From fd06dddd2ad8b7997abbff521d27924f0f616469 Mon Sep 17 00:00:00 2001 From: Thibault Charbonnier Date: Sat, 8 Feb 2020 01:29:58 -0800 Subject: [PATCH] tests: fixed a newly failing test due to openresty.org now rejecting TLSv1 connections. --- t/129-ssl-socket.t | 38 ++++++++++++++++++++++++-------------- util/build.sh | 1 + 2 files changed, 25 insertions(+), 14 deletions(-) diff --git a/t/129-ssl-socket.t b/t/129-ssl-socket.t index 569c272b..383d61ac 100644 --- a/t/129-ssl-socket.t +++ b/t/129-ssl-socket.t @@ -1,16 +1,18 @@ # vim:set ft= ts=4 sw=4 et fdm=marker: use Test::Nginx::Socket::Lua::Stream; +use Cwd qw(abs_path realpath); +use File::Basename; repeat_each(2); plan tests => repeat_each() * 216; $ENV{TEST_NGINX_HTML_DIR} ||= html_dir(); - $ENV{TEST_NGINX_MEMCACHED_PORT} ||= 11211; $ENV{TEST_NGINX_RESOLVER} ||= '8.8.8.8'; $ENV{TEST_NGINX_SERVER_SSL_PORT} ||= 12345; +$ENV{TEST_NGINX_CERT_DIR} ||= dirname(realpath(abs_path(__FILE__))); #log_level 'warn'; log_level 'debug'; @@ -94,10 +96,8 @@ __DATA__ end -- do collectgarbage() '; - --- config server_tokens off; - --- stream_response_like chop \Aconnected: 1 ssl handshake: userdata @@ -1226,8 +1226,21 @@ SSL reused session === TEST 16: explicit ssl protocol configuration +--- http_config + server { + listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl; + server_name test.com; + ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; + ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; + ssl_protocols TLSv1; + + location / { + content_by_lua_block { + ngx.exit(200) + } + } + } --- stream_server_config - resolver $TEST_NGINX_RESOLVER ipv6=off; lua_ssl_protocols TLSv1; content_by_lua ' @@ -1235,7 +1248,7 @@ SSL reused session sock:settimeout(2000) do - local ok, err = sock:connect("openresty.org", 443) + local ok, err = sock:connect("unix:$TEST_NGINX_HTML_DIR/nginx.sock") if not ok then ngx.say("failed to connect: ", err) return @@ -1243,7 +1256,7 @@ SSL reused session ngx.say("connected: ", ok) - local session, err = sock:sslhandshake(nil, "openresty.org") + local session, err = sock:sslhandshake(nil, "test.com") if not session then ngx.say("failed to do SSL handshake: ", err) return @@ -1251,7 +1264,7 @@ SSL reused session ngx.say("ssl handshake: ", type(session)) - local req = "GET / HTTP/1.1\\r\\nHost: openresty.org\\r\\nConnection: close\\r\\n\\r\\n" + local req = "GET / HTTP/1.1\\r\\nHost: test.com\\r\\nConnection: close\\r\\n\\r\\n" local bytes, err = sock:send(req) if not bytes then ngx.say("failed to send stream request: ", err) @@ -1273,15 +1286,13 @@ SSL reused session end -- do collectgarbage() '; - --- config server_tokens off; - --- stream_response connected: 1 ssl handshake: userdata -sent stream request: 58 bytes. -received: HTTP/1.1 302 Moved Temporarily +sent stream request: 53 bytes. +received: HTTP/1.1 200 OK close: 1 nil --- log_level: debug @@ -1292,14 +1303,13 @@ lua ssl free session: ([0-9A-F]+) $/ --- error_log eval [ -'lua ssl server name: "openresty.org"', -qr/SSL: TLSv1, cipher: "ECDHE-RSA-AES(?:256|128)-SHA\b/, +'lua ssl server name: "test.com"', +qr/SSL: TLSv1, cipher: "ECDHE-RSA-AES256-SHA (SSLv3|TLSv1)/ ] --- no_error_log SSL reused session [error] [alert] ---- timeout: 5 diff --git a/util/build.sh b/util/build.sh index 6f73d732..b8dc34d3 100755 --- a/util/build.sh +++ b/util/build.sh @@ -16,6 +16,7 @@ ngx-build $force $version \ --with-ld-opt="-L$PCRE_LIB -L$OPENSSL_LIB -Wl,-rpath,$PCRE_LIB:$LIBDRIZZLE_LIB:$OPENSSL_LIB" \ --with-http_stub_status_module \ --with-http_image_filter_module \ + --with-http_ssl_module \ --without-mail_pop3_module \ --without-mail_imap_module \ --without-mail_smtp_module \