[PATCH 06 of 20] Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in mail

Maxim Dounin mdounin at mdounin.ru
Thu Mar 23 14:16:47 UTC 2023 

Hello!

On Wed, Mar 22, 2023 at 01:59:27PM +0400, Sergey Kandaurov wrote:

> > On 18 Mar 2023, at 18:15, Maxim Dounin <mdounin at mdounin.ru> wrote:
> > 
> > # HG changeset patch
> > # User Maxim Dounin <mdounin at mdounin.ru>
> > # Date 1679140402 -10800
> > #      Sat Mar 18 14:53:22 2023 +0300
> > # Node ID d90fe31a80d5e85b59e525e874d24f409716b64c
> > # Parent  530336cb449dcb028a55a5a401a122d07521e3a4
> > Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in mail.
> 
> in stream

Fixed, thnx.

> > 
> > LibreSSL does not support session reuse with TLSv1.3 at all.  BoringSSL
> > with TLSv1.3 only supports session tickets, but not server-side session
> > cache.
> > 
> 
> By the way, why introduce three separate changesets (p02, p04, p06)
> with identical description and similar changes.  I'd combine them.

These patches complement corresponding changes to introduce 
separate session reuse tests.  And these in turn are mostly 
preparation to make it possible to easily add TODOs for LibreSSL 
and BoringSSL.

While combining some or even all of these patches is certainly 
possible, I believe it is much easier to understand and review 
them separately.

In general, the patch series follows logic "prepare a test file 
for changes if needed, add appropriate TODOs".  This ensures that 
preparation changes can be easily seen as such, and also ensures 
that each individual patch is simple enough.

> > diff --git a/stream_ssl_session_reuse.t b/stream_ssl_session_reuse.t
> > --- a/stream_ssl_session_reuse.t
> > +++ b/stream_ssl_session_reuse.t
> > @@ -147,16 +147,35 @@ my $ctx = Net::SSLeay::CTX_new() or die(
> > # - only cache none
> > # - only cache off
> > 
> > +TODO: {
> > +local $TODO = 'no TLSv1.3 sessions in LibreSSL'
> > +	if $t->has_module('LibreSSL') && test_tls13();
> > +
> > is(test_reuse(8443), 1, 'tickets reused');
> > is(test_reuse(8444), 1, 'tickets and cache reused');
> > +
> > +TODO: {
> > +local $TODO = 'no TLSv1.3 session cache in BoringSSL'
> > +	if $t->has_module('BoringSSL') && test_tls13();
> > +
> > is(test_reuse(8445), 1, 'cache shared reused');
> > is(test_reuse(8446), 1, 'cache builtin reused');
> > is(test_reuse(8447), 1, 'cache builtin size reused');
> > +
> > +}
> > +}
> > +
> > is(test_reuse(8448), 0, 'cache none not reused');
> > is(test_reuse(8449), 0, 'cache off not reused');
> > 
> > +
> 
> extra blank line

Fixed, thanks.

> > ###############################################################################
> > 
> > +sub test_tls13 {
> > +	my ($s, $ssl) = get_ssl_socket(8443);
> > +	return (Net::SSLeay::version($ssl) > 0x303);
> > +}
> > +
> > sub test_reuse {
> > 	my ($port) = @_;
> > 	my ($s, $ssl) = get_ssl_socket($port);

-- 
Maxim Dounin
http://mdounin.ru/

More information about the nginx-devel mailing list