From: Eric Wong Date: Thu, 3 Apr 2025 08:46:19 +0000 (+0000) Subject: t/httpd-https: test SSL session reuse X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fbf66f6f4196a118369aff2cd15542683d19523c;p=thirdparty%2Fpublic-inbox.git t/httpd-https: test SSL session reuse Reusing SSL sessions is one avenue to improve performance on high-latency networks. For now, we can support the built-in session cache of OpenSSL. For multi-process setups, using using Cache::FastMmap will likely be the way to go... --- diff --git a/t/httpd-corner.psgi b/t/httpd-corner.psgi index f4c8c51f1..0dd840a01 100644 --- a/t/httpd-corner.psgi +++ b/t/httpd-corner.psgi @@ -80,6 +80,10 @@ my $app = sub { } elsif ($path eq '/host-port') { $code = 200; push @$body, "$env->{REMOTE_ADDR} $env->{REMOTE_PORT}"; + } elsif ($path eq '/session_reused') { + my $http = $env->{'psgix.io'}; # PublicInbox::HTTP + $body = [ $http->{sock}->get_session_reused ? "y\n" : "n\n" ]; + $code = 200; } elsif ($path eq '/callback') { return sub { my ($res) = @_; diff --git a/t/httpd-https.t b/t/httpd-https.t index 46a2c8644..3fdb850f1 100644 --- a/t/httpd-https.t +++ b/t/httpd-https.t @@ -123,9 +123,26 @@ for my $args ( $d = tcp_connect($https); $o{SSL_hostname} = $o{SSL_verifycn_name} = 'server2.local'; + my $ctx = IO::Socket::SSL::SSL_Context->new(%o, + SSL_session_cache_size => 128); + $o{SSL_reuse_ctx} = $ctx; is(IO::Socket::SSL->start_SSL($d, %o), $d, 'new hostname to match cert works after HUP'); + ok !$d->get_session_reused, 'initial client session not reused'; $check_url_scheme->($d, __LINE__); + $d->stop_SSL; + + $d = tcp_connect($https); + IO::Socket::SSL->start_SSL($d, %o) or xbail "reconnect: $!"; + print $d "GET /session_reused HTTP/1.1\r\nHost: example.com\r\n\r\n" + or xbail "print $!"; + ok $d->get_session_reused, 'client session reused'; + my $hdr = do { local $/ = "\r\n\r\n"; <$d> }; + like $hdr , qr!\AHTTP/1\.1 200!, 'session_reused request'; + chomp(my $bool = <$d>); + is $bool, 'y', 'server session reused'; + + # TODO: session tickets and TLS-PSK # existing connection w/ old cert still works: $check_url_scheme->($c, __LINE__);