update test cases

apache · Jul 31, 2023 · 49773e3 · 49773e3
1 parent 5d385be
commit 49773e3
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 58 deletions.
diff --git a/apisix/init.lua b/apisix/init.lua
@@ -211,6 +211,7 @@ function _M.http_ssl_protocols_phase()
         if err then
             core.log.error("failed to fetch ssl config: ", err)
         end
+        core.log.error("failed to find any SSL certificate by SNI: ", sni)
         ngx_exit(-1)
     end
 

diff --git a/ci/common.sh b/ci/common.sh
@@ -21,6 +21,7 @@ export_or_prefix() {
     export OPENRESTY_PREFIX="/usr/local/openresty-debug"
     export APISIX_MAIN="https://raw.githubusercontent.com/apache/incubator-apisix/master/rockspec/apisix-master-0.rockspec"
     export PATH=$OPENRESTY_PREFIX/nginx/sbin:$OPENRESTY_PREFIX/luajit/bin:$OPENRESTY_PREFIX/bin:$PATH
+    export OPENSSL111_BIN=$OPENRESTY_PREFIX/openssl111/bin/openssl
 }
 
 create_lua_deps() {

diff --git a/ci/linux-install-openresty.sh b/ci/linux-install-openresty.sh
@@ -30,14 +30,20 @@ sudo add-apt-repository -y "deb https://openresty.org/package/${arch_path}ubuntu
 
 sudo apt-get update
 
-abt_branch=${abt_branch:="master"}
 
 COMPILE_OPENSSL3=${COMPILE_OPENSSL3-no}
 USE_OPENSSL3=${USE_OPENSSL3-no}
 OPENSSL3_PREFIX=${OPENSSL3_PREFIX-/home/runner}
 SSL_LIB_VERSION=${SSL_LIB_VERSION-openssl}
 
 if [ "$OPENRESTY_VERSION" == "source" ]; then
+    export openssl_prefix=$OPENRESTY_PREFIX/openssl111
+    export zlib_prefix=$OPENRESTY_PREFIX/zlib
+    export pcre_prefix=$OPENRESTY_PREFIX/pcre
+
+    export cc_opt="-DNGX_LUA_ABORT_AT_PANIC -I${zlib_prefix}/include -I${pcre_prefix}/include -I${openssl_prefix}/include"
+    export ld_opt="-L${zlib_prefix}/lib -L${pcre_prefix}/lib -L${openssl_prefix}/lib -Wl,-rpath,${zlib_prefix}/lib:${pcre_prefix}/lib:${openssl_prefix}/lib"
+
     if [ "$COMPILE_OPENSSL3" == "yes" ]; then
         apt install -y build-essential
         git clone https://github.com/openssl/openssl

diff --git a/t/APISIX.pm b/t/APISIX.pm
@@ -267,6 +267,7 @@ env ENABLE_ETCD_AUTH;
 env APISIX_PROFILE;
 env PATH; # for searching external plugin runner's binary
 env TEST_NGINX_HTML_DIR;
+env OPENSSL111_BIN;
 _EOC_
 
 

diff --git a/t/node/ssl-protocols.t b/t/node/ssl-protocols.t
@@ -14,14 +14,22 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-use t::APISIX 'no_plan';
+use t::APISIX;
 
 repeat_each(1);
 log_level('info');
 no_root_location();
 no_shuffle();
 
-$ENV{TEST_NGINX_HTML_DIR} ||= html_dir();
+my $openssl_bin = $ENV{OPENSSL111_BIN};
+if (! -x $openssl_bin) {
+    $ENV{OPENSSL111_BIN} = '/usr/local/openresty/openssl111/bin/openssl';
+    if (! -x $ENV{OPENSSL111_BIN}) {
+        plan(skip_all => "openssl111 not installed");
+    }
+}
+
+plan('no_plan');
 
 add_block_preprocessor(sub {
     my ($block) = @_;
@@ -120,9 +128,9 @@ passed
 
 === TEST 3: Successfully, access test.com with TLSv1.3
 --- exec
-curl -k -v --tls-max 1.3 --tlsv1.3 --resolve "test.com:1994:127.0.0.1" https://test.com:1994/hello 2>&1 | cat
+echo -n "Q"  | $OPENSSL111_BIN s_client -connect 127.0.0.1:1994 -servername test.com -tls1_3 2>&1 | cat
 --- response_body eval
-qr/TLSv1\.3 \(IN\), TLS handshake, Server hello(?s).*hello world/
+qr/Server certificate/
 
 
 
@@ -136,9 +144,9 @@ qr/TLSv1\.2 \(IN\), TLS handshake, Server hello(?s).*hello world/
 
 === TEST 5: Successfully, access test.com with TLSv1.1
 --- exec
-curl -k -v --tls-max 1.1 --tlsv1.1 --resolve "test.com:1994:127.0.0.1" https://test.com:1994/hello 2>&1 | cat
+echo -n "Q"  | $OPENSSL111_BIN s_client -connect 127.0.0.1:1994 -servername test.com -tls1_1 2>&1 | cat
 --- response_body eval
-qr/TLSv1\.1 \(IN\), TLS handshake, Server hello(?s).*hello world/
+qr/Server certificate/
 
 
 
@@ -211,9 +219,9 @@ GET /t
 
 === TEST 8: Successfully, access test.com with TLSv1.3
 --- exec
-curl -k -v --tls-max 1.3 --tlsv1.3 --resolve "test.com:1994:127.0.0.1" https://test.com:1994/hello 2>&1 | cat
+echo -n "Q"  | $OPENSSL111_BIN s_client -connect 127.0.0.1:1994 -servername test.com -tls1_3 2>&1 | cat
 --- response_body eval
-qr/TLSv1\.3 \(IN\), TLS handshake, Server hello(?s).*hello world/
+qr/Server certificate/
 
 
 
@@ -227,9 +235,9 @@ qr/TLSv1\.2 \(IN\), TLS handshake, Server hello(?s).*hello world/
 
 === TEST 10: Successfully, access test2.com with TLSv1.3
 --- exec
-curl -k -v --tls-max 1.3 --tlsv1.3 --resolve "test2.com:1994:127.0.0.1" https://test2.com:1994/hello 2>&1 | cat
+echo -n "Q"  | $OPENSSL111_BIN s_client -connect 127.0.0.1:1994 -servername test2.com -tls1_3 2>&1 | cat
 --- response_body eval
-qr/TLSv1\.3 \(IN\), TLS handshake, Server hello(?s).*hello world/
+qr/Server certificate/
 
 
 
@@ -277,57 +285,14 @@ passed
 
 === TEST 13: Successfully, access test.com with TLSv1.1
 --- exec
-curl -k -v --tls-max 1.1 --tlsv1.1 --resolve "test.com:1994:127.0.0.1" https://test.com:1994/hello 2>&1 | cat
+echo -n "Q"  | $OPENSSL111_BIN s_client -connect 127.0.0.1:1994 -servername test.com -tls1_1 2>&1 | cat
 --- response_body eval
-qr/TLSv1\.1 \(IN\), TLS handshake, Server hello(?s).*hello world/
+qr/Server certificate/
 
 
 
 === TEST 14: Failed, access test.com with TLSv1.3
 --- exec
-curl -k -v --tls-max 1.3 --tlsv1.3 --resolve "test.com:1994:127.0.0.1" https://test.com:1994/hello 2>&1 | cat
+echo -n "Q"  | $OPENSSL111_BIN s_client -connect 127.0.0.1:1994 -servername test.com -tls1_3 2>&1 | cat
 --- response_body eval
-qr/TLSv1\.3 \(IN\), TLS alert/
-
-
-
-=== TEST 15: hello
---- config
-listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
-
-location /t {
-    content_by_lua_block {
-        do
-            local sock = ngx.socket.tcp()
-            local ssl = require "ssl"
-
-            sock:settimeout(2000)
-
-            local ok, err = sock:connect("unix:$TEST_NGINX_HTML_DIR/nginx.sock")
-            if not ok then
-                ngx.say("failed to connect: ", err)
-                return
-            end
-
-            local params = {
-                mode = "client",
-                protocol = "tlsv1_3",
-                verify = "none",
-                options = "all",
-            }
-            local sec_sock = ssl.wrap(sock, params)
-
-            local sess, err = sec_sock:dohandshake()
-            if not sess then
-                ngx.say("failed to do SSL handshake: ", err)
-                return
-            end
-            ngx.say("ssl handshake: ", sess ~= nil)
-        end  -- do
-        -- collectgarbage()
-    }
-}
---- request
-GET /t
---- response_body
-ssl handshake: true
+qr/tlsv1 alert/