travis-ci: bumped the NGINX core to 1.19.2. (#1793)

Author: xiaocang

.travis.yml

@@ -48,8 +48,9 @@ env:
     - TEST_NGINX_SLEEP=0.006
   jobs:
     - NGINX_VERSION=1.17.8 OPENSSL_VER=1.0.2u OPENSSL_PATCH_VER=1.0.2h
-    - NGINX_VERSION=1.17.8 OPENSSL_VER=1.1.0l OPENSSL_PATCH_VER=1.1.0d
-    - NGINX_VERSION=1.17.8 OPENSSL_VER=1.1.1g OPENSSL_PATCH_VER=1.1.1f
+    - NGINX_VERSION=1.19.3 OPENSSL_VER=1.0.2u OPENSSL_PATCH_VER=1.0.2h
+    - NGINX_VERSION=1.19.3 OPENSSL_VER=1.1.0l OPENSSL_PATCH_VER=1.1.0d
+    - NGINX_VERSION=1.19.3 OPENSSL_VER=1.1.1g OPENSSL_PATCH_VER=1.1.1f
 
 services:
  - memcached

src/ngx_http_lua_ssl_certby.c

@@ -215,7 +215,9 @@ ngx_http_lua_ssl_cert_handler(ngx_ssl_conn_t *ssl_conn, void *data)
 
     dd("first time");
 
+#if (nginx_version < 1017009)
     ngx_reusable_connection(c, 0);
+#endif
 
     hc = c->data;
 

src/ngx_http_lua_ssl_session_fetchby.c

@@ -237,7 +237,9 @@ ngx_http_lua_ssl_sess_fetch_handler(ngx_ssl_conn_t *ssl_conn,
 
     dd("first time");
 
+#if (nginx_version < 1017009)
     ngx_reusable_connection(c, 0);
+#endif
 
     hc = c->data;
 

t/124-init-worker.t

@@ -795,6 +795,10 @@ lua close the global Lua VM \2
 lua close the global Lua VM \3 in the cache helper process \d+
 lua close the global Lua VM \3
 lua close the global Lua VM \3 in the cache helper process \d+
+|lua close the global Lua VM ([0-9A-F]+)
+lua close the global Lua VM \4 in the cache helper process \d+
+lua close the global Lua VM \4 in the cache helper process \d+
+lua close the global Lua VM \4
 )(?:lua close the global Lua VM [0-9A-F]+
 )*\z/
 --- no_error_log

t/129-ssl-socket.t

@@ -772,7 +772,7 @@ $::DSTRootCertificate"
 GET /t
 --- response_body eval
 qr{connected: 1
-failed to do SSL handshake: (22: certificate chain too long|20: unable to get local issuer certificate)
+failed to do SSL handshake: (22: certificate chain too long|20: unable to get local issuer certificate|21: unable to verify the first certificate)
 failed to send http request: closed
 }
 
@@ -781,7 +781,7 @@ failed to send http request: closed
 --- grep_error_log_out
 --- error_log eval
 ['lua ssl server name: "openresty.org"',
-qr/lua ssl certificate verify error: \((22: certificate chain too long|20: unable to get local issuer certificate)\)/]
+qr/lua ssl certificate verify error: \((22: certificate chain too long|20: unable to get local issuer certificate|21: unable to verify the first certificate)\)/]
 --- no_error_log
 SSL reused session
 [alert]
@@ -852,7 +852,7 @@ $::DSTRootCertificate"
 GET /t
 --- response_body eval
 qr/connected: 1
-failed to do SSL handshake: (22: certificate chain too long|20: unable to get local issuer certificate)
+failed to do SSL handshake: (22: certificate chain too long|20: unable to get local issuer certificate|21: unable to verify the first certificate)
 failed to send http request: closed
 /
 
@@ -1938,10 +1938,18 @@ SSL reused session
 
 --- request
 GET /t
---- response_body
-connected: 1
+--- response_body eval
+# Since nginx version 1.19.1, invalidity date is considerd a non-critical CRL
+# entry extension, in other words, revoke still works even if CRL has expired.
+$Test::Nginx::Util::NginxVersion >= 1.019001 ?
+
+"connected: 1
+failed to do SSL handshake: 23: certificate revoked
+failed to send http request: closed\n" :
+
+"connected: 1
 failed to do SSL handshake: 12: CRL has expired
-failed to send http request: closed
+failed to send http request: closed\n";
 
 --- user_files eval
 ">>> test.key

t/139-ssl-cert-by.t

@@ -119,11 +119,16 @@ lua ssl server name: "test.com"
 [alert]
 --- grep_error_log eval: qr/ssl_certificate_by_lua:.*?,|\bssl cert: connection reusable: \d+|\breusable connection: \d+/
 --- grep_error_log_out eval
-qr/reusable connection: 1
+# Since nginx version 1.17.9, nginx call ngx_reusable_connection(c, 0)
+# before call ssl callback function
+$Test::Nginx::Util::NginxVersion >= 1.017009 ?
+qr/reusable connection: 0
+ssl cert: connection reusable: 0
+ssl_certificate_by_lua:1: ssl cert by lua is running!,/
+: qr /reusable connection: 1
 ssl cert: connection reusable: 1
 reusable connection: 0
-ssl_certificate_by_lua:1: ssl cert by lua is running!,
-/
+ssl_certificate_by_lua:1: ssl cert by lua is running!,/
 
 
 

t/143-ssl-session-fetch.t

@@ -86,6 +86,21 @@ close: 1 nil
 --- grep_error_log eval: qr/ssl_session_fetch_by_lua_block:.*?,|\bssl session fetch: connection reusable: \d+|\breusable connection: \d+/
 
 --- grep_error_log_out eval
+# Since nginx version 1.17.9, nginx call ngx_reusable_connection(c, 0)
+# before call ssl callback function
+$Test::Nginx::Util::NginxVersion >= 1.017009 ?
+[
+qr/\A(?:reusable connection: [01]\n)+\z/s,
+qr/^reusable connection: 0
+ssl session fetch: connection reusable: 0
+ssl_session_fetch_by_lua_block:1: ssl fetch sess by lua is running!,
+/m,
+qr/^reusable connection: 0
+ssl session fetch: connection reusable: 0
+ssl_session_fetch_by_lua_block:1: ssl fetch sess by lua is running!,
+/m,
+]
+:
 [
 qr/\A(?:reusable connection: [01]\n)+\z/s,
 qr/^reusable connection: 1
@@ -99,7 +114,6 @@ reusable connection: 0
 ssl_session_fetch_by_lua_block:1: ssl fetch sess by lua is running!,
 /m,
 ]
-
 --- no_error_log
 [error]
 [alert]
@@ -1336,6 +1350,21 @@ ssl handshake: userdata
 close: 1 nil
 --- grep_error_log eval: qr/ssl_session_fetch_by_lua_block:.*?,|\bssl session fetch: connection reusable: \d+|\breusable connection: \d+/
 --- grep_error_log_out eval
+# Since nginx version 1.17.9, nginx call ngx_reusable_connection(c, 0)
+# before call ssl callback function
+$Test::Nginx::Util::NginxVersion >= 1.017009 ?
+[
+qr/\A(?:reusable connection: [01]\n)+\z/s,
+qr/^reusable connection: 0
+ssl session fetch: connection reusable: 0
+ssl_session_fetch_by_lua_block:1: ssl_session_fetch_by_lua\* is running!,
+/m,
+qr/^reusable connection: 0
+ssl session fetch: connection reusable: 0
+ssl_session_fetch_by_lua_block:1: ssl_session_fetch_by_lua\* is running!,
+/m,
+]
+:
 [
 qr/\A(?:reusable connection: [01]\n)+\z/s,
 qr/^reusable connection: 1