diff --git a/src/ngx_http_lua_socket_tcp.c b/src/ngx_http_lua_socket_tcp.c index f0988bc..17d3db2 100644 --- a/src/ngx_http_lua_socket_tcp.c +++ b/src/ngx_http_lua_socket_tcp.c @@ -1320,9 +1320,8 @@ ngx_http_lua_socket_tcp_sslhandshake(lua_State *L) return 2; } - ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0, - "lua ssl set session: %p:%d", - *psession, (*psession)->references); + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, + "lua ssl set session: %p", *psession); } } @@ -1587,9 +1586,8 @@ ngx_http_lua_ssl_handshake_retval_handler(ngx_http_request_t *r, } else { *ud = ssl_session; - ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0, - "lua ssl save session: %p:%d", ssl_session, - ssl_session->references); + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, + "lua ssl save session: %p", ssl_session); /* set up the __gc metamethod */ lua_pushlightuserdata(L, &ngx_http_lua_ssl_session_metatable_key); @@ -5386,9 +5384,8 @@ ngx_http_lua_ssl_free_session(lua_State *L) psession = lua_touserdata(L, 1); if (psession && *psession != NULL) { - ngx_log_debug2(NGX_LOG_DEBUG_HTTP, ngx_cycle->log, 0, - "lua ssl free session: %p:%d", *psession, - (*psession)->references); + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, ngx_cycle->log, 0, + "lua ssl free session: %p", *psession); ngx_ssl_free_session(*psession); } diff --git a/src/ngx_http_lua_ssl_ocsp.c b/src/ngx_http_lua_ssl_ocsp.c index 31b4f24..9ec8b50 100644 --- a/src/ngx_http_lua_ssl_ocsp.c +++ b/src/ngx_http_lua_ssl_ocsp.c @@ -468,7 +468,11 @@ ngx_http_lua_ffi_ssl_set_ocsp_status_resp(ngx_http_request_t *r, return NGX_ERROR; } +#ifdef SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE + if (SSL_get_tlsext_status_type(ssl_conn) == -1) { +#else if (ssl_conn->tlsext_status_type == -1) { +#endif dd("no ocsp status req from client"); return NGX_DECLINED; } diff --git a/src/ngx_http_lua_ssl_session_fetchby.c b/src/ngx_http_lua_ssl_session_fetchby.c index 3a3c1f5..2c75f6a 100644 --- a/src/ngx_http_lua_ssl_session_fetchby.c +++ b/src/ngx_http_lua_ssl_session_fetchby.c @@ -171,8 +171,11 @@ ngx_http_lua_ssl_sess_fetch_by_lua(ngx_conf_t *cf, ngx_command_t *cmd, /* cached session fetching callback to be set with SSL_CTX_sess_set_get_cb */ ngx_ssl_session_t * -ngx_http_lua_ssl_sess_fetch_handler(ngx_ssl_conn_t *ssl_conn, u_char *id, - int len, int *copy) +ngx_http_lua_ssl_sess_fetch_handler(ngx_ssl_conn_t *ssl_conn, +#if OPENSSL_VERSION_NUMBER >= 0x10100003L + const +#endif + u_char *id, int len, int *copy) { lua_State *L; ngx_int_t rc; @@ -287,7 +290,7 @@ ngx_http_lua_ssl_sess_fetch_handler(ngx_ssl_conn_t *ssl_conn, u_char *id, cctx->exit_code = 1; /* successful by default */ cctx->connection = c; cctx->request = r; - cctx->session_id.data = id; + cctx->session_id.data = (u_char *) id; cctx->session_id.len = len; cctx->entered_sess_fetch_handler = 1; cctx->done = 0; diff --git a/src/ngx_http_lua_ssl_session_fetchby.h b/src/ngx_http_lua_ssl_session_fetchby.h index 5a6f96f..50c6616 100644 --- a/src/ngx_http_lua_ssl_session_fetchby.h +++ b/src/ngx_http_lua_ssl_session_fetchby.h @@ -25,7 +25,11 @@ char *ngx_http_lua_ssl_sess_fetch_by_lua_block(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); ngx_ssl_session_t *ngx_http_lua_ssl_sess_fetch_handler( - ngx_ssl_conn_t *ssl_conn, u_char *id, int len, int *copy); + ngx_ssl_conn_t *ssl_conn, +#if OPENSSL_VERSION_NUMBER >= 0x10100003L + const +#endif + u_char *id, int len, int *copy); #endif diff --git a/src/ngx_http_lua_ssl_session_storeby.c b/src/ngx_http_lua_ssl_session_storeby.c index f83e85d..ce832ea 100644 --- a/src/ngx_http_lua_ssl_session_storeby.c +++ b/src/ngx_http_lua_ssl_session_storeby.c @@ -172,6 +172,8 @@ int ngx_http_lua_ssl_sess_store_handler(ngx_ssl_conn_t *ssl_conn, ngx_ssl_session_t *sess) { + const u_char *sess_id; + unsigned int sess_id_len; lua_State *L; ngx_int_t rc; ngx_connection_t *c, *fc = NULL; @@ -247,11 +249,13 @@ ngx_http_lua_ssl_sess_store_handler(ngx_ssl_conn_t *ssl_conn, } } + sess_id = SSL_SESSION_get_id(sess, &sess_id_len); + cctx->connection = c; cctx->request = r; cctx->session = sess; - cctx->session_id.data = sess->session_id; - cctx->session_id.len = sess->session_id_length; + cctx->session_id.data = (u_char *) sess_id; + cctx->session_id.len = sess_id_len; cctx->done = 0; dd("setting cctx"); diff --git a/t/129-ssl-socket.t b/t/129-ssl-socket.t index e7447a7..aa9c208 100644 --- a/t/129-ssl-socket.t +++ b/t/129-ssl-socket.t @@ -108,10 +108,10 @@ sent http request: 59 bytes. received: HTTP/1.1 (?:200 OK|302 Found) close: 1 nil \z ---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ +--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ --- grep_error_log_out eval -qr/^lua ssl save session: ([0-9A-F]+):2 -lua ssl free session: ([0-9A-F]+):1 +qr/^lua ssl save session: ([0-9A-F]+) +lua ssl free session: ([0-9A-F]+) $/ --- no_error_log lua ssl server name: @@ -182,8 +182,11 @@ connected: 1 failed to do SSL handshake: handshake failed --- log_level: debug ---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ ---- grep_error_log_out +--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ +--- grep_error_log_out eval +qr/^lua ssl save session: ([0-9A-F]+) +lua ssl free session: ([0-9A-F]+) +$/ --- no_error_log lua ssl server name: SSL reused session @@ -255,10 +258,10 @@ received: HTTP/1.1 302 Moved Temporarily close: 1 nil --- log_level: debug ---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ +--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ --- grep_error_log_out eval -qr/^lua ssl save session: ([0-9A-F]+):2 -lua ssl free session: ([0-9A-F]+):1 +qr/^lua ssl save session: ([0-9A-F]+) +lua ssl free session: ([0-9A-F]+) $/ --- error_log lua ssl server name: "openresty.org" @@ -343,13 +346,13 @@ sent http request: 56 bytes. received: HTTP/1.1 200 OK close: 1 nil ---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ +--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ --- grep_error_log_out eval -qr/^lua ssl save session: ([0-9A-F]+):2 -lua ssl set session: \1:2 -lua ssl save session: \1:3 -lua ssl free session: \1:2 -lua ssl free session: \1:1 +qr/^lua ssl save session: ([0-9A-F]+) +lua ssl set session: \1 +lua ssl save session: \1 +lua ssl free session: \1 +lua ssl free session: \1 $/ --- error_log @@ -432,7 +435,7 @@ failed to send http request: closed \z --- log_level: debug ---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ +--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ --- grep_error_log_out --- error_log lua ssl server name: "blah.openresty.org" @@ -512,7 +515,7 @@ failed to send http request: closed \z --- log_level: debug ---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ +--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ --- grep_error_log_out --- error_log lua ssl server name: "blah.openresty.org" @@ -587,10 +590,10 @@ received: HTTP/1.1 404 Not Found close: 1 nil --- log_level: debug ---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ +--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ --- grep_error_log_out eval -qr/^lua ssl save session: ([0-9A-F]+):2 -lua ssl free session: ([0-9A-F]+):1 +qr/^lua ssl save session: ([0-9A-F]+) +lua ssl free session: ([0-9A-F]+) $/ --- error_log @@ -672,10 +675,10 @@ received: HTTP/1.1 302 Moved Temporarily close: 1 nil --- log_level: debug ---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ +--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]++/ --- grep_error_log_out eval -qr/^lua ssl save session: ([0-9A-F]+):2 -lua ssl free session: ([0-9A-F]+):1 +qr/^lua ssl save session: ([0-9A-F]+) +lua ssl free session: ([0-9A-F]+) $/ --- error_log @@ -754,7 +757,7 @@ failed to do SSL handshake: 20: unable to get local issuer certificate failed to send http request: closed --- log_level: debug ---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ +--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ --- grep_error_log_out --- error_log lua ssl server name: "openresty.org" @@ -833,7 +836,7 @@ failed to do SSL handshake: 20: unable to get local issuer certificate failed to send http request: closed --- log_level: debug ---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ +--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ --- grep_error_log_out --- error_log lua ssl server name: "openresty.org" @@ -923,10 +926,10 @@ sent http request: 59 bytes. received: HTTP/1.1 (?:200 OK|302 Found) close: 1 nil \z ---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ +--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ --- grep_error_log_out eval -qr/^lua ssl save session: ([0-9A-F]+):2 -lua ssl free session: ([0-9A-F]+):1 +qr/^lua ssl save session: ([0-9A-F]+) +lua ssl free session: ([0-9A-F]+) $/ --- error_log lua ssl server name: "www.google.com" @@ -1013,7 +1016,7 @@ GET /t connected: 1 failed to do SSL handshake: 20: unable to get local issuer certificate ---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ +--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ --- grep_error_log_out --- error_log lua ssl server name: "www.google.com" @@ -1095,10 +1098,10 @@ received: HTTP/1.1 302 Moved Temporarily close: 1 nil --- log_level: debug ---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ +--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ --- grep_error_log_out eval -qr/^lua ssl save session: ([0-9A-F]+):2 -lua ssl free session: ([0-9A-F]+):1 +qr/^lua ssl save session: ([0-9A-F]+) +lua ssl free session: ([0-9A-F]+) $/ --- error_log @@ -1174,10 +1177,10 @@ received: HTTP/1.1 302 Moved Temporarily close: 1 nil --- log_level: debug ---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ +--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ --- grep_error_log_out eval -qr/^lua ssl save session: ([0-9A-F]+):2 -lua ssl free session: ([0-9A-F]+):1 +qr/^lua ssl save session: ([0-9A-F]+) +lua ssl free session: ([0-9A-F]+) $/ --- error_log lua ssl server name: "openresty.org" @@ -1254,14 +1257,14 @@ received: HTTP/1.1 302 Moved Temporarily close: 1 nil --- log_level: debug ---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ +--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ --- grep_error_log_out eval -qr/^lua ssl save session: ([0-9A-F]+):2 -lua ssl free session: ([0-9A-F]+):1 +qr/^lua ssl save session: ([0-9A-F]+) +lua ssl free session: ([0-9A-F]+) $/ --- error_log lua ssl server name: "openresty.org" -SSL: TLSv1.2, cipher: "ECDHE-RSA-AES256-SHA SSLv3 +SSL: TLSv1.2, cipher: "ECDHE-RSA-AES256-SHA --- no_error_log SSL reused session [error] @@ -1334,14 +1337,14 @@ received: HTTP/1.1 302 Moved Temporarily close: 1 nil --- log_level: debug ---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ +--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ --- grep_error_log_out eval -qr/^lua ssl save session: ([0-9A-F]+):2 -lua ssl free session: ([0-9A-F]+):1 +qr/^lua ssl save session: ([0-9A-F]+) +lua ssl free session: ([0-9A-F]+) $/ --- error_log lua ssl server name: "openresty.org" -SSL: TLSv1, cipher: "ECDHE-RSA-AES128-SHA SSLv3 +SSL: TLSv1, cipher: "ECDHE-RSA-AES256-SHA --- no_error_log SSL reused session [error] @@ -1412,7 +1415,7 @@ failed to do SSL handshake: handshake failed failed to send http request: closed --- log_level: debug ---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ +--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ --- grep_error_log_out --- error_log eval [ @@ -1488,10 +1491,10 @@ ssl handshake: userdata set keepalive: 1 nil --- log_level: debug ---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ +--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ --- grep_error_log_out eval -qr/^lua ssl save session: ([0-9A-F]+):2 -lua ssl free session: \1:2 +qr/^lua ssl save session: ([0-9A-F]+) +lua ssl free session: \1 $/ --- error_log @@ -1564,14 +1567,14 @@ ssl handshake: userdata set keepalive: 1 nil --- log_level: debug ---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ +--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ --- grep_error_log_out eval -qr/^lua ssl save session: ([0-9A-F]+):2 -lua ssl save session: \1:3 -lua ssl save session: \1:4 -lua ssl free session: \1:4 -lua ssl free session: \1:3 -lua ssl free session: \1:2 +qr/^lua ssl save session: ([0-9A-F]+) +lua ssl save session: \1 +lua ssl save session: \1 +lua ssl free session: \1 +lua ssl free session: \1 +lua ssl free session: \1 $/ --- error_log @@ -1615,7 +1618,7 @@ hello world --- response_body_like: 500 Internal Server Error --- error_code: 500 --- log_level: debug ---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ +--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ --- grep_error_log_out --- error_log attempt to call method 'sslhandshake' (a nil value) @@ -1704,7 +1707,7 @@ received: Server: nginx received: Content-Type: text/plain received: Content-Length: 4 received: Connection: close -received: +received: received: foo close: 1 nil @@ -1714,10 +1717,10 @@ $::TestCertificateKey >>> test.crt $::TestCertificate" ---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ +--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ --- grep_error_log_out eval -qr/^lua ssl save session: ([0-9A-F]+):2 -lua ssl free session: ([0-9A-F]+):1 +qr/^lua ssl save session: ([0-9A-F]+) +lua ssl free session: ([0-9A-F]+) $/ --- no_error_log lua ssl server name: @@ -1809,7 +1812,7 @@ received: Server: nginx received: Content-Type: text/plain received: Content-Length: 4 received: Connection: close -received: +received: received: foo close: 1 nil @@ -1819,10 +1822,10 @@ $::TestCertificateKey >>> test.crt $::TestCertificate" ---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ +--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ --- grep_error_log_out eval -qr/^lua ssl save session: ([0-9A-F]+):2 -lua ssl free session: ([0-9A-F]+):1 +qr/^lua ssl save session: ([0-9A-F]+) +lua ssl free session: ([0-9A-F]+) $/ --- error_log lua ssl server name: "test.com" @@ -1912,7 +1915,7 @@ failed to do SSL handshake: handshake failed ">>> test.crt $::TestCertificate" ---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ +--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ --- grep_error_log_out --- error_log eval qr/SSL_do_handshake\(\) failed .*?unknown protocol/ @@ -2011,7 +2014,7 @@ $::TestCertificate >>> test.crl $::TestCRL" ---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ +--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ --- grep_error_log_out --- error_log lua ssl server name: "test.com" @@ -2090,12 +2093,12 @@ received: HTTP/1.1 302 Moved Temporarily close: 1 nil --- log_level: debug ---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ +--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ --- grep_error_log_out eval -qr/^lua ssl save session: ([0-9A-F]+):2 -lua ssl save session: ([0-9A-F]+):3 -lua ssl free session: ([0-9A-F]+):2 -lua ssl free session: ([0-9A-F]+):1 +qr/^lua ssl save session: ([0-9A-F]+) +lua ssl save session: ([0-9A-F]+) +lua ssl free session: ([0-9A-F]+) +lua ssl free session: ([0-9A-F]+) $/ --- error_log lua ssl server name: "openresty.org" @@ -2149,7 +2152,7 @@ connected: 1 failed to do SSL handshake: timeout --- log_level: debug ---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ +--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ --- grep_error_log_out --- error_log lua ssl server name: "openresty.org" @@ -2221,7 +2224,7 @@ $::TestCertificateKey >>> test.crt $::TestCertificate" ---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ +--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ --- grep_error_log_out --- no_error_log lua ssl server name: @@ -2292,10 +2295,10 @@ $::TestCertificateKey >>> test.crt $::TestCertificate" ---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ +--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ --- grep_error_log_out eval -qr/^lua ssl save session: ([0-9A-F]+):2 -lua ssl free session: ([0-9A-F]+):1 +qr/^lua ssl save session: ([0-9A-F]+) +lua ssl free session: ([0-9A-F]+) $/ --- no_error_log lua ssl server name: @@ -2372,7 +2375,7 @@ $::TestCertificateKey >>> test.crt $::TestCertificate" ---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ +--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ --- grep_error_log_out --- no_error_log lua ssl server name: @@ -2464,7 +2467,7 @@ received: Server: nginx received: Content-Type: text/plain received: Content-Length: 4 received: Connection: close -received: +received: received: foo close: 1 nil @@ -2474,10 +2477,10 @@ $::TestCertificateKey >>> test.crt $::TestCertificate" ---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ +--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ --- grep_error_log_out eval -qr/^lua ssl save session: ([0-9A-F]+):2 -lua ssl free session: ([0-9A-F]+):1 +qr/^lua ssl save session: ([0-9A-F]+) +lua ssl free session: ([0-9A-F]+) $/ --- error_log --- no_error_log @@ -2570,7 +2573,7 @@ $::TestCertificateKey >>> test.crt $::TestCertificate" ---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ +--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ --- grep_error_log_out --- error_log lua ssl certificate verify error: (18: self signed certificate) diff --git a/t/142-ssl-session-store.t b/t/142-ssl-session-store.t index 825d016..cc3a664 100644 --- a/t/142-ssl-session-store.t +++ b/t/142-ssl-session-store.t @@ -32,7 +32,7 @@ __DATA__ server_name test.com; ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; - ssl_protocols SSLv3; + ssl_session_tickets off; server_tokens off; } @@ -107,7 +107,7 @@ ssl_session_store_by_lua_block:1: ssl session store by lua is running!, server_name test.com; ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; - ssl_protocols SSLv3; + ssl_session_tickets off; server_tokens off; } @@ -182,7 +182,7 @@ API disabled in the context of ssl_session_store_by_lua* server_name test.com; ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; - ssl_protocols SSLv3; + ssl_session_tickets off; server_tokens off; } @@ -272,9 +272,9 @@ my timer run! listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl; server_name test.com; - ssl_protocols SSLv3; ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; + ssl_session_tickets off; server_tokens off; } @@ -340,9 +340,9 @@ API disabled in the context of ssl_session_store_by_lua* server { listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl; server_name test.com; - ssl_protocols SSLv3; ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; + ssl_session_tickets off; server_tokens off; } @@ -412,9 +412,9 @@ ngx.exit does not yield and the error code is eaten. server { listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl; server_name test.com; - ssl_protocols SSLv3; ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; + ssl_session_tickets off; server_tokens off; } @@ -485,9 +485,9 @@ ssl_session_store_by_lua*: handler return value: 0, sess new cb exit code: 0 server { listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl; server_name test.com; - ssl_protocols SSLv3; ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; + ssl_session_tickets off; server_tokens off; } @@ -553,9 +553,9 @@ should never reached here server { listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl; server_name test.com; - ssl_protocols SSLv3; ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; + ssl_session_tickets off; server_tokens off; } @@ -626,7 +626,7 @@ get_phase: ssl_session_store } ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; - ssl_protocols SSLv3; + ssl_session_tickets off; server_tokens off; } @@ -695,7 +695,7 @@ qr/elapsed in ssl cert by lua: 0.(?:09|1[01])\d+,/, server_name test.com; ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; - ssl_protocols SSLv3; + ssl_session_tickets off; server_tokens off; } @@ -765,7 +765,6 @@ a.lua:1: ssl store session by lua is running! ssl_session_store_by_lua_block { print("handler in test.com") } - ssl_protocols SSLv3; ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; @@ -775,7 +774,6 @@ a.lua:1: ssl store session by lua is running! server { listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl; server_name test.com; - ssl_protocols SSLv3; ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; @@ -841,7 +839,7 @@ qr/\[emerg\] .*? "ssl_session_store_by_lua_block" directive is not allowed here server_name test.com; ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; - ssl_protocols SSLv3; + ssl_session_tickets off; server_tokens off; } diff --git a/t/143-ssl-session-fetch.t b/t/143-ssl-session-fetch.t index 7be180f..4dc992d 100644 --- a/t/143-ssl-session-fetch.t +++ b/t/143-ssl-session-fetch.t @@ -33,7 +33,7 @@ __DATA__ server_name test.com; ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; - ssl_protocols SSLv3; + ssl_session_tickets off; server_tokens off; } @@ -119,7 +119,7 @@ ssl_session_fetch_by_lua_block:1: ssl fetch sess by lua is running!, server_name test.com; ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; - ssl_protocols SSLv3; + ssl_session_tickets off; server_tokens off; } @@ -203,7 +203,7 @@ qr/elapsed in ssl fetch session by lua: 0.(?:09|1[01])\d+,/, server_name test.com; ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; - ssl_protocols SSLv3; + ssl_session_tickets off; server_tokens off; } @@ -302,9 +302,9 @@ qr/my timer run!/s server { listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl; server_name test.com; - ssl_protocols SSLv3; ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; + ssl_session_tickets off; server_tokens off; } @@ -382,9 +382,9 @@ qr/received memc reply: OK/s server { listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl; server_name test.com; - ssl_protocols SSLv3; ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; + ssl_session_tickets off; server_tokens off; } @@ -463,9 +463,9 @@ should never reached here server { listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl; server_name test.com; - ssl_protocols SSLv3; ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; + ssl_session_tickets off; server_tokens off; } @@ -545,9 +545,9 @@ should never reached here server { listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl; server_name test.com; - ssl_protocols SSLv3; ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; + ssl_session_tickets off; server_tokens off; } @@ -626,9 +626,9 @@ should never reached here server { listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl; server_name test.com; - ssl_protocols SSLv3; ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; + ssl_session_tickets off; server_tokens off; } @@ -709,9 +709,9 @@ should never reached here server { listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl; server_name test.com; - ssl_protocols SSLv3; ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; + ssl_session_tickets off; server_tokens off; } @@ -792,7 +792,7 @@ should never reached here server_name test.com; ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; - ssl_protocols SSLv3; + ssl_session_tickets off; server_tokens off; } @@ -877,7 +877,7 @@ qr/get_phase: ssl_session_fetch/s } ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; - ssl_protocols SSLv3; + ssl_session_tickets off; server_tokens off; } @@ -961,7 +961,7 @@ ssl store session by lua is running! server_name test.com; ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; - ssl_protocols SSLv3; + ssl_session_tickets off; server_tokens off; } @@ -1041,7 +1041,7 @@ qr/\S+:\d+: ssl fetch sess by lua is running!/s server_name test.com; ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; - ssl_protocols SSLv3; + ssl_session_tickets off; server_tokens off; }