Tests nginx resumption across cache options

ctz · ctz · commit d97d2dd5aa23 · 2024-04-30T14:59:38.000+01:00
diff --git a/rustls-libssl/tests/nginx.conf b/rustls-libssl/tests/nginx.conf
@@ -10,10 +10,11 @@ http {
     access_log access.log;
 
     server {
+        # no resumption (default)
         listen 8443 ssl;
-        server_name localhost;
         ssl_certificate ../../../test-ca/rsa/server.cert;
         ssl_certificate_key ../../../test-ca/rsa/server.key;
+        server_name localhost;
 
         location = / {
             return 200 "hello world\n";
@@ -44,4 +45,81 @@ http {
             return 200 "s-dn:$ssl_client_s_dn\ni-dn:$ssl_client_i_dn\nserial:$ssl_client_serial\nfp:$ssl_client_fingerprint\nverify:$ssl_client_verify\nv-start:$ssl_client_v_start\nv-end:$ssl_client_v_end\nv-remain:$ssl_client_v_remain\ncert:\n$ssl_client_cert\n";
         }
     }
+
+    server {
+        # per-worker resumption
+        listen 8444 ssl;
+        ssl_session_cache builtin;
+        ssl_certificate ../../../test-ca/rsa/server.cert;
+        ssl_certificate_key ../../../test-ca/rsa/server.key;
+        server_name localhost;
+
+        location = / {
+            return 200 "hello world\n";
+        }
+
+        location /ssl-agreed {
+            return 200 "protocol:$ssl_protocol,cipher:$ssl_cipher\n";
+        }
+
+        location /ssl-server-name {
+            return 200 "server-name:$ssl_server_name\n";
+        }
+
+        location /ssl-was-reused {
+            return 200 "reused:$ssl_session_reused\n";
+        }
+    }
+
+    server {
+        # per-worker & per-server resumption
+        listen 8445 ssl;
+        ssl_session_cache builtin shared:port8445:1M;
+        ssl_certificate ../../../test-ca/rsa/server.cert;
+        ssl_certificate_key ../../../test-ca/rsa/server.key;
+        server_name localhost;
+
+
+        location = / {
+            return 200 "hello world\n";
+        }
+
+        location /ssl-agreed {
+            return 200 "protocol:$ssl_protocol,cipher:$ssl_cipher\n";
+        }
+
+        location /ssl-server-name {
+            return 200 "server-name:$ssl_server_name\n";
+        }
+
+        location /ssl-was-reused {
+            return 200 "reused:$ssl_session_reused\n";
+        }
+
+    }
+
+    server {
+        # per-server resumption
+        listen 8446 ssl;
+        ssl_session_cache shared:port8446:1M;
+        ssl_certificate ../../../test-ca/rsa/server.cert;
+        ssl_certificate_key ../../../test-ca/rsa/server.key;
+        server_name localhost;
+
+        location = / {
+            return 200 "hello world\n";
+        }
+
+        location /ssl-agreed {
+            return 200 "protocol:$ssl_protocol,cipher:$ssl_cipher\n";
+        }
+
+        location /ssl-server-name {
+            return 200 "server-name:$ssl_server_name\n";
+        }
+
+        location /ssl-was-reused {
+            return 200 "reused:$ssl_session_reused\n";
+        }
+    }
 }
diff --git a/rustls-libssl/tests/runner.rs b/rustls-libssl/tests/runner.rs
@@ -371,6 +371,39 @@ fn nginx() {
         b"hello world\n"
     );
 
+    for (port, reused) in [(8443, '.'), (8444, 'r'), (8445, 'r'), (8446, 'r')] {
+        // multiple requests without http connection reuse
+        // (second should be a TLS resumption if possible)
+        assert_eq!(
+            Command::new("curl")
+                .env("LD_LIBRARY_PATH", "")
+                .args([
+                    "--verbose",
+                    "--cacert",
+                    "test-ca/rsa/ca.cert",
+                    "-H",
+                    "connection: close",
+                    &format!("https://localhost:{port}/"),
+                    &format!("https://localhost:{port}/ssl-agreed"),
+                    &format!("https://localhost:{port}/ssl-server-name"),
+                    &format!("https://localhost:{port}/ssl-was-reused")
+                ])
+                .stdout(Stdio::piped())
+                .output()
+                .map(print_output)
+                .unwrap()
+                .stdout,
+            format!(
+                "hello world\n\
+                 protocol:TLSv1.3,cipher:TLS_AES_256_GCM_SHA384\n\
+                 server-name:localhost\n\
+                 reused:{reused}\n"
+            )
+            .as_bytes(),
+        );
+        println!("PASS: resumption test for port={port} reused={reused}");
+    }
+
     // big download (throttled by curl to ensure non-blocking writes work)
     assert_eq!(
         Command::new("curl")
