diff options
| author | Kevin Lin <developer@kevinlin.info> | 2020-02-19 20:59:24 -0800 |
|---|---|---|
| committer | dormando <dormando@rydia.net> | 2020-03-27 11:21:33 -0700 |
| commit | 4e79f166fc15583cae443d9ae09a1e673601fb7e (patch) | |
| tree | 22af2a3afad3501b1e75ee7aedfecd2b9f1d35f0 /t | |
| parent | f249724cedcab6605ca8a0769ac4b356a8124f63 (diff) | |
| download | memcached-4e79f166fc15583cae443d9ae09a1e673601fb7e.tar.gz | |
Add: `-o ssl_session_cache`, disabled by default
Enables server-side TLS session caching.
Diffstat (limited to 't')
| -rw-r--r-- | t/lib/MemcachedTest.pm | 4 | ||||
| -rw-r--r-- | t/ssl_session_resumption.t | 59 | ||||
| -rw-r--r-- | t/ssl_settings.t | 1 |
3 files changed, 64 insertions, 0 deletions
diff --git a/t/lib/MemcachedTest.pm b/t/lib/MemcachedTest.pm index c69a12a..dce3c12 100644 --- a/t/lib/MemcachedTest.pm +++ b/t/lib/MemcachedTest.pm @@ -384,8 +384,12 @@ sub new_sock { if ($self->{domainsocket}) { return IO::Socket::UNIX->new(Peer => $self->{domainsocket}); } elsif (MemcachedTest::enabled_tls_testing()) { + my $ssl_session_cache = shift; + my $ssl_version = shift; return eval qq{ IO::Socket::SSL->new(PeerAddr => "$self->{host}:$self->{port}", SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE, + SSL_session_cache => \$ssl_session_cache, + SSL_version => '$ssl_version', SSL_cert_file => '$client_crt', SSL_key_file => '$client_key'); }; diff --git a/t/ssl_session_resumption.t b/t/ssl_session_resumption.t new file mode 100644 index 0000000..d2245c8 --- /dev/null +++ b/t/ssl_session_resumption.t @@ -0,0 +1,59 @@ +#!/usr/bin/perl + +use warnings; +use Test::More; +use FindBin qw($Bin); +use lib "$Bin/lib"; +use MemcachedTest; + +if (!enabled_tls_testing()) { + plan skip_all => 'SSL testing is not enabled'; + exit 0; +} + +my $server; +my $sock; +my $stats; + +my $session_cache = eval qq{ IO::Socket::SSL::Session_Cache->new(1); }; + +### Disabled SSL session cache + +$server = new_memcached(); +$stats = mem_stats($server->sock); +is($stats->{ssl_new_sessions}, undef, + "new SSL sessions not recorded when session cache is disabled"); +my $disabled_initial_total_conns = $stats->{total_connections}; + +$sock = $server->new_sock($session_cache, 'TLSv1_2'); +$stats = mem_stats($sock); +cmp_ok($stats->{total_connections}, '>', $disabled_initial_total_conns, + "client-side session cache is noop in establishing a new connection"); +is($sock->get_session_reused(), 0, "client-side session cache is unused"); + +### Enabled SSL session cache + +$server = new_memcached("-o ssl_session_cache"); +# Support for session caching in IO::Socket::SSL for TLS v1.3 is incomplete. +# Here, we will deliberately force TLS v1.2 to test session caching. +$sock = $server->new_sock($session_cache, 'TLSv1_2'); +$stats = mem_stats($sock); +cmp_ok($stats->{total_connections}, '>', 0, "initial connection is established"); +SKIP: { + skip "sessions counter accuracy requires OpenSSL 1.1.1 or newer", 1; + cmp_ok($stats->{ssl_new_sessions}, '>', 0, "successful new SSL session"); +} +my $enabled_initial_ssl_sessions = $stats->{ssl_new_sessions}; +my $enabled_initial_total_conns = $stats->{total_connections}; + +# Create a new client with the same session cache +$sock = $server->new_sock($session_cache, 'TLSv1_2'); +$stats = mem_stats($sock); +cmp_ok($stats->{total_connections}, '>', $enabled_initial_total_conns, + "new connection is established"); +is($stats->{ssl_new_sessions}, $enabled_initial_ssl_sessions, + "no new SSL sessions are created on the server"); +is($sock->get_session_reused(), 1, + "client-persisted session is reused"); + +done_testing(); diff --git a/t/ssl_settings.t b/t/ssl_settings.t index 57f9668..c4d5b33 100644 --- a/t/ssl_settings.t +++ b/t/ssl_settings.t @@ -20,6 +20,7 @@ my $cert = getcwd ."/t/". MemcachedTest::SRV_CRT; my $key = getcwd ."/t/". MemcachedTest::SRV_KEY; is($settings->{'ssl_enabled'}, 'yes'); +is($settings->{'ssl_session_cache'}, 'no'); is($settings->{'ssl_chain_cert'}, $cert); is($settings->{'ssl_key'}, $key); is($settings->{'ssl_verify_mode'}, 0); |