On 10/21/2018 6:46 AM, Rainer Jung wrote: > Am 18.10.2018 um 14:23 schrieb Stefan Eissing: >>> Am 18.10.2018 um 14:12 schrieb Rainer Jung <rainer.j...@kippdata.de>: >>> >>> - t/modules/http2.t fails when the server is build using OpenSSL >>> 0.9.8zh with the "Bad plan. You planned 52 tests..." message >>> indicating, that h2 using TLS does not work. It happens on all >>> platforms, but not if the client also uses OpenSSL 0.9.8zh. >>> >>> I don't know whether that is expected for old OpenSSL, so can not >>> judge on criticality. >> >> AFAICT, correct me if I am wrong, OpenSSL 0.9.8 does not support >> TLSv1.2 and is therefore unusable with h2. The test suite seems to be >> unprepared for this scenario. I will remove it after the next >> release. It is not worth fixing in its current form. > > I added a check agains the test suite OpenSSL version in r1844483. > > I have an aditional check for the server version available. > Unfortunately I didn't find a really easy way, so here's a small > module that one can query > (c-modules/test_ssl_version/mod_test_ssl_version.c), mostly a > shortened form of mod_test_ssl.c: > > ==== SNIP ===== > #define HTTPD_TEST_REQUIRE_APACHE 2 > > #if CONFIG_FOR_HTTPD_TEST > > <IfModule @ssl_module@> > <Location /test_ssl_version_lookup> > SetHandler test-ssl-version-lookup > </Location> > </IfModule> > > #endif > > #include "httpd.h" > #include "http_config.h" > #include "http_protocol.h" > #include "http_log.h" > #include "ap_config.h" > #include "apr_optional.h" > > #if AP_MODULE_MAGIC_AT_LEAST(20040425, 0) /* simply include mod_ssl.h > if using >= 2.1.0 */ > > #include "mod_ssl.h" > > #else > /* For use of < 2.0.x, inline the declaration: */ > > APR_DECLARE_OPTIONAL_FN(char *, ssl_var_lookup, > (apr_pool_t *, server_rec *, > conn_rec *, request_rec *, > char *)); > > #endif > > static APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *var_lookup; > > static void import_ssl_var_lookup(void) > { > var_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup); > } > > static int test_ssl_version_lookup(request_rec *r) > { > char *value; > > if (strcmp(r->handler, "test-ssl-version-lookup")) { > return DECLINED; > } > > if (r->method_number != M_GET) { > return DECLINED; > } > > if (!var_lookup) { > ap_rputs("ssl_var_lookup is not available", r); > return OK; > } > > value = var_lookup(r->pool, r->server, > r->connection, r, "SSL_VERSION_LIBRARY"); > > if (value && *value) { > ap_rputs(value, r); > } > else { > ap_rputs("NULL", r); > } > > return OK; > } > > static void test_ssl_version_register_hooks(apr_pool_t *p) > { > ap_hook_handler(test_ssl_version_lookup, NULL, NULL, > APR_HOOK_MIDDLE); > ap_hook_optional_fn_retrieve(import_ssl_var_lookup, > NULL, NULL, APR_HOOK_MIDDLE); > } > > module AP_MODULE_DECLARE_DATA test_ssl_version_module = { > STANDARD20_MODULE_STUFF, > NULL, /* create per-dir config structures */ > NULL, /* merge per-dir config structures */ > NULL, /* create per-server config structures */ > NULL, /* merge per-server config structures */ > NULL, /* table of config file commands */ > test_ssl_version_register_hooks /* register hooks */ > }; > ==== SNIP ===== > > and the necessary addition to http2.t to use the module: > > Index: t/modules/http2.t > =================================================================== > --- t/modules/http2.t (revision 1844483) > +++ t/modules/http2.t (working copy) > @@ -25,6 +25,16 @@ > my $openssl_version = Net::SSLeay::OPENSSL_VERSION_NUMBER(); > if ($openssl_version < 0x10000000) { > $tls_modern = 0; > +} else { > + Apache::TestRequest::scheme("https"); > + my $url = '/test_ssl_version_lookup'; > + my $r = GET("$url"); > + $openssl_version = $r->content; > + print STDOUT "OpenSSL version '$openssl_version'\n"; > + # OpenSSL/0.9.8zh, OpenSSL/1.0.2p etc. > + if ($openssl_version =~ /\/0\./) { > + $tls_modern = 0; > + } > } > > Apache::TestRequest::module("http2"); > > What do people think? Should I apply it? > > Regards, > > Rainer
+1 -- Daniel Ruggeri