[PATCH 16 of 20] Tests: fixed stream_proxy_ssl.t with LibreSSL and TLSv1.3

Maxim Dounin mdounin at mdounin.ru
Sat Mar 18 14:15:11 UTC 2023


# HG changeset patch
# User Maxim Dounin <mdounin at mdounin.ru>
# Date 1679148836 -10800
#      Sat Mar 18 17:13:56 2023 +0300
# Node ID 778dcba0f619808fef92999b174c86cf9668ffeb
# Parent  6d5bede76a77ca86483f63088587913a61b8b18d
Tests: fixed stream_proxy_ssl.t with LibreSSL and TLSv1.3.

LibreSSL does not support session reuse with TLSv1.3.

diff --git a/stream_proxy_ssl.t b/stream_proxy_ssl.t
--- a/stream_proxy_ssl.t
+++ b/stream_proxy_ssl.t
@@ -78,6 +78,8 @@ http {
 
         ssl_certificate_key localhost.key;
         ssl_certificate localhost.crt;
+
+        add_header X-Protocol $ssl_protocol;
     }
 }
 
@@ -111,9 +113,16 @@ is(stream('127.0.0.1:' . port(8081))->re
 is(stream('127.0.0.1:' . port(8081))->read(), '.', 'ssl 2');
 
 is(stream('127.0.0.1:' . port(8082))->read(), '.', 'ssl session new');
+
+TODO: {
+local $TODO = 'no TLSv1.3 sessions in LibreSSL'
+	if $t->has_module('LibreSSL') && test_tls13();
+
 is(stream('127.0.0.1:' . port(8082))->read(), 'r', 'ssl session reused');
 is(stream('127.0.0.1:' . port(8082))->read(), 'r', 'ssl session reused 2');
 
+}
+
 my $s = http('', start => 1);
 
 sleep 3;
@@ -121,3 +130,9 @@ sleep 3;
 like(http_get('/', socket => $s), qr/200 OK/, 'proxy connect timeout');
 
 ###############################################################################
+
+sub test_tls13 {
+	http_get('/') =~ m/TLSv1.3/;
+}
+
+###############################################################################


More information about the nginx-devel mailing list