tests: fixed a newly failing test due to openresty.org now rejecting …

…TLSv1 connections.
openresty · Feb 10, 2020 · fd06ddd · fd06ddd
1 parent b973eb2
commit fd06ddd
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 14 deletions.
diff --git a/t/129-ssl-socket.t b/t/129-ssl-socket.t
@@ -1,16 +1,18 @@
 # vim:set ft= ts=4 sw=4 et fdm=marker:
 
 use Test::Nginx::Socket::Lua::Stream;
+use Cwd qw(abs_path realpath);
+use File::Basename;
 
 repeat_each(2);
 
 plan tests => repeat_each() * 216;
 
 $ENV{TEST_NGINX_HTML_DIR} ||= html_dir();
-
 $ENV{TEST_NGINX_MEMCACHED_PORT} ||= 11211;
 $ENV{TEST_NGINX_RESOLVER} ||= '8.8.8.8';
 $ENV{TEST_NGINX_SERVER_SSL_PORT} ||= 12345;
+$ENV{TEST_NGINX_CERT_DIR} ||= dirname(realpath(abs_path(__FILE__)));
 
 #log_level 'warn';
 log_level 'debug';
@@ -94,10 +96,8 @@ __DATA__
             end  -- do
             collectgarbage()
         ';
-
 --- config
     server_tokens off;
-
 --- stream_response_like chop
 \Aconnected: 1
 ssl handshake: userdata
@@ -1226,32 +1226,45 @@ SSL reused session
 
 
 === TEST 16: explicit ssl protocol configuration
+--- http_config
+    server {
+        listen              unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
+        server_name         test.com;
+        ssl_certificate     $TEST_NGINX_CERT_DIR/cert/test.crt;
+        ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
+        ssl_protocols       TLSv1;
+
+        location / {
+            content_by_lua_block {
+                ngx.exit(200)
+            }
+        }
+    }
 --- stream_server_config
-    resolver $TEST_NGINX_RESOLVER ipv6=off;
     lua_ssl_protocols TLSv1;
 
     content_by_lua '
             local sock = ngx.socket.tcp()
             sock:settimeout(2000)
 
             do
-                local ok, err = sock:connect("openresty.org", 443)
+                local ok, err = sock:connect("unix:$TEST_NGINX_HTML_DIR/nginx.sock")
                 if not ok then
                     ngx.say("failed to connect: ", err)
                     return
                 end
 
                 ngx.say("connected: ", ok)
 
-                local session, err = sock:sslhandshake(nil, "openresty.org")
+                local session, err = sock:sslhandshake(nil, "test.com")
                 if not session then
                     ngx.say("failed to do SSL handshake: ", err)
                     return
                 end
 
                 ngx.say("ssl handshake: ", type(session))
 
-                local req = "GET / HTTP/1.1\\r\\nHost: openresty.org\\r\\nConnection: close\\r\\n\\r\\n"
+                local req = "GET / HTTP/1.1\\r\\nHost: test.com\\r\\nConnection: close\\r\\n\\r\\n"
                 local bytes, err = sock:send(req)
                 if not bytes then
                     ngx.say("failed to send stream request: ", err)
@@ -1273,15 +1286,13 @@ SSL reused session
             end  -- do
             collectgarbage()
         ';
-
 --- config
     server_tokens off;
-
 --- stream_response
 connected: 1
 ssl handshake: userdata
-sent stream request: 58 bytes.
-received: HTTP/1.1 302 Moved Temporarily
+sent stream request: 53 bytes.
+received: HTTP/1.1 200 OK
 close: 1 nil
 
 --- log_level: debug
@@ -1292,14 +1303,13 @@ lua ssl free session: ([0-9A-F]+)
 $/
 --- error_log eval
 [
-'lua ssl server name: "openresty.org"',
-qr/SSL: TLSv1, cipher: "ECDHE-RSA-AES(?:256|128)-SHA\b/,
+'lua ssl server name: "test.com"',
+qr/SSL: TLSv1, cipher: "ECDHE-RSA-AES256-SHA (SSLv3|TLSv1)/
 ]
 --- no_error_log
 SSL reused session
 [error]
 [alert]
---- timeout: 5
 
 
 

diff --git a/util/build.sh b/util/build.sh
@@ -16,6 +16,7 @@ ngx-build $force $version \
             --with-ld-opt="-L$PCRE_LIB -L$OPENSSL_LIB -Wl,-rpath,$PCRE_LIB:$LIBDRIZZLE_LIB:$OPENSSL_LIB" \
             --with-http_stub_status_module \
             --with-http_image_filter_module \
+            --with-http_ssl_module \
             --without-mail_pop3_module \
             --without-mail_imap_module \
             --without-mail_smtp_module \