[PATCH 06 of 20] Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in mail
Sergey Kandaurov
pluknet at nginx.com
Wed Mar 22 09:59:27 UTC 2023
> On 18 Mar 2023, at 18:15, Maxim Dounin <mdounin at mdounin.ru> wrote:
>
> # HG changeset patch
> # User Maxim Dounin <mdounin at mdounin.ru>
> # Date 1679140402 -10800
> # Sat Mar 18 14:53:22 2023 +0300
> # Node ID d90fe31a80d5e85b59e525e874d24f409716b64c
> # Parent 530336cb449dcb028a55a5a401a122d07521e3a4
> Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in mail.
in stream
>
> LibreSSL does not support session reuse with TLSv1.3 at all. BoringSSL
> with TLSv1.3 only supports session tickets, but not server-side session
> cache.
>
By the way, why introduce three separate changesets (p02, p04, p06)
with identical description and similar changes. I'd combine them.
> diff --git a/stream_ssl_session_reuse.t b/stream_ssl_session_reuse.t
> --- a/stream_ssl_session_reuse.t
> +++ b/stream_ssl_session_reuse.t
> @@ -147,16 +147,35 @@ my $ctx = Net::SSLeay::CTX_new() or die(
> # - only cache none
> # - only cache off
>
> +TODO: {
> +local $TODO = 'no TLSv1.3 sessions in LibreSSL'
> + if $t->has_module('LibreSSL') && test_tls13();
> +
> is(test_reuse(8443), 1, 'tickets reused');
> is(test_reuse(8444), 1, 'tickets and cache reused');
> +
> +TODO: {
> +local $TODO = 'no TLSv1.3 session cache in BoringSSL'
> + if $t->has_module('BoringSSL') && test_tls13();
> +
> is(test_reuse(8445), 1, 'cache shared reused');
> is(test_reuse(8446), 1, 'cache builtin reused');
> is(test_reuse(8447), 1, 'cache builtin size reused');
> +
> +}
> +}
> +
> is(test_reuse(8448), 0, 'cache none not reused');
> is(test_reuse(8449), 0, 'cache off not reused');
>
> +
extra blank line
> ###############################################################################
>
> +sub test_tls13 {
> + my ($s, $ssl) = get_ssl_socket(8443);
> + return (Net::SSLeay::version($ssl) > 0x303);
> +}
> +
> sub test_reuse {
> my ($port) = @_;
> my ($s, $ssl) = get_ssl_socket($port);
--
Sergey Kandaurov
More information about the nginx-devel
mailing list