47 lines
1.4 KiB
Perl
47 lines
1.4 KiB
Perl
use strict;
|
|
use warnings FATAL => 'all';
|
|
|
|
use Apache::Test;
|
|
use Apache::TestRequest;
|
|
use Apache::TestUtil;
|
|
use IO::Socket::SSL;
|
|
|
|
# This is the equivalent of pr12355.t for TLSv1.3.
|
|
|
|
Apache::TestRequest::user_agent(ssl_opts => {SSL_version => 'TLSv13'});
|
|
Apache::TestRequest::scheme('https');
|
|
Apache::TestRequest::user_agent_keepalive(1);
|
|
|
|
my $r = GET "/";
|
|
|
|
if (!$r->is_success) {
|
|
print "1..0 # skip: TLSv1.3 not supported";
|
|
exit 0;
|
|
}
|
|
|
|
if (!defined &IO::Socket::SSL::can_pha || !IO::Socket::SSL::can_pha()) {
|
|
print "1..0 # skip: PHA not supported by IO::Socket::SSL < 2.061";
|
|
exit 0;
|
|
}
|
|
|
|
plan tests => 4, need_min_apache_version("2.4.47");
|
|
|
|
$r = GET("/verify/", cert => undef);
|
|
ok t_cmp($r->code, 403, "access must be denied without client certificate");
|
|
|
|
# SSLRenegBufferSize 10 for this location which should mean a 413
|
|
# error.
|
|
$r = POST("/require/small/perl_echo.pl", content => 'y'x101,
|
|
cert => 'client_ok');
|
|
ok t_cmp($r->code, 413, "PHA reneg body buffer size restriction works");
|
|
|
|
# Reset to use a new connection.
|
|
Apache::TestRequest::user_agent(reset => 1);
|
|
Apache::TestRequest::user_agent(ssl_opts => {SSL_version => 'TLSv13'});
|
|
Apache::TestRequest::scheme('https');
|
|
|
|
$r = POST("/verify/modules/cgi/perl_echo.pl", content => 'x'x10000,
|
|
cert => 'client_ok');
|
|
|
|
ok t_cmp($r->code, 200, "PHA works with POST body");
|
|
ok t_cmp($r->content, $r->request->content, "request body matches response");
|