Tests: fixed upstream zone ssl tests with LibreSSL and TLSv1.3.

mdounin · mdounin · commit c63787237c70 · 2023-03-23T19:50:30.000+03:00
LibreSSL does not support session reuse with TLSv1.3.
diff --git a/stream_upstream_zone_ssl.t b/stream_upstream_zone_ssl.t
@@ -82,6 +82,19 @@ stream {
         ssl_certificate localhost.crt;
         ssl_session_cache builtin;
     }
+
+    server {
+        listen      127.0.0.1:8085;
+        proxy_pass  127.0.0.1:8086;
+    }
+
+    server {
+        listen      127.0.0.1:8086 ssl;
+        return      $ssl_protocol;
+
+        ssl_certificate_key localhost.key;
+        ssl_certificate localhost.crt;
+    }
 }
 
 EOF
@@ -112,13 +125,33 @@ is(stream('127.0.0.1:' . port(8080))->read(), '.', 'ssl');
 is(stream('127.0.0.1:' . port(8080))->read(), '.', 'ssl 2');
 
 is(stream('127.0.0.1:' . port(8081))->read(), '.', 'ssl session new');
+
+TODO: {
+local $TODO = 'no TLSv1.3 sessions in LibreSSL'
+	if $t->has_module('LibreSSL') and test_tls13();
+
 is(stream('127.0.0.1:' . port(8081))->read(), 'r', 'ssl session reused');
 is(stream('127.0.0.1:' . port(8081))->read(), 'r', 'ssl session reused 2');
 
+}
+
 is(stream('127.0.0.1:' . port(8082))->read(), '.', 'backup ssl');
 is(stream('127.0.0.1:' . port(8082))->read(), '.', 'backup ssl 2');
 
 is(stream('127.0.0.1:' . port(8083))->read(), '.', 'backup ssl session new');
+
+TODO: {
+local $TODO = 'no TLSv1.3 sessions in LibreSSL'
+	if $t->has_module('LibreSSL') and test_tls13();
+
 is(stream('127.0.0.1:' . port(8083))->read(), 'r', 'backup ssl session reused');
 
+}
+
+###############################################################################
+
+sub test_tls13 {
+	stream('127.0.0.1:' . port(8085))->read() =~ /TLSv1.3/;
+}
+
 ###############################################################################
diff --git a/upstream_zone_ssl.t b/upstream_zone_ssl.t
@@ -56,6 +56,7 @@ http {
 
         location / {
             add_header X-Session $ssl_session_reused;
+            add_header X-Protocol $ssl_protocol;
         }
     }
 
@@ -114,12 +115,32 @@ $t->run();
 like(http_get('/ssl'), qr/200 OK.*X-Session: \./s, 'ssl');
 like(http_get('/ssl'), qr/200 OK.*X-Session: \./s, 'ssl 2');
 like(http_get('/ssl_reuse'), qr/200 OK.*X-Session: \./s, 'ssl session new');
+
+TODO: {
+local $TODO = 'no TLSv1.3 sessions in LibreSSL'
+	if $t->has_module('LibreSSL') and test_tls13();
+
 like(http_get('/ssl_reuse'), qr/200 OK.*X-Session: r/s, 'ssl session reused');
 like(http_get('/ssl_reuse'), qr/200 OK.*X-Session: r/s, 'ssl session reused 2');
 
+}
+
 like(http_get('/backup'), qr/200 OK.*X-Session: \./s, 'backup');
 like(http_get('/backup'), qr/200 OK.*X-Session: \./s, 'backup 2');
 like(http_get('/backup_reuse'), qr/200 OK.*X-Session: \./s, 'backup new');
+
+TODO: {
+local $TODO = 'no TLSv1.3 sessions in LibreSSL'
+	if $t->has_module('LibreSSL') and test_tls13();
+
 like(http_get('/backup_reuse'), qr/200 OK.*X-Session: r/s, 'backup reused');
 
+}
+
+###############################################################################
+
+sub test_tls13 {
+	http_get('/ssl') =~ /TLSv1.3/;
+}
+
 ###############################################################################
