Tests: moved $ssl_server_name tests in http to ssl_sni.t.
The tests need appropriate checks for ancient IO::Socket::SSL versions.
diff --git a/ssl.t b/ssl.t
index 0b8d303..dc128b1 100644
--- a/ssl.t
+++ b/ssl.t
@@ -31,7 +31,7 @@
plan(skip_all => 'IO::Socket::SSL too old') if $@;
my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite proxy/)
- ->has_daemon('openssl')->plan(25);
+ ->has_daemon('openssl')->plan(23);
$t->write_file_expand('nginx.conf', <<'EOF');
@@ -62,9 +62,6 @@
location /reuse {
return 200 "body $ssl_session_reused";
}
- location /sni {
- return 200 "body $ssl_session_reused:$ssl_server_name";
- }
location /id {
return 200 "body $ssl_session_id";
}
@@ -227,27 +224,6 @@
like(get('/', 8084), qr/^body \.$/m, 'reused off initial session');
like(get('/', 8084), qr/^body \.$/m, 'session not reused 2');
-# ssl_server_name
-
-SKIP: {
-skip 'no sni', 2 unless $t->has_module('sni');
-
-$ctx = new IO::Socket::SSL::SSL_Context(
- SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
- SSL_session_cache_size => 100);
-
-like(get('/sni', 8085), qr/^body \.:localhost$/m, 'ssl server name');
-
-TODO: {
-local $TODO = 'not yet' if $t->has_module('OpenSSL (1.1.1|3)')
- && !$t->has_version('1.15.10');
-
-like(get('/sni', 8085), qr/^body r:localhost$/m, 'ssl server name - reused');
-
-}
-
-}
-
# ssl certificate inheritance
my $s = get_ssl_socket($ctx, port(8081));
@@ -331,7 +307,6 @@
PeerPort => $port,
SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
SSL_reuse_ctx => $ctx,
- SSL_hostname => 'localhost',
SSL_error_trap => sub { die $_[1] },
%extra
);
diff --git a/ssl_sni.t b/ssl_sni.t
index 13b2c71..de23fde 100644
--- a/ssl_sni.t
+++ b/ssl_sni.t
@@ -59,6 +59,18 @@
return 200 $server_name;
}
}
+
+ server {
+ listen 127.0.0.1:8081 ssl;
+ server_name localhost;
+
+ ssl_certificate_key localhost.key;
+ ssl_certificate localhost.crt;
+
+ location / {
+ return 200 $ssl_session_reused:$ssl_server_name;
+ }
+ }
}
EOF
@@ -80,7 +92,7 @@
};
plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@;
-$t->plan(6);
+$t->plan(8);
$t->write_file('openssl.conf', <<EOF);
[ req ]
@@ -124,10 +136,28 @@
}
+# $ssl_server_name in sessions
+
+my $ctx = new IO::Socket::SSL::SSL_Context(
+ SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
+ SSL_session_cache_size => 100);
+
+like(http_get('/', socket => get_ssl_socket('localhost', 8081, $ctx)),
+ qr/^\.:localhost$/m, 'ssl server name');
+
+TODO: {
+local $TODO = 'not yet' if $t->has_module('OpenSSL (1.1.1|3)')
+ && !$t->has_version('1.15.10');
+
+like(http_get('/', socket => get_ssl_socket('localhost', 8081, $ctx)),
+ qr/^r:localhost$/m, 'ssl server name - reused');
+
+}
+
###############################################################################
sub get_ssl_socket {
- my ($host) = @_;
+ my ($host, $port, $ctx) = @_;
my $s;
eval {
@@ -136,8 +166,9 @@
alarm(8);
$s = IO::Socket::SSL->new(
Proto => 'tcp',
- PeerAddr => '127.0.0.1:' . port(8080),
+ PeerAddr => '127.0.0.1:' . port($port || 8080),
SSL_hostname => $host,
+ SSL_reuse_ctx => $ctx,
SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
SSL_error_trap => sub { die $_[1] }
);