1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
use strict;
use warnings FATAL => 'all';
use Apache::Test;
use Apache::TestRequest;
use Apache::TestUtil;
use IO::Socket::SSL;
# This is the equivalent of pr12355.t for TLSv1.3.
Apache::TestRequest::user_agent(ssl_opts => {SSL_version => 'TLSv13'});
Apache::TestRequest::scheme('https');
Apache::TestRequest::user_agent_keepalive(1);
my $r = GET "/";
if (!$r->is_success) {
print "1..0 # skip: TLSv1.3 not supported";
exit 0;
}
if (!defined &IO::Socket::SSL::can_pha || !IO::Socket::SSL::can_pha()) {
print "1..0 # skip: PHA not supported by IO::Socket::SSL < 2.061";
exit 0;
}
plan tests => 4, need_min_apache_version("2.4.47");
$r = GET("/verify/", cert => undef);
ok t_cmp($r->code, 403, "access must be denied without client certificate");
# SSLRenegBufferSize 10 for this location which should mean a 413
# error.
$r = POST("/require/small/perl_echo.pl", content => 'y'x101,
cert => 'client_ok');
ok t_cmp($r->code, 413, "PHA reneg body buffer size restriction works");
# Reset to use a new connection.
Apache::TestRequest::user_agent(reset => 1);
Apache::TestRequest::user_agent(ssl_opts => {SSL_version => 'TLSv13'});
Apache::TestRequest::scheme('https');
$r = POST("/verify/modules/cgi/perl_echo.pl", content => 'x'x10000,
cert => 'client_ok');
ok t_cmp($r->code, 200, "PHA works with POST body");
ok t_cmp($r->content, $r->request->content, "request body matches response");
|
