Tests: skip TLS 1.3 session reuse tests with older Perl modules.
SSL_reuse_ctx client support for TLS 1.3 (when negotiated) is only available
in IO::Socket::SSL version 2.061 or later, Net::SSLeay version 1.88 or later.
diff --git a/ssl.t b/ssl.t
index dc128b1..e656e7c 100644
--- a/ssl.t
+++ b/ssl.t
@@ -136,9 +136,14 @@
location / {
return 200 "body $ssl_session_reused";
}
+
location /ciphers {
return 200 "body $ssl_ciphers";
}
+
+ location /protocol {
+ return 200 "body $ssl_protocol";
+ }
}
}
@@ -210,14 +215,19 @@
###############################################################################
like(get('/reuse', 8085), qr/^body \.$/m, 'shared initial session');
-like(get('/reuse', 8085), qr/^body r$/m, 'shared session reused');
-
like(get('/', 8081), qr/^body \.$/m, 'builtin initial session');
-like(get('/', 8081), qr/^body r$/m, 'builtin session reused');
-
like(get('/', 8082), qr/^body \.$/m, 'builtin size initial session');
+
+SKIP: {
+skip 'no TLS 1.3 sessions', 3 if get('/protocol', 8084) =~ /TLSv1.3/
+ && ($Net::SSLeay::VERSION < 1.88 || $IO::Socket::SSL::VERSION < 2.061);
+
+like(get('/reuse', 8085), qr/^body r$/m, 'shared session reused');
+like(get('/', 8081), qr/^body r$/m, 'builtin session reused');
like(get('/', 8082), qr/^body r$/m, 'builtin size session reused');
+}
+
like(get('/', 8083), qr/^body \.$/m, 'reused none initial session');
like(get('/', 8083), qr/^body \.$/m, 'session not reused 1');
diff --git a/ssl_sni.t b/ssl_sni.t
index 7a842e4..a3e53ff 100644
--- a/ssl_sni.t
+++ b/ssl_sni.t
@@ -46,6 +46,10 @@
location / {
return 200 $server_name;
}
+
+ location /protocol {
+ return 200 $ssl_protocol;
+ }
}
server {
@@ -144,6 +148,10 @@
like(get('/', 'localhost', 8081, $ctx), qr/^\.:localhost$/m, 'ssl server name');
+SKIP: {
+skip 'no TLS 1.3 sessions', 1 if get('/protocol', 'localhost') =~ /TLSv1.3/
+ && ($Net::SSLeay::VERSION < 1.88 || $IO::Socket::SSL::VERSION < 2.061);
+
TODO: {
local $TODO = 'not yet' if $t->has_module('OpenSSL (1.1.1|3)')
&& !$t->has_version('1.15.10');
@@ -153,6 +161,8 @@
}
+}
+
###############################################################################
sub get_ssl_socket {
diff --git a/ssl_sni_sessions.t b/ssl_sni_sessions.t
index a6acab1..5780bc5 100644
--- a/ssl_sni_sessions.t
+++ b/ssl_sni_sessions.t
@@ -46,7 +46,7 @@
ssl_session_cache shared:cache1:1m;
location / {
- return 200 $ssl_server_name:$ssl_session_reused;
+ return 200 $ssl_server_name:$ssl_session_reused:$ssl_protocol;
}
}
@@ -104,8 +104,6 @@
};
plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@;
-$t->plan(6);
-
$t->write_file('openssl.conf', <<EOF);
[ req ]
default_bits = 1024
@@ -129,6 +127,12 @@
$t->run();
+plan(skip_all => 'no TLS 1.3 sessions')
+ if get('default', port(8080), get_ssl_context()) =~ /TLSv1.3/
+ && ($Net::SSLeay::VERSION < 1.88 || $IO::Socket::SSL::VERSION < 2.061);
+
+$t->plan(6);
+
###############################################################################
# check that everything works fine with default server