diff options
| -rw-r--r-- | test/openssl/test_ssl_session.rb | 24 |
1 files changed, 16 insertions, 8 deletions
diff --git a/test/openssl/test_ssl_session.rb b/test/openssl/test_ssl_session.rb index d1ef9cd3db..f453f58657 100644 --- a/test/openssl/test_ssl_session.rb +++ b/test/openssl/test_ssl_session.rb @@ -30,9 +30,10 @@ class OpenSSL::TestSSLSession < OpenSSL::SSLTestCase end end + # PEM file updated to use TLS 1.2 with ECDHE-RSA-AES256-SHA. DUMMY_SESSION = <<__EOS__ -----BEGIN SSL SESSION PARAMETERS----- -MIIDzQIBAQICAwEEAgA5BCAF219w9ZEV8dNA60cpEGOI34hJtIFbf3bkfzSgMyad +MIIDzQIBAQICAwMEAsAUBCAF219w9ZEV8dNA60cpEGOI34hJtIFbf3bkfzSgMyad MQQwyGLbkCxE4OiMLdKKem+pyh8V7ifoP7tCxhdmwoDlJxI1v6nVCjai+FGYuncy NNSWoQYCBE4DDWuiAwIBCqOCAo4wggKKMIIBcqADAgECAgECMA0GCSqGSIb3DQEB BQUAMD0xEzARBgoJkiaJk/IsZAEZFgNvcmcxGTAXBgoJkiaJk/IsZAEZFglydWJ5 @@ -56,9 +57,10 @@ j+RBGfCFrrQbBdnkFI/ztgM= -----END SSL SESSION PARAMETERS----- __EOS__ + # PEM file updated to use TLS 1.1 with ECDHE-RSA-AES256-SHA. DUMMY_SESSION_NO_EXT = <<-__EOS__ -----BEGIN SSL SESSION PARAMETERS----- -MIIDCAIBAQICAwAEAgA5BCDyAW7rcpzMjDSosH+Tv6sukymeqgq3xQVVMez628A+ +MIIDCAIBAQICAwIEAsAUBCDyAW7rcpzMjDSosH+Tv6sukymeqgq3xQVVMez628A+ lAQw9TrKzrIqlHEh6ltuQaqv/Aq83AmaAlogYktZgXAjOGnhX7ifJDNLMuCfQq53 hPAaoQYCBE4iDeeiBAICASyjggKOMIICijCCAXKgAwIBAgIBAjANBgkqhkiG9w0B AQUFADA9MRMwEQYKCZImiZPyLGQBGRYDb3JnMRkwFwYKCZImiZPyLGQBGRYJcnVi @@ -122,7 +124,8 @@ __EOS__ ctx.options &= ~OpenSSL::SSL::OP_NO_TICKET # Disable server-side session cache which is enabled by default ctx.session_cache_mode = OpenSSL::SSL::SSLContext::SESSION_CACHE_OFF - ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION if libressl? + # Session tickets must be retrieved via ctx.session_new_cb in TLS 1.3 in AWS-LC. + ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION if libressl? || aws_lc? } start_server(ctx_proc: ctx_proc) do |port| sess1 = server_connect_with_session(port, nil, nil) { |ssl| @@ -239,20 +242,25 @@ __EOS__ end server_connect_with_session(port, ctx, nil) { |ssl| - assert_equal(1, ctx.session_cache_stats[:cache_num]) assert_equal(1, ctx.session_cache_stats[:connect_good]) assert_equal([ssl, ssl.session], called[:new]) - assert_equal(true, ctx.session_remove(ssl.session)) - assert_equal(false, ctx.session_remove(ssl.session)) - if TEST_SESSION_REMOVE_CB - assert_equal([ctx, ssl.session], called[:remove]) + # AWS-LC doesn't support internal session caching on the client, but + # the callback is still enabled as expected. + unless aws_lc? + assert_equal(1, ctx.session_cache_stats[:cache_num]) + assert_equal(true, ctx.session_remove(ssl.session)) + if TEST_SESSION_REMOVE_CB + assert_equal([ctx, ssl.session], called[:remove]) + end end + assert_equal(false, ctx.session_remove(ssl.session)) } end end def test_ctx_client_session_cb_tls13 omit "LibreSSL does not call session_new_cb in TLS 1.3" if libressl? + omit "AWS-LC does not support internal session caching on the client" if aws_lc? start_server do |port| called = {} |