[PATCH 06 of 20] Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in mail
Maxim Dounin
mdounin at mdounin.ru
Thu Mar 23 14:16:47 UTC 2023
Hello!
On Wed, Mar 22, 2023 at 01:59:27PM +0400, Sergey Kandaurov wrote:
> > On 18 Mar 2023, at 18:15, Maxim Dounin <mdounin at mdounin.ru> wrote:
> >
> > # HG changeset patch
> > # User Maxim Dounin <mdounin at mdounin.ru>
> > # Date 1679140402 -10800
> > # Sat Mar 18 14:53:22 2023 +0300
> > # Node ID d90fe31a80d5e85b59e525e874d24f409716b64c
> > # Parent 530336cb449dcb028a55a5a401a122d07521e3a4
> > Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in mail.
>
> in stream
Fixed, thnx.
> >
> > LibreSSL does not support session reuse with TLSv1.3 at all. BoringSSL
> > with TLSv1.3 only supports session tickets, but not server-side session
> > cache.
> >
>
> By the way, why introduce three separate changesets (p02, p04, p06)
> with identical description and similar changes. I'd combine them.
These patches complement corresponding changes to introduce
separate session reuse tests. And these in turn are mostly
preparation to make it possible to easily add TODOs for LibreSSL
and BoringSSL.
While combining some or even all of these patches is certainly
possible, I believe it is much easier to understand and review
them separately.
In general, the patch series follows logic "prepare a test file
for changes if needed, add appropriate TODOs". This ensures that
preparation changes can be easily seen as such, and also ensures
that each individual patch is simple enough.
> > diff --git a/stream_ssl_session_reuse.t b/stream_ssl_session_reuse.t
> > --- a/stream_ssl_session_reuse.t
> > +++ b/stream_ssl_session_reuse.t
> > @@ -147,16 +147,35 @@ my $ctx = Net::SSLeay::CTX_new() or die(
> > # - only cache none
> > # - only cache off
> >
> > +TODO: {
> > +local $TODO = 'no TLSv1.3 sessions in LibreSSL'
> > + if $t->has_module('LibreSSL') && test_tls13();
> > +
> > is(test_reuse(8443), 1, 'tickets reused');
> > is(test_reuse(8444), 1, 'tickets and cache reused');
> > +
> > +TODO: {
> > +local $TODO = 'no TLSv1.3 session cache in BoringSSL'
> > + if $t->has_module('BoringSSL') && test_tls13();
> > +
> > is(test_reuse(8445), 1, 'cache shared reused');
> > is(test_reuse(8446), 1, 'cache builtin reused');
> > is(test_reuse(8447), 1, 'cache builtin size reused');
> > +
> > +}
> > +}
> > +
> > is(test_reuse(8448), 0, 'cache none not reused');
> > is(test_reuse(8449), 0, 'cache off not reused');
> >
> > +
>
> extra blank line
Fixed, thanks.
> > ###############################################################################
> >
> > +sub test_tls13 {
> > + my ($s, $ssl) = get_ssl_socket(8443);
> > + return (Net::SSLeay::version($ssl) > 0x303);
> > +}
> > +
> > sub test_reuse {
> > my ($port) = @_;
> > my ($s, $ssl) = get_ssl_socket($port);
--
Maxim Dounin
http://mdounin.ru/
More information about the nginx-devel
mailing list