\n" };
- local $SIG{PIPE} = sub { die "sigpipe\n" };
- alarm(8);
- $s = IO::Socket::SSL->new(
- Proto => 'tcp',
- PeerAddr => '127.0.0.1',
- PeerPort => port($port),
- SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
- SSL_reuse_ctx => $ctx,
- SSL_error_trap => sub { die $_[1] },
- %extra
- );
- alarm(0);
- };
- alarm(0);
-
- if ($@) {
- log_in("died: $@");
- return undef;
- }
-
- return $s;
+ return http(
+ '', PeerAddr => '127.0.0.1:' . port($port), start => 1,
+ SSL => 1,
+ SSL_reuse_ctx => $ctx,
+ %extra
+ );
}
sub get_ssl_shutdown {
my ($port) = @_;
- my $s = IO::Socket::INET->new('127.0.0.1:' . port($port));
- my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!");
- my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!");
- Net::SSLeay::set_fd($ssl, fileno($s));
- Net::SSLeay::connect($ssl) or die("ssl connect");
- Net::SSLeay::write($ssl, 'GET /' . CRLF . 'extra');
- Net::SSLeay::read($ssl);
- Net::SSLeay::set_shutdown($ssl, 1);
- Net::SSLeay::shutdown($ssl);
+ my $s = http(
+ 'GET /' . CRLF . 'extra',
+ PeerAddr => '127.0.0.1:' . port($port), start => 1,
+ SSL => 1
+ );
+
+ $s->blocking(0);
+ while (IO::Select->new($s)->can_read(8)) {
+ my $n = $s->sysread(my $buf, 16384);
+ next if !defined $n && $!{EWOULDBLOCK};
+ last;
+ }
+ $s->blocking(1);
+
+ return $s->stop_SSL();
}
###############################################################################
diff --git a/ssl_certificate_chain.t b/ssl_certificate_chain.t
--- a/ssl_certificate_chain.t
+++ b/ssl_certificate_chain.t
@@ -133,41 +133,27 @@ system("openssl ca -batch -config $d/ca.
###############################################################################
-is(get_ssl_socket(port(8080)), undef, 'incomplete chain');
-ok(get_ssl_socket(port(8081)), 'intermediate');
-ok(get_ssl_socket(port(8082)), 'intermediate server');
+ok(!get_ssl_socket(8080), 'incomplete chain');
+ok(get_ssl_socket(8081), 'intermediate');
+ok(get_ssl_socket(8082), 'intermediate server');
###############################################################################
sub get_ssl_socket {
my ($port) = @_;
- my ($s, $verify);
+ my ($verify);
- eval {
- local $SIG{ALRM} = sub { die "timeout\n" };
- local $SIG{PIPE} = sub { die "sigpipe\n" };
- alarm(8);
- $s = IO::Socket::SSL->new(
- Proto => 'tcp',
- PeerAddr => '127.0.0.1',
- PeerPort => $port,
- SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_PEER(),
- SSL_ca_file => "$d/root.crt",
- SSL_verify_callback => sub {
- my ($ok) = @_;
- $verify = $ok;
- return $ok;
- },
- SSL_error_trap => sub { die $_[1] }
- );
- alarm(0);
- };
- alarm(0);
-
- if ($@) {
- log_in("died: $@");
- return undef;
- }
+ http(
+ '', PeerAddr => '127.0.0.1:' . port($port), start => 1,
+ SSL => 1,
+ SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_PEER(),
+ SSL_ca_file => "$d/root.crt",
+ SSL_verify_callback => sub {
+ my ($ok) = @_;
+ $verify = $ok;
+ return $ok;
+ }
+ );
return $verify;
}
diff --git a/ssl_client_escaped_cert.t b/ssl_client_escaped_cert.t
--- a/ssl_client_escaped_cert.t
+++ b/ssl_client_escaped_cert.t
@@ -91,31 +91,12 @@ is($escaped, $cert, 'ssl_client_escaped_
sub cert {
my ($uri) = @_;
- my $s;
-
- eval {
- local $SIG{ALRM} = sub { die "timeout\n" };
- local $SIG{PIPE} = sub { die "sigpipe\n" };
- alarm(8);
- $s = IO::Socket::SSL->new(
- Proto => 'tcp',
- PeerAddr => '127.0.0.1',
- PeerPort => port(8443),
- SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
- SSL_cert_file => "$d/localhost.crt",
- SSL_key_file => "$d/localhost.key",
- SSL_error_trap => sub { die $_[1] },
- );
- alarm(0);
- };
- alarm(0);
-
- if ($@) {
- log_in("died: $@");
- return undef;
- }
-
- http_get($uri, socket => $s);
+ return http_get(
+ $uri,
+ SSL => 1,
+ SSL_cert_file => "$d/localhost.crt",
+ SSL_key_file => "$d/localhost.key"
+ );
}
###############################################################################
diff --git a/ssl_crl.t b/ssl_crl.t
--- a/ssl_crl.t
+++ b/ssl_crl.t
@@ -162,37 +162,12 @@ like(get(8082, 'end'), qr/FAILED/, 'crl
sub get {
my ($port, $cert) = @_;
- my $s = get_ssl_socket($port, $cert) or return;
- http_get('/t', socket => $s);
-}
-
-sub get_ssl_socket {
- my ($port, $cert) = @_;
- my ($s);
-
- eval {
- local $SIG{ALRM} = sub { die "timeout\n" };
- local $SIG{PIPE} = sub { die "sigpipe\n" };
- alarm(8);
- $s = IO::Socket::SSL->new(
- Proto => 'tcp',
- PeerAddr => '127.0.0.1',
- PeerPort => port($port),
- SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
- SSL_cert_file => "$d/$cert.crt",
- SSL_key_file => "$d/$cert.key",
- SSL_error_trap => sub { die $_[1] }
- );
- alarm(0);
- };
- alarm(0);
-
- if ($@) {
- log_in("died: $@");
- return undef;
- }
-
- return $s;
+ http_get(
+ '/t', PeerAddr => '127.0.0.1:' . port($port),
+ SSL => 1,
+ SSL_cert_file => "$d/$cert.crt",
+ SSL_key_file => "$d/$cert.key"
+ );
}
###############################################################################
diff --git a/ssl_curve.t b/ssl_curve.t
--- a/ssl_curve.t
+++ b/ssl_curve.t
@@ -75,43 +75,6 @@ foreach my $name ('localhost') {
###############################################################################
-like(get('/curve'), qr/^prime256v1 /m, 'ssl curve');
+like(http_get('/curve', SSL => 1), qr/^prime256v1 /m, 'ssl curve');
###############################################################################
-
-sub get {
- my ($uri, $port, $ctx) = @_;
- my $s = get_ssl_socket($port) or return;
- my $r = http_get($uri, socket => $s);
- $s->close();
- return $r;
-}
-
-sub get_ssl_socket {
- my ($port, $ctx) = @_;
- my $s;
-
- eval {
- local $SIG{ALRM} = sub { die "timeout\n" };
- local $SIG{PIPE} = sub { die "sigpipe\n" };
- alarm(8);
- $s = IO::Socket::SSL->new(
- Proto => 'tcp',
- PeerAddr => '127.0.0.1',
- PeerPort => port(8443),
- SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
- SSL_error_trap => sub { die $_[1] },
- );
- alarm(0);
- };
- alarm(0);
-
- if ($@) {
- log_in("died: $@");
- return undef;
- }
-
- return $s;
-}
-
-###############################################################################
diff --git a/ssl_password_file.t b/ssl_password_file.t
--- a/ssl_password_file.t
+++ b/ssl_password_file.t
@@ -49,7 +49,7 @@ http {
ssl_password_file password_http;
server {
- listen 127.0.0.1:8081 ssl;
+ listen 127.0.0.1:8443 ssl;
listen 127.0.0.1:8080;
server_name localhost;
@@ -132,33 +132,6 @@ is($@, '', 'ssl_password_file works');
# simple tests to ensure that nothing broke with ssl_password_file directive
like(http_get('/'), qr/200 OK.*http/ms, 'http');
-like(http_get('/', socket => get_ssl_socket()), qr/200 OK.*https/ms, 'https');
+like(http_get('/', SSL => 1), qr/200 OK.*https/ms, 'https');
###############################################################################
-
-sub get_ssl_socket {
- my $s;
-
- eval {
- local $SIG{ALRM} = sub { die "timeout\n" };
- local $SIG{PIPE} = sub { die "sigpipe\n" };
- alarm(8);
- $s = IO::Socket::SSL->new(
- Proto => 'tcp',
- PeerAddr => '127.0.0.1:' . port(8081),
- SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
- SSL_error_trap => sub { die $_[1] }
- );
- alarm(0);
- };
- alarm(0);
-
- if ($@) {
- log_in("died: $@");
- return undef;
- }
-
- return $s;
-}
-
-###############################################################################
diff --git a/ssl_proxy_protocol.t b/ssl_proxy_protocol.t
--- a/ssl_proxy_protocol.t
+++ b/ssl_proxy_protocol.t
@@ -148,24 +148,7 @@ sub pp_get {
my $s = http($proxy, start => 1);
- eval {
- local $SIG{ALRM} = sub { die "timeout\n" };
- local $SIG{PIPE} = sub { die "sigpipe\n" };
- alarm(8);
- IO::Socket::SSL->start_SSL($s,
- SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
- SSL_error_trap => sub { die $_[1] }
- );
- alarm(0);
- };
- alarm(0);
-
- if ($@) {
- log_in("died: $@");
- return undef;
- }
-
- return http(<<EOF, socket => $s);
+ return http(<<EOF, socket => $s, SSL => 1);
GET $url HTTP/1.0
Host: localhost
diff --git a/ssl_reject_handshake.t b/ssl_reject_handshake.t
--- a/ssl_reject_handshake.t
+++ b/ssl_reject_handshake.t
@@ -136,44 +136,14 @@ like(get('virtual2', 8082), qr/unrecogni
sub get {
my ($host, $port) = @_;
- my $s = get_ssl_socket($host, $port) or return $@;
- $host = 'localhost' if !defined $host;
- my $r = http(<<EOF, socket => $s);
-GET / HTTP/1.0
-Host: $host
-
-EOF
-
- $s->close();
+ my $r = http(
+ "GET / HTTP/1.0\nHost: " . ($host || 'localhost') . "\n\n",
+ PeerAddr => '127.0.0.1:' . port($port),
+ SSL => 1,
+ SSL_hostname => $host
+ )
+ or return "$@";
return $r;
}
-sub get_ssl_socket {
- my ($host, $port) = @_;
- my $s;
-
- eval {
- local $SIG{ALRM} = sub { die "timeout\n" };
- local $SIG{PIPE} = sub { die "sigpipe\n" };
- alarm(8);
- $s = IO::Socket::SSL->new(
- Proto => 'tcp',
- PeerAddr => '127.0.0.1',
- PeerPort => port($port),
- SSL_hostname => $host,
- SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
- SSL_error_trap => sub { die $_[1] },
- );
- alarm(0);
- };
- alarm(0);
-
- if ($@) {
- log_in("died: $@");
- return undef;
- }
-
- return $s;
-}
-
###############################################################################
diff --git a/ssl_session_reuse.t b/ssl_session_reuse.t
--- a/ssl_session_reuse.t
+++ b/ssl_session_reuse.t
@@ -16,7 +16,7 @@ use Test::More;
BEGIN { use FindBin; chdir($FindBin::Bin); }
use lib 'lib';
-use Test::Nginx;
+use Test::Nginx qw/ :DEFAULT http_end /;
###############################################################################
@@ -192,58 +192,26 @@ like(`grep -F '[crit]' ${\($t->testdir()
###############################################################################
sub test_tls13 {
- return get('/protocol', 8443) =~ /TLSv1.3/;
+ return http_get('/protocol', SSL => 1) =~ /TLSv1.3/;
}
sub test_reuse {
my ($port) = @_;
- my $ctx = get_ssl_context();
- get('/', $port, $ctx);
- return (get('/', $port, $ctx) =~ qr/^body r$/m) ? 1 : 0;
-}
-sub get {
- my ($uri, $port, $ctx) = @_;
- my $s = get_ssl_socket($port, $ctx) or return;
- my $r = http_get($uri, socket => $s);
- $s->close();
- return $r;
-}
-
-sub get_ssl_context {
- return IO::Socket::SSL::SSL_Context->new(
- SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
+ my $s = http_get(
+ '/', PeerAddr => '127.0.0.1:' . port($port), start => 1,
+ SSL => 1,
SSL_session_cache_size => 100
);
-}
-
-sub get_ssl_socket {
- my ($port, $ctx, %extra) = @_;
- my $s;
+ http_end($s);
- eval {
- local $SIG{ALRM} = sub { die "timeout\n" };
- local $SIG{PIPE} = sub { die "sigpipe\n" };
- alarm(8);
- $s = IO::Socket::SSL->new(
- Proto => 'tcp',
- PeerAddr => '127.0.0.1',
- PeerPort => port($port),
- SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
- SSL_reuse_ctx => $ctx,
- SSL_error_trap => sub { die $_[1] },
- %extra
- );
- alarm(0);
- };
- alarm(0);
+ my $r = http_get(
+ '/', PeerAddr => '127.0.0.1:' . port($port),
+ SSL => 1,
+ SSL_reuse_ctx => $s
+ );
- if ($@) {
- log_in("died: $@");
- return undef;
- }
-
- return $s;
+ return ($r =~ qr/^body r$/m) ? 1 : 0;
}
###############################################################################
diff --git a/ssl_sni.t b/ssl_sni.t
--- a/ssl_sni.t
+++ b/ssl_sni.t
@@ -37,42 +37,34 @@ http {
%%TEST_GLOBALS_HTTP%%
server {
- listen 127.0.0.1:8080 ssl;
+ listen 127.0.0.1:8443 ssl;
server_name localhost;
ssl_certificate_key localhost.key;
ssl_certificate localhost.crt;
location / {
- return 200 $server_name;
+ return 200 $server_name:$ssl_server_name;
}
location /protocol {
return 200 $ssl_protocol;
}
+
+ location /name {
+ return 200 $ssl_session_reused:$ssl_server_name;
+ }
}
server {
- listen 127.0.0.1:8080;
+ listen 127.0.0.1:8443;
server_name example.com;
ssl_certificate_key example.com.key;
ssl_certificate example.com.crt;
location / {
- return 200 $server_name;
- }
- }
-
- server {
- listen 127.0.0.1:8081 ssl;
- server_name localhost;
-
- ssl_certificate_key localhost.key;
- ssl_certificate localhost.crt;
-
- location / {
- return 200 $ssl_session_reused:$ssl_server_name;
+ return 200 $server_name:$ssl_server_name;
}
}
}
@@ -104,19 +96,19 @@ foreach my $name ('localhost', 'example.
like(get_cert_cn(), qr!/CN=localhost!, 'default cert');
like(get_cert_cn('example.com'), qr!/CN=example.com!, 'sni cert');
-like(https_get_host('example.com'), qr!example.com!,
+like(get_host('example.com'), qr!example.com:example.com!,
'host exists, sni exists, and host is equal sni');
-like(https_get_host('example.com', 'example.org'), qr!example.com!,
+like(get_host('example.com', 'example.org'), qr!example.com:example.org!,
'host exists, sni not found');
TODO: {
local $TODO = 'sni restrictions';
-like(https_get_host('example.com', 'localhost'), qr!400 Bad Request!,
+like(get_host('example.com', 'localhost'), qr!400 Bad Request!,
'host exists, sni exists, and host is not equal sni');
-like(https_get_host('example.org', 'example.com'), qr!400 Bad Request!,
+like(get_host('example.org', 'example.com'), qr!400 Bad Request!,
'host not found, sni exists');
}
@@ -127,7 +119,7 @@ my $ctx = new IO::Socket::SSL::SSL_Conte
SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
SSL_session_cache_size => 100);
-like(get('/', 'localhost', 8081, $ctx), qr/^\.:localhost$/m, 'ssl server name');
+like(get('/name', 'localhost', $ctx), qr/^\.:localhost$/m, 'ssl server name');
TODO: {
local $TODO = 'no TLSv1.3 sessions, old Net::SSLeay'
@@ -137,7 +129,7 @@ local $TODO = 'no TLSv1.3 sessions, old
local $TODO = 'no TLSv1.3 sessions in LibreSSL'
if $t->has_module('LibreSSL') && test_tls13();
-like(get('/', 'localhost', 8081, $ctx), qr/^r:localhost$/m,
+like(get('/name', 'localhost', $ctx), qr/^r:localhost$/m,
'ssl server name - reused');
}
@@ -148,58 +140,29 @@ sub test_tls13 {
get('/protocol', 'localhost') =~ /TLSv1.3/;
}
-sub get_ssl_socket {
- my ($host, $port, $ctx) = @_;
- my $s;
-
- eval {
- local $SIG{ALRM} = sub { die "timeout\n" };
- local $SIG{PIPE} = sub { die "sigpipe\n" };
- alarm(8);
- $s = IO::Socket::SSL->new(
- Proto => 'tcp',
- PeerAddr => '127.0.0.1:' . port($port || 8080),
- SSL_hostname => $host,
- SSL_reuse_ctx => $ctx,
- SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
- SSL_error_trap => sub { die $_[1] }
- );
- alarm(0);
- };
- alarm(0);
-
- if ($@) {
- log_in("died: $@");
- return undef;
- }
-
- return $s;
-}
-
sub get_cert_cn {
my ($host) = @_;
- my $s = get_ssl_socket($host);
-
+ my $s = http('', start => 1, SSL => 1, SSL_hostname => $host);
return $s->dump_peer_certificate();
}
-sub https_get_host {
+sub get_host {
my ($host, $sni) = @_;
- my $s = get_ssl_socket($sni ? $sni : $host);
-
- return http(<<EOF, socket => $s);
-GET / HTTP/1.0
-Host: $host
-
-EOF
+ return http(
+ "GET / HTTP/1.0\nHost: $host\n\n",
+ SSL => 1,
+ SSL_hostname => $sni || $host
+ );
}
sub get {
- my ($uri, $host, $port, $ctx) = @_;
- my $s = get_ssl_socket($host, $port, $ctx) or return;
- my $r = http_get($uri, socket => $s);
- $s->close();
- return $r;
+ my ($uri, $host, $ctx) = @_;
+ return http_get(
+ $uri,
+ SSL => 1,
+ SSL_hostname => $host,
+ SSL_reuse_ctx => $ctx
+ );
}
###############################################################################
diff --git a/ssl_sni_sessions.t b/ssl_sni_sessions.t
--- a/ssl_sni_sessions.t
+++ b/ssl_sni_sessions.t
@@ -110,15 +110,14 @@ foreach my $name ('localhost') {
$t->run();
-plan(skip_all => 'no TLS 1.3 sessions')
- if get('default', port(8443), get_ssl_context()) =~ /TLSv1.3/
- && ($Net::SSLeay::VERSION < 1.88 || $IO::Socket::SSL::VERSION < 2.061);
-plan(skip_all => 'no TLS 1.3 sessions in LibreSSL')
- if get('default', port(8443), get_ssl_context()) =~ /TLSv1.3/
- && $t->has_module('LibreSSL');
+plan(skip_all => 'no TLSv1.3 sessions, old Net::SSLeay')
+ if $Net::SSLeay::VERSION < 1.88 && test_tls13();
+plan(skip_all => 'no TLSv1.3 sessions, old IO::Socket::SSL')
+ if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
+plan(skip_all => 'no TLSv1.3 sessions in LibreSSL')
+ if $t->has_module('LibreSSL') && test_tls13();
plan(skip_all => 'no TLS 1.3 session cache in BoringSSL')
- if get('default', port(8443), get_ssl_context()) =~ /TLSv1.3/
- && $t->has_module('BoringSSL');
+ if $t->has_module('BoringSSL') && test_tls13();
$t->plan(6);
@@ -128,8 +127,8 @@ plan(skip_all => 'no TLS 1.3 session cac
my $ctx = get_ssl_context();
-like(get('default', port(8443), $ctx), qr!default:\.!, 'default server');
-like(get('default', port(8443), $ctx), qr!default:r!, 'default server reused');
+like(get('default', 8443, $ctx), qr!default:\.!, 'default server');
+like(get('default', 8443, $ctx), qr!default:r!, 'default server reused');
# check that sessions are still properly saved and restored
# when using an SNI-based virtual server with different session cache;
@@ -143,16 +142,16 @@ like(get('default', port(8443), $ctx), q
$ctx = get_ssl_context();
-like(get('nocache', port(8443), $ctx), qr!nocache:\.!, 'without cache');
-like(get('nocache', port(8443), $ctx), qr!nocache:r!, 'without cache reused');
+like(get('nocache', 8443, $ctx), qr!nocache:\.!, 'without cache');
+like(get('nocache', 8443, $ctx), qr!nocache:r!, 'without cache reused');
# make sure tickets can be used if an SNI-based virtual server
# uses a different set of session ticket keys explicitly set
$ctx = get_ssl_context();
-like(get('tickets', port(8444), $ctx), qr!tickets:\.!, 'tickets');
-like(get('tickets', port(8444), $ctx), qr!tickets:r!, 'tickets reused');
+like(get('tickets', 8444, $ctx), qr!tickets:\.!, 'tickets');
+like(get('tickets', 8444, $ctx), qr!tickets:r!, 'tickets reused');
###############################################################################
@@ -163,46 +162,19 @@ sub get_ssl_context {
);
}
-sub get_ssl_socket {
+sub get {
my ($host, $port, $ctx) = @_;
- my $s;
-
- eval {
- local $SIG{ALRM} = sub { die "timeout\n" };
- local $SIG{PIPE} = sub { die "sigpipe\n" };
- alarm(8);
- $s = IO::Socket::SSL->new(
- Proto => 'tcp',
- PeerAddr => '127.0.0.1',
- PeerPort => $port,
- SSL_hostname => $host,
- SSL_reuse_ctx => $ctx,
- SSL_error_trap => sub { die $_[1] }
- );
- alarm(0);
- };
- alarm(0);
-
- if ($@) {
- log_in("died: $@");
- return undef;
- }
-
- return $s;
+ return http(
+ "GET / HTTP/1.0\nHost: $host\n\n",
+ PeerAddr => '127.0.0.1:' . port($port),
+ SSL => 1,
+ SSL_hostname => $host,
+ SSL_reuse_ctx => $ctx
+ );
}
-sub get {
- my ($host, $port, $ctx) = @_;
-
- my $s = get_ssl_socket($host, $port, $ctx) or return;
- my $r = http(<<EOF, socket => $s);
-GET / HTTP/1.0
-Host: $host
-
-EOF
-
- $s->close();
- return $r;
+sub test_tls13 {
+ return get('default', 8443) =~ /TLSv1.3/;
}
###############################################################################
diff --git a/ssl_verify_depth.t b/ssl_verify_depth.t
--- a/ssl_verify_depth.t
+++ b/ssl_verify_depth.t
@@ -172,37 +172,13 @@ like(get(8082, 'end'), qr/SUCCESS/, 've
sub get {
my ($port, $cert) = @_;
- my $s = get_ssl_socket($port, $cert) or return;
- http_get("/t?$cert", socket => $s);
-}
-
-sub get_ssl_socket {
- my ($port, $cert) = @_;
- my ($s);
-
- eval {
- local $SIG{ALRM} = sub { die "timeout\n" };
- local $SIG{PIPE} = sub { die "sigpipe\n" };
- alarm(8);
- $s = IO::Socket::SSL->new(
- Proto => 'tcp',
- PeerAddr => '127.0.0.1',
- PeerPort => port($port),
- SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
- SSL_cert_file => "$d/$cert.crt",
- SSL_key_file => "$d/$cert.key",
- SSL_error_trap => sub { die $_[1] }
- );
- alarm(0);
- };
- alarm(0);
-
- if ($@) {
- log_in("died: $@");
- return undef;
- }
-
- return $s;
+ http_get(
+ "/t?$cert",
+ PeerAddr => '127.0.0.1:' . port($port),
+ SSL => 1,
+ SSL_cert_file => "$d/$cert.crt",
+ SSL_key_file => "$d/$cert.key"
+ );
}
###############################################################################
More information about the nginx-devel
mailing list