[PATCH 02 of 20] Tests: LibreSSL and BoringSSL session reuse with TLSv1.3

Maxim Dounin mdounin at mdounin.ru
Sat Mar 18 14:14:57 UTC 2023 

# HG changeset patch
# User Maxim Dounin <mdounin at mdounin.ru>
# Date 1679105692 -10800
#      Sat Mar 18 05:14:52 2023 +0300
# Node ID 125fb8461d88a81a62ccb40d0e205a01ecc759f5
# Parent  86c394a226d2a7d463da7a1b7e88375c71c0c69b
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3.

LibreSSL does not support session reuse with TLSv1.3 at all.  BoringSSL
with TLSv1.3 only supports session tickets, but not server-side session
cache.

diff --git a/ssl.t b/ssl.t
--- a/ssl.t
+++ b/ssl.t
@@ -185,6 +185,8 @@ local $TODO = 'no TLSv1.3 sessions, old 
 	if $Net::SSLeay::VERSION < 1.88 && test_tls13();
 local $TODO = 'no TLSv1.3 sessions, old IO::Socket::SSL'
 	if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
+local $TODO = 'no TLSv1.3 sessions in LibreSSL'
+	if $t->has_module('LibreSSL') && test_tls13();
 
 like(get('/', 8085, $ctx), qr/^body r$/m, 'session reused');
 
@@ -211,8 +213,17 @@ like(get('/', 8086, $ctx), qr/^body \.$/
 
 $ctx = get_ssl_context();
 like(get('/id', 8085, $ctx), qr/^body (\w{64})?$/m, 'session id');
+
+TODO: {
+local $TODO = 'no TLSv1.3 sessions in LibreSSL'
+	if $t->has_module('LibreSSL') && test_tls13();
+local $TODO = 'no TLSv1.3 sessions ids in BoringSSL'
+	if $t->has_module('BoringSSL') && test_tls13();
+
 like(get('/id', 8085, $ctx), qr/^body \w{64}$/m, 'session id reused');
 
+}
+
 unlike(http_get('/id'), qr/body \w/, 'session id no ssl');
 
 like(get('/cipher', 8085), qr/^body [\w-]+$/m, 'cipher');
diff --git a/ssl_session_reuse.t b/ssl_session_reuse.t
--- a/ssl_session_reuse.t
+++ b/ssl_session_reuse.t
@@ -175,14 +175,22 @@ local $TODO = 'no TLSv1.3 sessions, old 
 	if $Net::SSLeay::VERSION < 1.88 && test_tls13();
 local $TODO = 'no TLSv1.3 sessions, old IO::Socket::SSL'
 	if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
+local $TODO = 'no TLSv1.3 sessions in LibreSSL'
+	if $t->has_module('LibreSSL') && test_tls13();
 
 is(test_reuse(8443), 1, 'tickets reused');
 is(test_reuse(8444), 1, 'tickets and cache reused');
+
+TODO: {
+local $TODO = 'no TLSv1.3 session cache in BoringSSL'
+	if $t->has_module('BoringSSL') && test_tls13();
+
 is(test_reuse(8445), 1, 'cache shared reused');
 is(test_reuse(8446), 1, 'cache builtin reused');
 is(test_reuse(8447), 1, 'cache builtin size reused');
 
 }
+}
 
 is(test_reuse(8448), 0, 'cache none not reused');
 is(test_reuse(8449), 0, 'cache off not reused');

More information about the nginx-devel mailing list