[PATCH 03 of 20] Tests: separate SSL session reuse tests in mail

Maxim Dounin mdounin at mdounin.ru
Thu Mar 23 14:17:43 UTC 2023 

Hello!

On Wed, Mar 22, 2023 at 01:20:25PM +0400, Sergey Kandaurov wrote:

> > On 18 Mar 2023, at 18:14, Maxim Dounin <mdounin at mdounin.ru> wrote:
> > 
> > # HG changeset patch
> > # User Maxim Dounin <mdounin at mdounin.ru>
> > # Date 1679107816 -10800
> > #      Sat Mar 18 05:50:16 2023 +0300
> > # Node ID 97b09b6633f69747c0d6ef13c76739bdd6b7f3bb
> > # Parent  125fb8461d88a81a62ccb40d0e205a01ecc759f5
> > Tests: separate SSL session reuse tests in mail.
> > 
> > Instead of being mixed with generic SSL tests, session reuse variants
> > are now tested in a separate file.
> > 
> > diff --git a/mail_ssl.t b/mail_ssl.t
> > --- a/mail_ssl.t
> > +++ b/mail_ssl.t
> > @@ -37,7 +37,7 @@ eval { exists &Net::SSLeay::P_alpn_selec
> > plan(skip_all => 'Net::SSLeay with OpenSSL ALPN support required') if $@;
> > 
> > my $t = Test::Nginx->new()->has(qw/mail mail_ssl imap pop3 smtp/)
> > -	->has_daemon('openssl')->plan(22);
> > +	->has_daemon('openssl')->plan(18);
> > 
> > $t->write_file_expand('nginx.conf', <<'EOF');
> > 
> > @@ -51,44 +51,25 @@ events {
> > mail {
> >     ssl_certificate_key localhost.key;
> >     ssl_certificate localhost.crt;
> > -    ssl_session_tickets off;
> > 
> >     ssl_password_file password;
> > 
> >     auth_http  http://127.0.0.1:8080;	# unused
> > 
> > -    ssl_session_cache none;
> > -
> >     server {
> >         listen             127.0.0.1:8143;
> >         listen             127.0.0.1:8145 ssl;
> >         protocol           imap;
> > -
> > -        ssl_session_cache  builtin;
> >     }
> > 
> >     server {
> > -        listen             127.0.0.1:8146 ssl;
> > -        protocol           imap;
> > -
> > -        ssl_session_cache  off;
> > -    }
> > -
> > -    server {
> > -        listen             127.0.0.1:8147;
> > +        listen             127.0.0.1:8148;
> >         protocol           imap;
> > 
> >         # Special case for enabled "ssl" directive.
> > 
> >         ssl on;
> > -        ssl_session_cache  builtin:1000;
> > -    }
> > 
> > -    server {
> > -        listen             127.0.0.1:8148 ssl;
> > -        protocol           imap;
> > -
> > -        ssl_session_cache shared:SSL:1m;
> >         ssl_certificate_key inherits.key;
> >         ssl_certificate inherits.crt;
> >     }
> > @@ -169,46 +150,16 @@ open STDERR, ">&", \*OLDERR;
> > 
> > ###############################################################################
> > 
> > +my ($s, $ssl, $ses);
> > +
> 
> $ses is no longer used there, and other cleanup on top off this change:
> 
> diff --git a/mail_ssl.t b/mail_ssl.t
> --- a/mail_ssl.t
> +++ b/mail_ssl.t
> @@ -150,7 +150,7 @@ open STDERR, ">&", \*OLDERR;
>  
>  ###############################################################################
>  
> -my ($s, $ssl, $ses);
> +my ($s, $ssl);
>  
>  # simple tests to ensure that nothing broke with ssl_password_file directive
>  
> @@ -170,7 +170,7 @@ like(Net::SSLeay::dump_peer_certificate(
>  
>  # alpn
>  
> -ok(get_ssl_socket(8148, undef, ['imap']), 'alpn');
> +ok(get_ssl_socket(8148, ['imap']), 'alpn');
>  
>  SKIP: {
>  $t->{_configure_args} =~ /LibreSSL ([\d\.]+)/;
> @@ -181,7 +181,7 @@ skip 'OpenSSL too old', 1 if defined $1 
>  TODO: {
>  local $TODO = 'not yet' unless $t->has_version('1.21.4');
>  
> -ok(!get_ssl_socket(8148, undef, ['unknown']), 'alpn rejected');
> +ok(!get_ssl_socket(8148, ['unknown']), 'alpn rejected');
>  
>  }
>  
> @@ -268,11 +268,10 @@ ok(!get_ssl_socket(8148, undef, ['unknow
>  ###############################################################################
>  
>  sub get_ssl_socket {
> -	my ($port, $ses, $alpn) = @_;
> +	my ($port, $alpn) = @_;
>  
>  	my $s = IO::Socket::INET->new('127.0.0.1:' . port($port));
>  	my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!");
> -	Net::SSLeay::set_session($ssl, $ses) if defined $ses;
>  	Net::SSLeay::set_alpn_protos($ssl, $alpn) if defined $alpn;
>  	Net::SSLeay::set_fd($ssl, fileno($s));
>  	Net::SSLeay::connect($ssl) == 1 or return;
> diff --git a/mail_ssl_session_reuse.t b/mail_ssl_session_reuse.t
> --- a/mail_ssl_session_reuse.t
> +++ b/mail_ssl_session_reuse.t
> @@ -132,8 +132,6 @@ my $ctx = Net::SSLeay::CTX_new() or die(
>  
>  ###############################################################################
>  
> -my ($ssl, $ses);
> -
>  # session reuse:
>  #
>  # - only tickets, the default

Applied, thanks.

-- 
Maxim Dounin
http://mdounin.ru/

More information about the nginx-devel mailing list