nginx
diff --git a/‎ssl.t
Lines changed: 29 additions & 43 deletions b/‎ssl.t
Lines changed: 29 additions & 43 deletions
diff --git a/‎ssl_certificate_chain.t
Lines changed: 16 additions & 30 deletions b/‎ssl_certificate_chain.t
Lines changed: 16 additions & 30 deletions
diff --git a/‎ssl_client_escaped_cert.t
Lines changed: 6 additions & 25 deletions b/‎ssl_client_escaped_cert.t
Lines changed: 6 additions & 25 deletions
diff --git a/‎ssl_crl.t
Lines changed: 6 additions & 31 deletions b/‎ssl_crl.t
Lines changed: 6 additions & 31 deletions
diff --git a/‎ssl_curve.t
Lines changed: 1 addition & 38 deletions b/‎ssl_curve.t
Lines changed: 1 addition & 38 deletions
diff --git a/‎ssl_password_file.t
Lines changed: 2 additions & 29 deletions b/‎ssl_password_file.t
Lines changed: 2 additions & 29 deletions
diff --git a/‎ssl_proxy_protocol.t
Lines changed: 1 addition & 18 deletions b/‎ssl_proxy_protocol.t
Lines changed: 1 addition & 18 deletions
@@ -14,6 +14,7 @@ use strict;
 use Test::More;
 
 use Socket qw/ CRLF /;
+use IO::Select;
 
 BEGIN { use FindBin; chdir($FindBin::Bin); }
 
@@ -278,11 +279,9 @@ sub test_tls13 {
 }
 
 sub get {
-	my ($uri, $port, $ctx) = @_;
-	my $s = get_ssl_socket($port, $ctx) or return;
-	my $r = http_get($uri, socket => $s);
-	$s->close();
-	return $r;
+	my ($uri, $port, $ctx, %extra) = @_;
+	my $s = get_ssl_socket($port, $ctx, %extra) or return;
+	return http_get($uri, socket => $s);
 }
 
 sub get_body {
@@ -297,16 +296,16 @@ sub get_body {
 	http($chs . CRLF . $body x $len . CRLF, socket => $s, start => 1)
 		for 1 .. $n;
 	my $r = http("0" . CRLF . CRLF, socket => $s);
-	$s->close();
 	return $r;
 }
 
 sub cert {
 	my ($uri, $port) = @_;
-	my $s = get_ssl_socket($port, undef,
+	return get(
+		$uri, $port, undef,
 		SSL_cert_file => "$d/subject.crt",
-		SSL_key_file => "$d/subject.key") or return;
-	http_get($uri, socket => $s);
+		SSL_key_file => "$d/subject.key"
+	);
 }
 
 sub get_ssl_context {
@@ -318,45 +317,32 @@ sub get_ssl_context {
 
 sub get_ssl_socket {
 	my ($port, $ctx, %extra) = @_;
-	my $s;
-
-	eval {
-		local $SIG{ALRM} = sub { die "timeout\n" };
-		local $SIG{PIPE} = sub { die "sigpipe\n" };
-		alarm(8);
-		$s = IO::Socket::SSL->new(
-			Proto => 'tcp',
-			PeerAddr => '127.0.0.1',
-			PeerPort => port($port),
-			SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
-			SSL_reuse_ctx => $ctx,
-			SSL_error_trap => sub { die $_[1] },
-			%extra
-		);
-		alarm(0);
-	};
-	alarm(0);
-
-	if ($@) {
-		log_in("died: $@");
-		return undef;
-	}
-
-	return $s;
+	return http(
+		'', PeerAddr => '127.0.0.1:' . port($port), start => 1,
+		SSL => 1,
+		SSL_reuse_ctx => $ctx,
+		%extra
+	);
 }
 
 sub get_ssl_shutdown {
 	my ($port) = @_;
 
-	my $s = IO::Socket::INET->new('127.0.0.1:' . port($port));
-	my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!");
-	my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!");
-	Net::SSLeay::set_fd($ssl, fileno($s));
-	Net::SSLeay::connect($ssl) or die("ssl connect");
-	Net::SSLeay::write($ssl, 'GET /' . CRLF . 'extra');
-	Net::SSLeay::read($ssl);
-	Net::SSLeay::set_shutdown($ssl, 1);
-	Net::SSLeay::shutdown($ssl);
+	my $s = http(
+		'GET /' . CRLF . 'extra',
+		PeerAddr => '127.0.0.1:' . port($port), start => 1,
+		SSL => 1
+	);
+
+	$s->blocking(0);
+	while (IO::Select->new($s)->can_read(8)) {
+                my $n = $s->sysread(my $buf, 16384);
+                next if !defined $n && $!{EWOULDBLOCK};
+                last;
+	}
+	$s->blocking(1);
+
+	return $s->stop_SSL();
 }
 
 ###############################################################################
@@ -133,41 +133,27 @@ $t->run();
 
 ###############################################################################
 
-is(get_ssl_socket(port(8080)), undef, 'incomplete chain');
-ok(get_ssl_socket(port(8081)), 'intermediate');
-ok(get_ssl_socket(port(8082)), 'intermediate server');
+ok(!get_ssl_socket(8080), 'incomplete chain');
+ok(get_ssl_socket(8081), 'intermediate');
+ok(get_ssl_socket(8082), 'intermediate server');
 
 ###############################################################################
 
 sub get_ssl_socket {
 	my ($port) = @_;
-	my ($s, $verify);
-
-	eval {
-		local $SIG{ALRM} = sub { die "timeout\n" };
-		local $SIG{PIPE} = sub { die "sigpipe\n" };
-		alarm(8);
-		$s = IO::Socket::SSL->new(
-			Proto => 'tcp',
-			PeerAddr => '127.0.0.1',
-			PeerPort => $port,
-			SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_PEER(),
-			SSL_ca_file => "$d/root.crt",
-			SSL_verify_callback => sub {
-				my ($ok) = @_;
-				$verify = $ok;
-				return $ok;
-			},
-			SSL_error_trap => sub { die $_[1] }
-		);
-		alarm(0);
-	};
-	alarm(0);
-
-	if ($@) {
-		log_in("died: $@");
-		return undef;
-	}
+	my ($verify);
+
+	http(
+		'', PeerAddr => '127.0.0.1:' . port($port), start => 1,
+		SSL => 1,
+		SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_PEER(),
+		SSL_ca_file => "$d/root.crt",
+		SSL_verify_callback => sub {
+			my ($ok) = @_;
+			$verify = $ok;
+			return $ok;
+		}
+	);
 
 	return $verify;
 }
 
@@ -91,31 +91,12 @@ is($escaped, $cert, 'ssl_client_escaped_cert unescape match');
 
 sub cert {
 	my ($uri) = @_;
-	my $s;
-
-	eval {
-		local $SIG{ALRM} = sub { die "timeout\n" };
-		local $SIG{PIPE} = sub { die "sigpipe\n" };
-		alarm(8);
-		$s = IO::Socket::SSL->new(
-			Proto => 'tcp',
-			PeerAddr => '127.0.0.1',
-			PeerPort => port(8443),
-			SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
-			SSL_cert_file => "$d/localhost.crt",
-			SSL_key_file => "$d/localhost.key",
-			SSL_error_trap => sub { die $_[1] },
-		);
-		alarm(0);
-	};
-	alarm(0);
-
-	if ($@) {
-		log_in("died: $@");
-		return undef;
-	}
-
-	http_get($uri, socket => $s);
+	return http_get(
+		$uri,
+		SSL => 1,
+		SSL_cert_file => "$d/localhost.crt",
+		SSL_key_file => "$d/localhost.key"
+	);
 }
 
 ###############################################################################
@@ -162,37 +162,12 @@ like(get(8082, 'end'), qr/FAILED/, 'crl - intermediate cert revoked');
 
 sub get {
 	my ($port, $cert) = @_;
-	my $s = get_ssl_socket($port, $cert) or return;
-	http_get('/t', socket => $s);
-}
-
-sub get_ssl_socket {
-	my ($port, $cert) = @_;
-	my ($s);
-
-	eval {
-		local $SIG{ALRM} = sub { die "timeout\n" };
-		local $SIG{PIPE} = sub { die "sigpipe\n" };
-		alarm(8);
-		$s = IO::Socket::SSL->new(
-			Proto => 'tcp',
-			PeerAddr => '127.0.0.1',
-			PeerPort => port($port),
-			SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
-			SSL_cert_file => "$d/$cert.crt",
-			SSL_key_file => "$d/$cert.key",
-			SSL_error_trap => sub { die $_[1] }
-		);
-		alarm(0);
-	};
-	alarm(0);
-
-	if ($@) {
-		log_in("died: $@");
-		return undef;
-	}
-
-	return $s;
+	http_get(
+		'/t', PeerAddr => '127.0.0.1:' . port($port),
+		SSL => 1,
+		SSL_cert_file => "$d/$cert.crt",
+		SSL_key_file => "$d/$cert.key"
+	);
 }
 
 ###############################################################################
@@ -75,43 +75,6 @@ $t->try_run('no $ssl_curve')->plan(1);
 
 ###############################################################################
 
-like(get('/curve'), qr/^prime256v1 /m, 'ssl curve');
-
-###############################################################################
-
-sub get {
-	my ($uri, $port, $ctx) = @_;
-	my $s = get_ssl_socket($port) or return;
-	my $r = http_get($uri, socket => $s);
-	$s->close();
-	return $r;
-}
-
-sub get_ssl_socket {
-	my ($port, $ctx) = @_;
-	my $s;
-
-	eval {
-		local $SIG{ALRM} = sub { die "timeout\n" };
-		local $SIG{PIPE} = sub { die "sigpipe\n" };
-		alarm(8);
-		$s = IO::Socket::SSL->new(
-			Proto => 'tcp',
-			PeerAddr => '127.0.0.1',
-			PeerPort => port(8443),
-			SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
-			SSL_error_trap => sub { die $_[1] },
-		);
-		alarm(0);
-	};
-	alarm(0);
-
-	if ($@) {
-		log_in("died: $@");
-		return undef;
-	}
-
-	return $s;
-}
+like(http_get('/curve', SSL => 1), qr/^prime256v1 /m, 'ssl curve');
 
 ###############################################################################
@@ -49,7 +49,7 @@ http {
     ssl_password_file password_http;
 
     server {
-        listen       127.0.0.1:8081 ssl;
+        listen       127.0.0.1:8443 ssl;
         listen       127.0.0.1:8080;
         server_name  localhost;
 
@@ -132,33 +132,6 @@ is($@, '', 'ssl_password_file works');
 # simple tests to ensure that nothing broke with ssl_password_file directive
 
 like(http_get('/'), qr/200 OK.*http/ms, 'http');
-like(http_get('/', socket => get_ssl_socket()), qr/200 OK.*https/ms, 'https');
-
-###############################################################################
-
-sub get_ssl_socket {
-	my $s;
-
-	eval {
-		local $SIG{ALRM} = sub { die "timeout\n" };
-		local $SIG{PIPE} = sub { die "sigpipe\n" };
-		alarm(8);
-		$s = IO::Socket::SSL->new(
-			Proto => 'tcp',
-			PeerAddr => '127.0.0.1:' . port(8081),
-			SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
-			SSL_error_trap => sub { die $_[1] }
-		);
-		alarm(0);
-	};
-	alarm(0);
-
-	if ($@) {
-		log_in("died: $@");
-		return undef;
-	}
-
-	return $s;
-}
+like(http_get('/', SSL => 1), qr/200 OK.*https/ms, 'https');
 
 ###############################################################################
@@ -148,24 +148,7 @@ sub pp_get {
 
 	my $s = http($proxy, start => 1);
 
-	eval {
-		local $SIG{ALRM} = sub { die "timeout\n" };
-		local $SIG{PIPE} = sub { die "sigpipe\n" };
-		alarm(8);
-		IO::Socket::SSL->start_SSL($s,
-			SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
-			SSL_error_trap => sub { die $_[1] }
-		);
-		alarm(0);
-	};
-	alarm(0);
-
-	if ($@) {
-		log_in("died: $@");
-		return undef;
-	}
-
-	return http(<<EOF, socket => $s);
+	return http(<<EOF, socket => $s, SSL => 1);
 GET $url HTTP/1.0
 Host: localhost