[PATCH 3 of 5] Tests: session reuse handling with Net::SSLeay with LibreSSL

Maxim Dounin Tue, 30 Apr 2024 18:24:28 -0700

# HG changeset patch
# User Maxim Dounin <mdou...@mdounin.ru>
# Date 1714514801 -10800
#      Wed May 01 01:06:41 2024 +0300
# Node ID 68b3d0906228ccb5d6f721d776bf68cd6c7fbc3f
# Parent  9910e3aa527abb558fbcd6ea54af9b22f058d361
Tests: session reuse handling with Net::SSLeay with LibreSSL.


LibreSSL does not support session reuse with TLSv1.3, and this causes
various test failures if Net::SSLeay is compiled with LibreSSL.  Notably,
this affects macOS, where Net::SSLeay compiled with LibreSSL is shipped
with the OS.

Fix is to mark relevant tests as TODO if Net::SSLeay is compiled with
LibreSSL, similarly to what we already do for LibreSSL on the server side.

diff --git a/mail_ssl_session_reuse.t b/mail_ssl_session_reuse.t
--- a/mail_ssl_session_reuse.t
+++ b/mail_ssl_session_reuse.t
@@ -140,6 +140,8 @@ local $TODO = 'no TLSv1.3 sessions, old 
        if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
 local $TODO = 'no TLSv1.3 sessions in LibreSSL'
        if $t->has_module('LibreSSL') && test_tls13();
+local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)'
+       if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13();
 
 is(test_reuse(8993), 1, 'tickets reused');
 is(test_reuse(8994), 1, 'tickets and cache reused');
diff --git a/ssl.t b/ssl.t
--- a/ssl.t
+++ b/ssl.t
@@ -186,6 +186,8 @@ local $TODO = 'no TLSv1.3 sessions, old 
        if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
 local $TODO = 'no TLSv1.3 sessions in LibreSSL'
        if $t->has_module('LibreSSL') && test_tls13();
+local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)'
+       if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13();
 
 like(get('/', 8085, $ctx), qr/^body r$/m, 'session reused');
 
diff --git a/ssl_certificate.t b/ssl_certificate.t
--- a/ssl_certificate.t
+++ b/ssl_certificate.t
@@ -171,6 +171,8 @@ local $TODO = 'no TLSv1.3 sessions, old 
        if $Net::SSLeay::VERSION < 1.88 && test_tls13();
 local $TODO = 'no TLSv1.3 sessions, old IO::Socket::SSL'
        if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
+local $TODO = 'not TLSv1.3 sessions in Net::SSLeay (LibreSSL)'
+       if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13();
 
 like(get('default', 8080, $s), qr/default:r/, 'session reused');
 
diff --git a/ssl_ocsp.t b/ssl_ocsp.t
--- a/ssl_ocsp.t
+++ b/ssl_ocsp.t
@@ -361,6 +361,8 @@ local $TODO = 'no TLSv1.3 sessions, old 
        if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
 local $TODO = 'no TLSv1.3 sessions in LibreSSL'
        if $t->has_module('LibreSSL') && test_tls13();
+local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)'
+       if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13();
 
 like(get('ec-end', ses => $s),
        qr/200 OK.*SUCCESS:r/s, 'session reused');
@@ -393,6 +395,8 @@ local $TODO = 'no TLSv1.3 sessions, old 
        if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
 local $TODO = 'no TLSv1.3 sessions in LibreSSL'
        if $t->has_module('LibreSSL') && test_tls13();
+local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)'
+       if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13();
 
 like(get('ec-end', ses => $s),
        qr/400 Bad.*FAILED:certificate revoked:r/s, 'session reused - revoked');
diff --git a/ssl_session_reuse.t b/ssl_session_reuse.t
--- a/ssl_session_reuse.t
+++ b/ssl_session_reuse.t
@@ -167,6 +167,8 @@ local $TODO = 'no TLSv1.3 sessions, old 
        if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
 local $TODO = 'no TLSv1.3 sessions in LibreSSL'
        if $t->has_module('LibreSSL') && test_tls13();
+local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)'
+       if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13();
 
 is(test_reuse(8443), 1, 'tickets reused');
 is(test_reuse(8444), 1, 'tickets and cache reused');
diff --git a/ssl_session_ticket_key.t b/ssl_session_ticket_key.t
--- a/ssl_session_ticket_key.t
+++ b/ssl_session_ticket_key.t
@@ -105,6 +105,8 @@ local $TODO = 'no TLSv1.3 sessions, old 
        if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
 local $TODO = 'no TLSv1.3 sessions in LibreSSL'
        if $t->has_module('LibreSSL') && test_tls13();
+local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)'
+       if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13();
 
 cmp_ok(get_ticket_key_name(), 'ne', $key, 'ticket key next');
 
diff --git a/ssl_sni.t b/ssl_sni.t
--- a/ssl_sni.t
+++ b/ssl_sni.t
@@ -128,6 +128,8 @@ local $TODO = 'no TLSv1.3 sessions, old 
        if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
 local $TODO = 'no TLSv1.3 sessions in LibreSSL'
        if $t->has_module('LibreSSL') && test_tls13();
+local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)'
+       if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13();
 
 like(get('/name', 'localhost', $ctx), qr/^r:localhost$/m,
        'ssl server name - reused');
diff --git a/ssl_sni_sessions.t b/ssl_sni_sessions.t
--- a/ssl_sni_sessions.t
+++ b/ssl_sni_sessions.t
@@ -116,6 +116,8 @@ plan(skip_all => 'no TLSv1.3 sessions, o
        if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
 plan(skip_all => 'no TLSv1.3 sessions in LibreSSL')
         if $t->has_module('LibreSSL') && test_tls13();
+plan(skip_all => 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)')
+       if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13();
 plan(skip_all => 'no TLS 1.3 session cache in BoringSSL')
        if $t->has_module('BoringSSL') && test_tls13();
 
diff --git a/stream_ssl_certificate.t b/stream_ssl_certificate.t
--- a/stream_ssl_certificate.t
+++ b/stream_ssl_certificate.t
@@ -148,6 +148,8 @@ local $TODO = 'no TLSv1.3 sessions, old 
        if $Net::SSLeay::VERSION < 1.88 && test_tls13();
 local $TODO = 'no TLSv1.3 sessions, old IO::Socket::SSL'
        if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
+local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)'
+       if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13();
 
 like(get('default', 8080, $s), qr/default:r/, 'session reused');
 
diff --git a/stream_ssl_session_reuse.t b/stream_ssl_session_reuse.t
--- a/stream_ssl_session_reuse.t
+++ b/stream_ssl_session_reuse.t
@@ -144,6 +144,8 @@ local $TODO = 'no TLSv1.3 sessions, old 
        if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
 local $TODO = 'no TLSv1.3 sessions in LibreSSL'
        if $t->has_module('LibreSSL') && test_tls13();
+local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)'
+       if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13();
 
 is(test_reuse(8443), 1, 'tickets reused');
 is(test_reuse(8444), 1, 'tickets and cache reused');
diff --git a/stream_ssl_variables.t b/stream_ssl_variables.t
--- a/stream_ssl_variables.t
+++ b/stream_ssl_variables.t
@@ -98,6 +98,8 @@ local $TODO = 'no TLSv1.3 sessions, old 
        if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
 local $TODO = 'no TLSv1.3 sessions in LibreSSL'
        if $t->has_module('LibreSSL') && test_tls13();
+local $TODO = 'no TLSv1.3 sessions in Net::SSLeay (LibreSSL)'
+       if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13();
 
 $s = stream(
        PeerAddr => '127.0.0.1:' . port(8443),

-- 
nginx-devel mailing list
nginx-devel@freenginx.org
https://freenginx.org/mailman/listinfo/nginx-devel

[PATCH 3 of 5] Tests: session reuse handling with Net::SSLeay with LibreSSL

Reply via email to