From 2496ff21f97105fddb6afc40aca2660b8bb97600 Mon Sep 17 00:00:00 2001 From: lijunlong Date: Wed, 19 Feb 2025 23:21:32 +0800 Subject: [PATCH 1/3] tests: add tests for https://www.cve.org/CVERecord?id=CVE-2025-23419. --- t/129-ssl-socket.t | 246 ++++++++++++++++++++++++++++++++++++++++++++ t/cert/test.crl | 21 ++-- t/cert/test.crt | 35 ++++--- t/cert/test.key | 43 +++++--- t/cert/test_der.crt | Bin 685 -> 955 bytes t/cert/test_der.key | Bin 636 -> 1216 bytes 6 files changed, 306 insertions(+), 39 deletions(-) diff --git a/t/129-ssl-socket.t b/t/129-ssl-socket.t index 86fbb430..2746c83c 100644 --- a/t/129-ssl-socket.t +++ b/t/129-ssl-socket.t @@ -2764,3 +2764,249 @@ SSL reused session [alert] [emerg] --- timeout: 10 + + + +=== TEST 35: ssl session/ticket reuse CVE +https://www.cve.org/CVERecord?id=CVE-2025-23419 +--- stream_config + server { + listen $TEST_NGINX_SERVER_SSL_PORT ssl reuseport default_server; + ssl_certificate ../../cert/test.crt; + ssl_certificate_key ../../cert/test.key; + ssl_session_cache builtin:1000; + ssl_session_tickets off; + ssl_client_certificate ../../cert/test.crt; + ssl_verify_client on; + server_name test.com; + + ssl_client_hello_by_lua_block { + local ssl_clt = require "ngx.ssl.clienthello" + local host, err = ssl_clt.get_client_hello_server_name() + ngx.log(ngx.INFO, "ssl client hello:", host) + } + + content_by_lua_block { + local sock = assert(ngx.req.socket(true)) + local data = sock:receive() + if data == "ping" then + sock:send("test.com\n") + else + ngx.log(ngx.ERR, "unexpect data: ", data) + end + } + } + + server { + listen $TEST_NGINX_SERVER_SSL_PORT ssl; + ssl_certificate ../../cert/test2.crt; + ssl_certificate_key ../../cert/test2.key; + ssl_session_cache builtin:1000; + ssl_session_tickets off; + ssl_client_certificate ../../cert/test.crt; + ssl_verify_client on; + server_name test2.com; + + ssl_client_hello_by_lua_block { + local ssl_clt = require "ngx.ssl.clienthello" + local host, err = ssl_clt.get_client_hello_server_name() + ngx.log(ngx.ERR, "ssl client hello:", host) + } + + content_by_lua_block { + local sock = assert(ngx.req.socket(true)) + local data = sock:receive() + if data == "ping" then + sock:send("test2.com\n") + else + ngx.log(ngx.ERR, "unexpect data: ", data) + end + } + } +--- stream_server_config + resolver $TEST_NGINX_RESOLVER ipv6=off; + lua_ssl_protocols TLSv1.2; + lua_ssl_certificate ../../cert/test.crt; + lua_ssl_certificate_key ../../cert/test.key; + lua_ssl_trusted_certificate ../../cert/test.crt; + + content_by_lua_block { + do + local session + for i = 1, 2 do + local sock = ngx.socket.tcp() + sock:settimeout(2000) + local ok, err = sock:connect("127.0.0.1", $TEST_NGINX_SERVER_SSL_PORT) + if not ok then + ngx.say("failed to connect: ", err) + return + end + + ngx.say("connected: ", ok) + + local server_name = "test.com" + if i == 2 then + server_name = "test2.com" + end + + session, err = sock:sslhandshake(session, server_name) + if not session then + ngx.say("failed to do SSL handshake: ", err) + return + end + + ngx.say("ssl handshake: ", type(session)) + + local bytes, err = sock:send("ping\n") + if not bytes then + ngx.say("failed to send stream request: ", err) + return + end + + ngx.say("sent stream request: ", bytes, " bytes.") + + local line, err = sock:receive() + if not line then + ngx.say("failed to recieve response status line: ", err) + return + end + + ngx.say("received: ", line) + + local ok, err = sock:close() + ngx.say("close: ", ok, " ", err) + end + + end -- do + collectgarbage() + } + +--- stream_response +connected: 1 +ssl handshake: userdata +sent stream request: 5 bytes. +received: test.com +close: 1 nil +connected: 1 +ssl handshake: userdata +sent stream request: 5 bytes. +received: test.com +close: 1 nil +--- error_log +SSL reused session +lua ssl free session +--- log_level: debug +--- no_error_log +[error] +[alert] +[crit] +--- timeout: 5 + + + +=== TEST 36: ssl session/ticket reuse CVE +https://www.cve.org/CVERecord?id=CVE-2025-23419 +--- main_config +env PATH; +--- stream_config + server { + listen $TEST_NGINX_SERVER_SSL_PORT ssl reuseport default_server; + ssl_certificate ../../cert/test.crt; + ssl_certificate_key ../../cert/test.key; + ssl_session_cache builtin:1000; + ssl_session_tickets on; + ssl_client_certificate ../../cert/test.crt; + ssl_verify_client on; + server_name test.com; + + ssl_client_hello_by_lua_block { + local ssl_clt = require "ngx.ssl.clienthello" + local host, err = ssl_clt.get_client_hello_server_name() + ngx.log(ngx.INFO, "ssl client hello:", host) + } + + content_by_lua_block { + local sock = assert(ngx.req.socket(true)) + local data = sock:receive() + if data == "ping" then + sock:send("test.com\n") + else + ngx.log(ngx.ERR, "unexpect data: ", data) + end + } + } + + server { + listen $TEST_NGINX_SERVER_SSL_PORT ssl; + ssl_certificate ../../cert/test2.crt; + ssl_certificate_key ../../cert/test2.key; + ssl_session_cache builtin:1000; + ssl_session_tickets on; + ssl_client_certificate ../../cert/test.crt; + ssl_verify_client on; + server_name test2.com; + + ssl_client_hello_by_lua_block { + local ssl_clt = require "ngx.ssl.clienthello" + local host, err = ssl_clt.get_client_hello_server_name() + ngx.log(ngx.ERR, "ssl client hello:", host) + } + + content_by_lua_block { + local sock = assert(ngx.req.socket(true)) + local data = sock:receive() + if data == "ping" then + sock:send("test2.com\n") + else + ngx.log(ngx.ERR, "unexpect data: ", data) + end + } + } +--- stream_server_config + resolver $TEST_NGINX_RESOLVER ipv6=off; + lua_ssl_protocols TLSv1.3; + lua_ssl_certificate ../../cert/test.crt; + lua_ssl_certificate_key ../../cert/test.key; + lua_ssl_trusted_certificate ../../cert/test.crt; + + content_by_lua_block { + do + -- openssl s_client -cert client_cert.pem -key client_key.pem -servername openresty.org -connect openresty.org:443 -sess_out sess.pem + -- ("127.0.0.1", $TEST_NGINX_SERVER_SSL_PORT) + -- server_name = "test.com" + -- server_name = "test2.com" + local prefix = ngx.config.prefix() + + local cmd = [[bash -c "{ sleep 0.3; echo ping; } | /usr/bin/openssl s_client -cert %s/../cert/test.crt -key %s/../cert/test.key -servername test.com -connect 127.0.0.1:$TEST_NGINX_SERVER_SSL_PORT -sess_out sess.pem"]] + cmd = string.format(cmd, prefix, prefix) + local handle, err = io.popen(cmd) + if not handle then + ngx.say(err) + end + + ngx.sleep(0.2) + local cmd = [[/usr/bin/openssl s_client -cert %s/../cert/test.crt -key %s/../cert/test.key -servername test2.com -connect 127.0.0.1:$TEST_NGINX_SERVER_SSL_PORT -sess_in sess.pem]] + cmd = string.format(cmd, prefix, prefix) + local handle, err = io.popen(cmd) + if not handle then + ngx.say(err) + end + ngx.sleep(0.2) + + ngx.say("hi") + end -- do + collectgarbage() + } + +--- stream_response +hi +--- error_log +tlsv1 alert access denied +handshake rejected while SSL handshaking + +--- log_level: debug +--- no_error_log +[error] +[alert] +[crit] +--- timeout: 5 diff --git a/t/cert/test.crl b/t/cert/test.crl index 098fd54b..0abfa77a 100644 --- a/t/cert/test.crl +++ b/t/cert/test.crl @@ -1,11 +1,14 @@ -----BEGIN X509 CRL----- -MIIBjzCB+QIBATANBgkqhkiG9w0BAQUFADCBlzELMAkGA1UEBhMCVVMxEzARBgNV -BAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEjAQBgNVBAoM -CU9wZW5SZXN0eTESMBAGA1UECwwJT3BlblJlc3R5MREwDwYDVQQDDAh0ZXN0LmNv -bTEgMB4GCSqGSIb3DQEJARYRYWdlbnR6aEBnbWFpbC5jb20XDTE0MDcyMTIxNDEy -MloXDTE0MDgyMDIxNDEyMlowHDAaAgkApQ5tVpK3luIXDTE0MDcyMTIxNDEwMlqg -DzANMAsGA1UdFAQEAgIQATANBgkqhkiG9w0BAQUFAAOBgQBDZ6UY0Qg7qDoLrXXl -gJElFilZ7LiKPqjE3+Rfx7XkgdbPxjGCr77TfMm+smdvawk7WHv1AOvRH7kGrgGT -kGJZwqJ4vKa/NpEWJIMAZ1Gq9BIH/Ig6ffmPk+S9ozcVHKJDW7x4nMuotyj1hILN -EePv78DZCYMZgf8WwMElNgz6Hw== +MIICGzCCAQMCAQEwDQYJKoZIhvcNAQELBQAwgZcxCzAJBgNVBAYTAlVTMRMwEQYD +VQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMRIwEAYDVQQK +DAlPcGVuUmVzdHkxEjAQBgNVBAsMCU9wZW5SZXN0eTERMA8GA1UEAwwIdGVzdC5j +b20xIDAeBgkqhkiG9w0BCQEWEWFnZW50emhAZ21haWwuY29tFw0yMzEwMDYwNjM4 +MzlaFw0zMTEyMjMwNjM4MzlaMCcwJQIUImcuJ8MJpeNhvYBEoEGGz5oCBg4XDTIz +MTAwNjA2MjkyNVqgDjAMMAoGA1UdFAQDAgEEMA0GCSqGSIb3DQEBCwUAA4IBAQBj +FciorrAuXxn1ULW0XJ7PElwTxZtBrb838EHYvkZ5OdT5tZcucYR6XTZpfT1Up/Px +rC9EZ1/aZ0wSQfYEQuctafyVCJoPN71IV9IWpPTWm8JyEvnE1W3SgHJujItanyZ3 +aMDihljxV9eKyEQnZPQZkaOjAKhj8d2/XZLQ3uIrjWy+/OxcaBQK4a8bDoSM3GZT +J6YCD2UBVYKSiROMZZAj3m1thLAGm1RM7A6vjEcH7rPyoxhok5SdxXH5ERY94/ro +McjNCv6zV8/Ue5/+ajz5pu/48T901mlIicHry8uImJvlnqAXlH8ReJ+hiSfGhbZ5 +WYNf0wN81NXwTxPIb+v2 -----END X509 CRL----- diff --git a/t/cert/test.crt b/t/cert/test.crt index a69a0114..9fed1bc3 100644 --- a/t/cert/test.crt +++ b/t/cert/test.crt @@ -1,17 +1,22 @@ -----BEGIN CERTIFICATE----- -MIICqTCCAhICCQClDm1WkreW4jANBgkqhkiG9w0BAQUFADCBlzELMAkGA1UEBhMC -VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28x -EjAQBgNVBAoMCU9wZW5SZXN0eTESMBAGA1UECwwJT3BlblJlc3R5MREwDwYDVQQD -DAh0ZXN0LmNvbTEgMB4GCSqGSIb3DQEJARYRYWdlbnR6aEBnbWFpbC5jb20wIBcN -MTQwNzIxMDMyMzQ3WhgPMjE1MTA2MTMwMzIzNDdaMIGXMQswCQYDVQQGEwJVUzET -MBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzESMBAG -A1UECgwJT3BlblJlc3R5MRIwEAYDVQQLDAlPcGVuUmVzdHkxETAPBgNVBAMMCHRl -c3QuY29tMSAwHgYJKoZIhvcNAQkBFhFhZ2VudHpoQGdtYWlsLmNvbTCBnzANBgkq -hkiG9w0BAQEFAAOBjQAwgYkCgYEA6P18zUvtmaKQK2xePy8ZbFwSyTLw+jW6t9eZ -aiTec8X3ibN9WemrxHzkTRikxP3cAQoITRuZiQvF4Q7DO6wMkz/b0zwfgX5uedGq -047AJP6n/mwlDOjGSNomBLoXQzo7tVe60ikEm3ZyDUqnJPJMt3hImO5XSop4MPMu -Za9WhFcCAwEAATANBgkqhkiG9w0BAQUFAAOBgQA4OBb9bOyWB1//93nSXX1mdENZ -IQeyTK0Dd6My76lnZxnZ4hTWrvvd0b17KLDU6JnS2N5ee3ATVkojPidRLWLIhnh5 -0eXrcKalbO2Ce6nShoFvQCQKXN2Txmq2vO/Mud2bHAWwJALg+qi1Iih/gVYB9sct -FLg8zFOzRlYiU+6Mmw== +MIIDtzCCAp8CFCJnLifDCaXjYb2ARKBBhs+aAgYOMA0GCSqGSIb3DQEBCwUAMIGX +MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2Fu +IEZyYW5jaXNjbzESMBAGA1UECgwJT3BlblJlc3R5MRIwEAYDVQQLDAlPcGVuUmVz +dHkxETAPBgNVBAMMCHRlc3QuY29tMSAwHgYJKoZIhvcNAQkBFhFhZ2VudHpoQGdt +YWlsLmNvbTAeFw0yMzA5MDUwNDE5MjhaFw0zMzA5MDIwNDE5MjhaMIGXMQswCQYD +VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5j +aXNjbzESMBAGA1UECgwJT3BlblJlc3R5MRIwEAYDVQQLDAlPcGVuUmVzdHkxETAP +BgNVBAMMCHRlc3QuY29tMSAwHgYJKoZIhvcNAQkBFhFhZ2VudHpoQGdtYWlsLmNv +bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJzRMFoLDuYOwJ8szrS4 +nOibtiimiXZJGx3I/RcFZxaH4nL/WcEb1fwftMQxx73IBJnqnDYkDOzUmzItPMn0 +t2WrNYesC5GqLNRm87m6PVt010tZvq/WxTn6+9qruiGm1PhFxzLQfrClpEeOshlG +UeoQjPOMrhCmofDM2NQo3D4wIQT0kCJxIPq6wCZt22/Yqz1EmR0UnF/R3ZtiB8O+ +SQGcsUKy4se3919xq+ZkzBdMxLneO5sofUiDC9MgRfiU960tbHPGX9I9P+kLK89S +yajPEYaRUkSBFjV5kdDK3+L6XckdMbY2pvwhAnVXSmd13Bf2V9XisUrX2Mr4YlnS +sy0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAVPY/z6Mvjg5EGHzU8bXyuXqxrx8Q +GBwf3PY25aDF6ofRrTCzMdIhthv8eRtGwHinkpgaK34D7hI/dPB7aswQTzED5c+l +S2au5OzzCj454oXdhSRA5Rt0mu/+pxmQ+iNk+7XJxgTN0mk1dYQqodyZ+vC4NIYb +javMlU4zDm4JPtwDs0Mz/d7gf14MU60jppF2vl6AYFHKYBLMHBmqxjy6H9YHjRjQ +oe4TNpn0zxJAPu5LqMkfB2+eLOe6ced7DcLLbbeVJ4Xtqj6Y5KsAyVojWQxrk4vW +3WO/953pHofO5F2ricS/rsf+5ivTmfiP8mQYTtp7k3T11sIZ4DOmtNwO4A== -----END CERTIFICATE----- diff --git a/t/cert/test.key b/t/cert/test.key index 6c135271..4c8c905b 100644 --- a/t/cert/test.key +++ b/t/cert/test.key @@ -1,15 +1,28 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXgIBAAKBgQDo/XzNS+2ZopArbF4/LxlsXBLJMvD6Nbq315lqJN5zxfeJs31Z -6avEfORNGKTE/dwBCghNG5mJC8XhDsM7rAyTP9vTPB+Bfm550arTjsAk/qf+bCUM -6MZI2iYEuhdDOju1V7rSKQSbdnINSqck8ky3eEiY7ldKingw8y5lr1aEVwIDAQAB -AoGBANgB66sKMga2SKN5nQdHS3LDCkevCutu1OWM5ZcbB4Kej5kC57xsf+tzPtab -emeIVGhCPOAALqB4YcT+QtMX967oM1MjcFbtH7si5oq6UYyp3i0G9Si6jIoVHz3+ -8yOUaqwKbK+bRX8VS0YsHZmBsPK5ryN50iUwsU08nemoA94BAkEA9GS9Q5OPeFkM -tFxsIQ1f2FSsZAuN/1cpZgJqY+YaAN7MSPGTWyfd7nWG/Zgk3GO9/2ihh4gww+7B -To09GkmW4QJBAPQOHC2V+t2TA98+6Lj6+TYwcGEkhOENfVpH25mQ+kXgF/1Bd6rA -nosT1bdAY+SnmWXbSw6Kv5C20Em+bEX8WjcCQCSRRjhsRdVODbaW9Z7kb2jhEoJN -sEt6cTlQNzcHYPCsZYisjM3g4zYg47fiIfHQAsfKkhDDcfh/KvFj9LaQOEECQQCH -eBWYEDpSJ7rsfqT7mQQgWj7nDThdG/nK1TxGP71McBmg0Gg2dfkLRhVJRQqt74Is -kc9V4Rp4n6F6baL4Lh19AkEA6pZZer0kg3Kv9hjhaITIKUYdfIp9vYnDRWbQlBmR -atV8V9u9q2ETZvqfHpN+9Lu6NYR4yXIEIRf1bnIZ/mr9eQ== ------END RSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCc0TBaCw7mDsCf +LM60uJzom7Yopol2SRsdyP0XBWcWh+Jy/1nBG9X8H7TEMce9yASZ6pw2JAzs1Jsy +LTzJ9LdlqzWHrAuRqizUZvO5uj1bdNdLWb6v1sU5+vvaq7ohptT4Rccy0H6wpaRH +jrIZRlHqEIzzjK4QpqHwzNjUKNw+MCEE9JAicSD6usAmbdtv2Ks9RJkdFJxf0d2b +YgfDvkkBnLFCsuLHt/dfcavmZMwXTMS53jubKH1IgwvTIEX4lPetLWxzxl/SPT/p +CyvPUsmozxGGkVJEgRY1eZHQyt/i+l3JHTG2Nqb8IQJ1V0pnddwX9lfV4rFK19jK ++GJZ0rMtAgMBAAECggEABjaOkcllis1o/yrVZMPPabLpAHV6tZ5MuKfNiUOMSPr+ +HfF1OFQL7MxCdfyFQ1prqOp/9nAut+puMgp99wAfDQ7qanNGq7vgQKkfPSD+dy4V +rUquELBJH6nh9SZqfpSqKaJgHlNe6vehHuRYikJRkrJwVzegGjuekm3B+y6Zl/gc +e0p5Ha3MTLTFjocwYzgTjJlxD40wlbjpuVnmzKjo8AKNv1F1azMaqBmt1VfPiDn0 +Xyq4SPEsWKnEAl2kZdaIBR6zIx7Z3zNUwkfb32QwNoSyo8wS7lCgf2GVS7r1Eul6 +iiCE/Gd7w10alW4Pu96shVqkvKn7ROF2nBP9xOSPwQKBgQDCuD6mlNpA07iOX364 +aAzIAYookceVA0I9L/fbOQW7RgpvYpM8lxr31TQ3fBDkXSgjzMMYjnk4kz+xN+BB +WFdjb4raUBtrvip8Q8QZ53DVQK/LodHh0XhipbOxZrDm+6o5nQD0fTqHCBIHSVFF +tXX2Y90t1cxWMMleRhfNEuzkQQKBgQDOK0rs7mf04Xhc4ZIRIxOtNFnthGp4Kqp7 +SD8VQpbPOLV8iqZEtXIy/hvoTpfQW30c1931KgDQ3Pv5MZYpI7PLqrqkj4tGCQ91 +DJ03GWkSXcMwlPmJRbvgWIeCLgShU5PLxmQu3mH2DP+uGFUBq5/6miDDVjF9z6vb +BwYlG66j7QKBgA0n/bOrowN2SqXz9c/n19U7pWYQU3fR/Iu9zfVV6Pk6RkI4WtJh +M0VDdn+5Njr3wFqK3zOtjKsx57/FkrVXjq/9PVh6yR+CfcRfn8RQSuNdt4L+r/ud +95BSuc1mrtUsc9for8PVIjs1ZGJxpbgcBphbLvqF04SPT0u7WKhWewMBAoGAcJO/ +RAUiitsbaExcADORKQDvIf0uThOuJ8dZevhzdQ/YOftTsy0JAMM05fMUfteWR8uw +DZE0BNjGVlo3TpuKL+o4JGele0azRAzxRAcCEt9UGBEg+U40utpclD8glB8ZEypv +xg/0mfCbJKtwr4rRvnuu7DsCp1pg0ybQui6VfDkCgYBXHwcrZwmv7kgr4pUG6oZj +fzjFenQFqibvb2h7QESyCW13O885GxU13DKv4zg1yi6EqPIopz16qCiUNCvWr5Us +6sI74wEVI3MzmzG0Htgl29q5yWpeY+7libC/fbZYG8GFgdINq58ko9be1u/8644S +t2hoKM9/vrVFh9p9qGzckg== +-----END PRIVATE KEY----- diff --git a/t/cert/test_der.crt b/t/cert/test_der.crt index 0b6ef6344989954d7fe0d3413cb94317e7179a1d..273b98638f7853e003f7d68d084b30f143a748a1 100644 GIT binary patch delta 659 zcmV;E0&M-Q1-l0;FoFZOFoFV~0u&-=E+@kYrQ>0}fJC4{hR>P;1`aR{1_>&LNQU1QR)zk^Ng+#rlIi6*wiT8J}@B!^pGNP zAo{w%CT-hq*sDE6nH?0IU(wy0Vh6*%NdcU(LbBq=xA$LhtL9|P7fi&t-aDHpeMo}~ z(;!9ol=rPIY;(q6(mg-v3oFl3$*9i}hLKW4ffhA+klRQ5m5qc4sQ zL>PS3@wM`~daiGyUG+e_jkzts|z9cD`PKU{T6o63iSKs>VFJAJzwr z7|@~a6E>Oj&k{gB?n|i29|v!qEa$p$=X(vp%Wb!nJtu|jsy>+Hs{qMbBUubLw z8WdvljoR6%Jk(GhDv6sQ1v6HE>k>SPPnzP<-XD*tc zofBuTFPRe~bkgXGui(3WgGd%y1dGZt1kB)Q2Dp~Uydrzi(?+Q)L3?jJ6l z&XJ1jn|#(XmoGMYzcM{t^5!FvYwLdBy|}kpW5bmfGcVn^7gt>%9Ok8Lryi)AbfT@I z^5WCi14Ju3zey!N5q*31(#`x{H TuE-9XGr^nP!jyvF^~?qU#%!U& diff --git a/t/cert/test_der.key b/t/cert/test_der.key index 767df379aaa0d90188d072d251e1d570da1f3f03..14e9fa5821954099040a8490a1f344be65228cc9 100644 GIT binary patch literal 1216 zcmV;x1V8&Qf&{z*0RS)!1_>&LNQUrrZ9p8q5=T`0)hbn0G!bJW_cjII!-q43Pu)F|9OFd+o=kRov)`ntd-ZQF0yt35=S9Tc2j(cPP32gANe0i3Zy zvf{_L_g`_V=48wlOvJg~JDVtdNP`R0AVv6;_pL2#bH-oNJwNFSE6-BNsLv6Gky1o~ z7BzX1(8}N9`d!H#F}60Q{2>B$S4wAf+!yv&)#9;A*VxMVVp-C&Edm1p009Dm0RRRz zj*-b_ip^;MD%E7e&uOyh0Cjq`o=mu>&51*dNc#RA@pU*<3+&87b^L`xT5G84fA(-L zx9V;(3Vrtg9}N!bYI8=byWl{nA3Y%ccP;Lm>i3}@ zGkHG?gfdIm| zKBkn~K-0L6Uw*h~49EeBD3QmN142D7_uDxIyG9CcVv{_V8u!&SH+&G}T__{W!x)Zv zIFmoIH{d~7S7UFA+E5#7zAAh}#2M#s)j+Syq0!;dcw(iqv1YL5`>Hve0Q7x2hX@h} zNl`_$b@pT3E!E6cFv(s<7tIpvqb62@iD)oi`b2 z5?#YEl=+E8yWm)df-VH1Q!e_6+~77*zqQpZc00!&WhU&#T)91|=J=qwNBL zfDI@8v#X;6c1or5_0Q+m)jOqT5L0*2{ENNK^;PKkIz~b`TGC-NMMHLfxi&iYz*>sm zGp&rPG3UR07! zC&yWO_;Ym+*g5-Cvn>e#!!+gd6n@v1N6WAcku(I@##UN4PMeA^>Nq54rF%xRL=5pn z2Lck`R2UH;`A#&t+FX=BAe0{&6Dn`U5A>Pvny|0;gJF(69|tRE39s%*E8>*~>V{)~IK_H&1*#_RZ)kf!M6wBOcRSBH8x=L&GOyz}HOel8 zsPZVMJ$k4plr$^Wuazw7!aL&u6(e&qn=!N=*d^QAxyfo?WA5dNu)lq_SR28Gfzl1D epCqH!-q!E@>y8q)XlN+Uf4;RvhuVFpY}}FtKTk3M literal 636 zcmV-?0)zc9f&zE~0RS)!1_>&LNQUpVlaXNUIGCC0)c@5=>2@nOYNDW zkSlCnKQ9?udC{uVj=&`Tr~Ygu4Cuy4+9m|L7ehKbwO6{*DFmB#at%tSB=StR zcu1J;S4xU_F!L^DuU3Rt0s{d60Rn-60N4TRs|qp(wn(FSod-uta>EKouL|pK)a8uj zmm3Fyo{yOV=e%rx>vKNVn|f!6RA@px-~cY5cwxl;Lem%buIMvUBXCyjAG;#vin>vZ zsopIH^(eZGiWMI{{_`W0YOD%uubV}G6-!1e9hrf!^0}`gdD0~?u}wUk>8JzV0Rlk) z^klt5laF{=476NqAq`*HRIFqRjsI6EW&&zs<{ALr%t-N*TPNM_b%y{dd5W{i!e=6}~^tO;VK>|Slhjgm}qv1R)poZgLs^YW;apR3@1K From b09bd036ab2bf2e069980b51113182113ba2613a Mon Sep 17 00:00:00 2001 From: lijunlong Date: Thu, 20 Feb 2025 10:43:49 +0800 Subject: [PATCH 2/3] add openssl. --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index bc4f5659..f91458dc 100644 --- a/.travis.yml +++ b/.travis.yml @@ -14,7 +14,7 @@ compiler: addons: apt: - packages: [ axel, cpanminus, libgd-dev, libtest-base-perl, libtext-diff-perl, liburi-perl, libwww-perl, libtest-longstring-perl, liblist-moreutils-perl, dnsutils ] + packages: [ axel, cpanminus, libgd-dev, libtest-base-perl, libtext-diff-perl, liburi-perl, libwww-perl, libtest-longstring-perl, liblist-moreutils-perl, dnsutils, openssl ] cache: apt: true From 3a81469611a3fb1d131d87186d9ef2252affb254 Mon Sep 17 00:00:00 2001 From: lijunlong Date: Thu, 20 Feb 2025 11:06:21 +0800 Subject: [PATCH 3/3] skip nginx<1.25.4. --- t/129-ssl-socket.t | 2 ++ 1 file changed, 2 insertions(+) diff --git a/t/129-ssl-socket.t b/t/129-ssl-socket.t index 2746c83c..8b1f110a 100644 --- a/t/129-ssl-socket.t +++ b/t/129-ssl-socket.t @@ -2901,6 +2901,7 @@ lua ssl free session [alert] [crit] --- timeout: 5 +--- skip_nginx: 7: < 1.25.4 @@ -3010,3 +3011,4 @@ handshake rejected while SSL handshaking [alert] [crit] --- timeout: 5 +--- skip_nginx: 7: < 1.25.4