On 10/21/2018 6:46 AM, Rainer Jung wrote:
> Am 18.10.2018 um 14:23 schrieb Stefan Eissing:
>>> Am 18.10.2018 um 14:12 schrieb Rainer Jung <rainer.j...@kippdata.de>:
>>>
>>> - t/modules/http2.t fails when the server is build using OpenSSL
>>> 0.9.8zh with the "Bad plan. You planned 52 tests..." message
>>> indicating, that h2 using TLS does not work. It happens on all
>>> platforms, but not if the client also uses OpenSSL 0.9.8zh.
>>>
>>> I don't know whether that is expected for old OpenSSL, so can not
>>> judge on criticality.
>>
>> AFAICT, correct me if I am wrong, OpenSSL 0.9.8 does not support
>> TLSv1.2 and is therefore unusable with h2. The test suite seems to be
>> unprepared for this scenario. I will remove it after the next
>> release. It is not worth fixing in its current form.
>
> I added a check agains the test suite OpenSSL version in r1844483.
>
> I have an aditional check for the server version available.
> Unfortunately I didn't find a really easy way, so here's a small
> module that one can query
> (c-modules/test_ssl_version/mod_test_ssl_version.c), mostly a
> shortened form of mod_test_ssl.c:
>
> ==== SNIP =====
> #define HTTPD_TEST_REQUIRE_APACHE 2
>
> #if CONFIG_FOR_HTTPD_TEST
>
> <IfModule @ssl_module@>
> <Location /test_ssl_version_lookup>
> SetHandler test-ssl-version-lookup
> </Location>
> </IfModule>
>
> #endif
>
> #include "httpd.h"
> #include "http_config.h"
> #include "http_protocol.h"
> #include "http_log.h"
> #include "ap_config.h"
> #include "apr_optional.h"
>
> #if AP_MODULE_MAGIC_AT_LEAST(20040425, 0) /* simply include mod_ssl.h
> if using >= 2.1.0 */
>
> #include "mod_ssl.h"
>
> #else
> /* For use of < 2.0.x, inline the declaration: */
>
> APR_DECLARE_OPTIONAL_FN(char *, ssl_var_lookup,
> (apr_pool_t *, server_rec *,
> conn_rec *, request_rec *,
> char *));
>
> #endif
>
> static APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *var_lookup;
>
> static void import_ssl_var_lookup(void)
> {
> var_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup);
> }
>
> static int test_ssl_version_lookup(request_rec *r)
> {
> char *value;
>
> if (strcmp(r->handler, "test-ssl-version-lookup")) {
> return DECLINED;
> }
>
> if (r->method_number != M_GET) {
> return DECLINED;
> }
>
> if (!var_lookup) {
> ap_rputs("ssl_var_lookup is not available", r);
> return OK;
> }
>
> value = var_lookup(r->pool, r->server,
> r->connection, r, "SSL_VERSION_LIBRARY");
>
> if (value && *value) {
> ap_rputs(value, r);
> }
> else {
> ap_rputs("NULL", r);
> }
>
> return OK;
> }
>
> static void test_ssl_version_register_hooks(apr_pool_t *p)
> {
> ap_hook_handler(test_ssl_version_lookup, NULL, NULL,
> APR_HOOK_MIDDLE);
> ap_hook_optional_fn_retrieve(import_ssl_var_lookup,
> NULL, NULL, APR_HOOK_MIDDLE);
> }
>
> module AP_MODULE_DECLARE_DATA test_ssl_version_module = {
> STANDARD20_MODULE_STUFF,
> NULL, /* create per-dir config structures */
> NULL, /* merge per-dir config structures */
> NULL, /* create per-server config structures */
> NULL, /* merge per-server config structures */
> NULL, /* table of config file commands */
> test_ssl_version_register_hooks /* register hooks */
> };
> ==== SNIP =====
>
> and the necessary addition to http2.t to use the module:
>
> Index: t/modules/http2.t
> ===================================================================
> --- t/modules/http2.t (revision 1844483)
> +++ t/modules/http2.t (working copy)
> @@ -25,6 +25,16 @@
> my $openssl_version = Net::SSLeay::OPENSSL_VERSION_NUMBER();
> if ($openssl_version < 0x10000000) {
> $tls_modern = 0;
> +} else {
> + Apache::TestRequest::scheme("https");
> + my $url = '/test_ssl_version_lookup';
> + my $r = GET("$url");
> + $openssl_version = $r->content;
> + print STDOUT "OpenSSL version '$openssl_version'\n";
> + # OpenSSL/0.9.8zh, OpenSSL/1.0.2p etc.
> + if ($openssl_version =~ /\/0\./) {
> + $tls_modern = 0;
> + }
> }
>
> Apache::TestRequest::module("http2");
>
> What do people think? Should I apply it?
>
> Regards,
>
> Rainer
+1
--
Daniel Ruggeri
