You are viewing a plain text version of this content. The canonical link for it is here.
Posted to test-commits@perl.apache.org by jo...@apache.org on 2018/10/10 12:15:47 UTC
svn commit: r1843435 - in /perl/Apache-Test/trunk/lib/Apache: TestConfig.pm
TestSSLCA.pm
Author: jorton
Date: Wed Oct 10 12:15:46 2018
New Revision: 1843435
URL: http://svn.apache.org/viewvc?rev=1843435&view=rev
Log:
Expose -sslproto flag and try to hack around OpenSSL 1.1.1 PHA mess
so mod_ssl tests aren't entirely broken under TLSv1.3.
Modified:
perl/Apache-Test/trunk/lib/Apache/TestConfig.pm
perl/Apache-Test/trunk/lib/Apache/TestSSLCA.pm
Modified: perl/Apache-Test/trunk/lib/Apache/TestConfig.pm
URL: http://svn.apache.org/viewvc/perl/Apache-Test/trunk/lib/Apache/TestConfig.pm?rev=1843435&r1=1843434&r2=1843435&view=diff
==============================================================================
--- perl/Apache-Test/trunk/lib/Apache/TestConfig.pm (original)
+++ perl/Apache-Test/trunk/lib/Apache/TestConfig.pm Wed Oct 10 12:15:46 2018
@@ -86,6 +86,7 @@ use vars qw(%Usage);
proxyssl_url => 'url for testing ProxyPass / https (default is localhost)',
sslca => 'location of SSL CA (default is $t_conf/ssl/ca)',
sslcaorg => 'SSL CA organization to use for tests (default is asf)',
+ sslproto => 'SSL/TLS protocol version(s) to test',
libmodperl => 'path to mod_perl\'s .so (full or relative to LIBEXECDIR)',
defines => 'values to add as -D defines (for example, "VAR1 VAR2")',
(map { $_ . '_module_name', "$_ module name"} qw(cgi ssl thread access auth php)),
@@ -296,6 +297,16 @@ sub new {
$vars->{t_conf} ||= catfile $vars->{serverroot}, 'conf';
$vars->{sslca} ||= catfile $vars->{t_conf}, 'ssl', 'ca';
$vars->{sslcaorg} ||= 'asf';
+
+ if (!defined($vars->{sslproto})) {
+ require Apache::TestSSLCA;
+
+ $vars->{sslproto} = Apache::TestSSLCA::sslproto();
+ }
+ else {
+ $vars->{sslproto} = 'all';
+ }
+
$vars->{t_logs} ||= catfile $vars->{serverroot}, 'logs';
$vars->{t_conf_file} ||= catfile $vars->{t_conf}, 'httpd.conf';
$vars->{t_pid_file} ||= catfile $vars->{t_logs}, 'httpd.pid';
Modified: perl/Apache-Test/trunk/lib/Apache/TestSSLCA.pm
URL: http://svn.apache.org/viewvc/perl/Apache-Test/trunk/lib/Apache/TestSSLCA.pm?rev=1843435&r1=1843434&r2=1843435&view=diff
==============================================================================
--- perl/Apache-Test/trunk/lib/Apache/TestSSLCA.pm (original)
+++ perl/Apache-Test/trunk/lib/Apache/TestSSLCA.pm Wed Oct 10 12:15:46 2018
@@ -70,6 +70,20 @@ if (Apache::Test::normalize_vstring($ver
$san_msupn = $san_dnssrv = "";
}
+my $sslproto = "all";
+
+if (Apache::Test::normalize_vstring($version) >=
+ Apache::Test::normalize_vstring("1.1.1")
+ && !defined(&Net::SSLeay::CTX_set_post_handshake_auth)) {
+ # OpenSSL 1.1.1 disables PHA by default client-side in TLSv1.3 but
+ # most clients are not updated to enable it (at time of writing).
+ # Many mod_ssl tests require working PHA, so disable v1.3 unless
+ # using an updated Net::SSLeay. This is strictly insufficient
+ # since an updated IO::Socket::SSL is also needed; to be
+ # continued. Ref: https://github.com/openssl/openssl/issues/6933
+ $sslproto = "all -TLSv1.3";
+}
+
my $ca_dn = {
asf => {
C => 'US',
@@ -570,5 +584,9 @@ sub email_field {
return $email_field;
}
+sub sslproto {
+ return $sslproto;
+}
+
1;
__END__