Tests: added $ssl_server_name tests with SSL session reuse.
diff --git a/ssl.t b/ssl.t
index dc128b1..0b8d303 100644
--- a/ssl.t
+++ b/ssl.t
@@ -31,7 +31,7 @@
plan(skip_all => 'IO::Socket::SSL too old') if $@;
my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite proxy/)
- ->has_daemon('openssl')->plan(23);
+ ->has_daemon('openssl')->plan(25);
$t->write_file_expand('nginx.conf', <<'EOF');
@@ -62,6 +62,9 @@
location /reuse {
return 200 "body $ssl_session_reused";
}
+ location /sni {
+ return 200 "body $ssl_session_reused:$ssl_server_name";
+ }
location /id {
return 200 "body $ssl_session_id";
}
@@ -224,6 +227,27 @@
like(get('/', 8084), qr/^body \.$/m, 'reused off initial session');
like(get('/', 8084), qr/^body \.$/m, 'session not reused 2');
+# ssl_server_name
+
+SKIP: {
+skip 'no sni', 2 unless $t->has_module('sni');
+
+$ctx = new IO::Socket::SSL::SSL_Context(
+ SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
+ SSL_session_cache_size => 100);
+
+like(get('/sni', 8085), qr/^body \.:localhost$/m, 'ssl server name');
+
+TODO: {
+local $TODO = 'not yet' if $t->has_module('OpenSSL (1.1.1|3)')
+ && !$t->has_version('1.15.10');
+
+like(get('/sni', 8085), qr/^body r:localhost$/m, 'ssl server name - reused');
+
+}
+
+}
+
# ssl certificate inheritance
my $s = get_ssl_socket($ctx, port(8081));
@@ -307,6 +331,7 @@
PeerPort => $port,
SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
SSL_reuse_ctx => $ctx,
+ SSL_hostname => 'localhost',
SSL_error_trap => sub { die $_[1] },
%extra
);
diff --git a/stream_ssl_variables.t b/stream_ssl_variables.t
index 7a1fddf..6808051 100644
--- a/stream_ssl_variables.t
+++ b/stream_ssl_variables.t
@@ -40,7 +40,7 @@
};
plan(skip_all => 'Net::SSLeay with OpenSSL SNI support required') if $@;
-my $t = Test::Nginx->new()->has(qw/stream stream_ssl sni stream_return/)
+my $t = Test::Nginx->new()->has(qw/stream stream_ssl stream_return/)
->has_daemon('openssl');
$t->write_file_expand('nginx.conf', <<'EOF');
@@ -55,13 +55,12 @@
stream {
ssl_certificate_key localhost.key;
ssl_certificate localhost.crt;
+ ssl_session_cache builtin;
server {
listen 127.0.0.1:8080;
listen 127.0.0.1:8081 ssl;
return $ssl_session_reused:$ssl_session_id:$ssl_cipher:$ssl_protocol;
-
- ssl_session_cache builtin;
}
server {
@@ -90,7 +89,7 @@
or die "Can't create certificate for $name: $!\n";
}
-$t->run()->plan(5);
+$t->run()->plan(6);
###############################################################################
@@ -107,12 +106,27 @@
like(Net::SSLeay::read($ssl), qr/^r:\w{64}:[\w-]+:(TLS|SSL)v(\d|\.)+$/,
'ssl variables - session reused');
+SKIP: {
+skip 'no sni', 3 unless $t->has_module('sni');
+
($s, $ssl) = get_ssl_socket(port(8082), undef, 'example.com');
is(Net::SSLeay::ssl_read_all($ssl), 'example.com', 'ssl server name');
+TODO: {
+local $TODO = 'not yet' if $t->has_module('OpenSSL (1.1.1|3)')
+ && !$t->has_version('1.15.10');
+
+my $ses = Net::SSLeay::get_session($ssl);
+($s, $ssl) = get_ssl_socket(port(8082), $ses);
+is(Net::SSLeay::ssl_read_all($ssl), 'example.com', 'ssl server name - reused');
+
+}
+
($s, $ssl) = get_ssl_socket(port(8082));
is(Net::SSLeay::ssl_read_all($ssl), '', 'ssl server name empty');
+}
+
###############################################################################
sub get_ssl_socket {