Skip to content

Commit

Permalink
Tests nginx resumption across cache options
Browse files Browse the repository at this point in the history
  • Loading branch information
ctz committed Apr 30, 2024
1 parent da8f28f commit d97d2dd
Show file tree
Hide file tree
Showing 2 changed files with 112 additions and 1 deletion.
80 changes: 79 additions & 1 deletion rustls-libssl/tests/nginx.conf
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,11 @@ http {
access_log access.log;

server {
# no resumption (default)
listen 8443 ssl;
server_name localhost;
ssl_certificate ../../../test-ca/rsa/server.cert;
ssl_certificate_key ../../../test-ca/rsa/server.key;
server_name localhost;

location = / {
return 200 "hello world\n";
Expand Down Expand Up @@ -44,4 +45,81 @@ http {
return 200 "s-dn:$ssl_client_s_dn\ni-dn:$ssl_client_i_dn\nserial:$ssl_client_serial\nfp:$ssl_client_fingerprint\nverify:$ssl_client_verify\nv-start:$ssl_client_v_start\nv-end:$ssl_client_v_end\nv-remain:$ssl_client_v_remain\ncert:\n$ssl_client_cert\n";
}
}

server {
# per-worker resumption
listen 8444 ssl;
ssl_session_cache builtin;
ssl_certificate ../../../test-ca/rsa/server.cert;
ssl_certificate_key ../../../test-ca/rsa/server.key;
server_name localhost;

location = / {
return 200 "hello world\n";
}

location /ssl-agreed {
return 200 "protocol:$ssl_protocol,cipher:$ssl_cipher\n";
}

location /ssl-server-name {
return 200 "server-name:$ssl_server_name\n";
}

location /ssl-was-reused {
return 200 "reused:$ssl_session_reused\n";
}
}

server {
# per-worker & per-server resumption
listen 8445 ssl;
ssl_session_cache builtin shared:port8445:1M;
ssl_certificate ../../../test-ca/rsa/server.cert;
ssl_certificate_key ../../../test-ca/rsa/server.key;
server_name localhost;


location = / {
return 200 "hello world\n";
}

location /ssl-agreed {
return 200 "protocol:$ssl_protocol,cipher:$ssl_cipher\n";
}

location /ssl-server-name {
return 200 "server-name:$ssl_server_name\n";
}

location /ssl-was-reused {
return 200 "reused:$ssl_session_reused\n";
}

}

server {
# per-server resumption
listen 8446 ssl;
ssl_session_cache shared:port8446:1M;
ssl_certificate ../../../test-ca/rsa/server.cert;
ssl_certificate_key ../../../test-ca/rsa/server.key;
server_name localhost;

location = / {
return 200 "hello world\n";
}

location /ssl-agreed {
return 200 "protocol:$ssl_protocol,cipher:$ssl_cipher\n";
}

location /ssl-server-name {
return 200 "server-name:$ssl_server_name\n";
}

location /ssl-was-reused {
return 200 "reused:$ssl_session_reused\n";
}
}
}
33 changes: 33 additions & 0 deletions rustls-libssl/tests/runner.rs
Original file line number Diff line number Diff line change
Expand Up @@ -371,6 +371,39 @@ fn nginx() {
b"hello world\n"
);

for (port, reused) in [(8443, '.'), (8444, 'r'), (8445, 'r'), (8446, 'r')] {
// multiple requests without http connection reuse
// (second should be a TLS resumption if possible)
assert_eq!(
Command::new("curl")
.env("LD_LIBRARY_PATH", "")
.args([
"--verbose",
"--cacert",
"test-ca/rsa/ca.cert",
"-H",
"connection: close",
&format!("https://localhost:{port}/"),
&format!("https://localhost:{port}/ssl-agreed"),
&format!("https://localhost:{port}/ssl-server-name"),
&format!("https://localhost:{port}/ssl-was-reused")
])
.stdout(Stdio::piped())
.output()
.map(print_output)
.unwrap()
.stdout,
format!(
"hello world\n\
protocol:TLSv1.3,cipher:TLS_AES_256_GCM_SHA384\n\
server-name:localhost\n\
reused:{reused}\n"
)
.as_bytes(),
);
println!("PASS: resumption test for port={port} reused={reused}");
}

// big download (throttled by curl to ensure non-blocking writes work)
assert_eq!(
Command::new("curl")
Expand Down

0 comments on commit d97d2dd

Please sign in to comment.