Mercurial > hg > nginx-tests
comparison ssl_verify_client.t @ 1843:818e6d8c43b5
Tests: LibreSSL does not send CA lists with TLSv1.3.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 23 Mar 2023 19:50:19 +0300 |
parents | dc89eb420196 |
children | 0e1865aa9b33 |
comparison
equal
deleted
inserted
replaced
1842:af47a0b348a5 | 1843:818e6d8c43b5 |
---|---|
53 | 53 |
54 http { | 54 http { |
55 %%TEST_GLOBALS_HTTP%% | 55 %%TEST_GLOBALS_HTTP%% |
56 | 56 |
57 add_header X-Verify x$ssl_client_verify:${ssl_client_cert}x; | 57 add_header X-Verify x$ssl_client_verify:${ssl_client_cert}x; |
58 add_header X-Protocol $ssl_protocol; | |
58 | 59 |
59 ssl_session_cache shared:SSL:1m; | 60 ssl_session_cache shared:SSL:1m; |
60 ssl_session_tickets off; | 61 ssl_session_tickets off; |
61 | 62 |
62 server { | 63 server { |
167 like(get('optional', '3.example.com'), qr/SUCCESS.*BEGIN/, 'good cert trusted'); | 168 like(get('optional', '3.example.com'), qr/SUCCESS.*BEGIN/, 'good cert trusted'); |
168 | 169 |
169 SKIP: { | 170 SKIP: { |
170 skip 'Net::SSLeay version >= 1.36 required', 1 if $Net::SSLeay::VERSION < 1.36; | 171 skip 'Net::SSLeay version >= 1.36 required', 1 if $Net::SSLeay::VERSION < 1.36; |
171 | 172 |
173 TODO: { | |
174 local $TODO = 'broken TLSv1.3 CA list in LibreSSL' | |
175 if $t->has_module('LibreSSL') && test_tls13(); | |
176 | |
172 my $ca = join ' ', get('optional', '3.example.com'); | 177 my $ca = join ' ', get('optional', '3.example.com'); |
173 is($ca, '/CN=2.example.com', 'no trusted sent'); | 178 is($ca, '/CN=2.example.com', 'no trusted sent'); |
174 | 179 |
175 } | 180 } |
181 } | |
176 | 182 |
177 like(get('optional', undef, 'localhost'), qr/421 Misdirected/, 'misdirected'); | 183 like(get('optional', undef, 'localhost'), qr/421 Misdirected/, 'misdirected'); |
178 | 184 |
179 ############################################################################### | 185 ############################################################################### |
186 | |
187 sub test_tls13 { | |
188 get('optional') =~ /TLSv1.3/; | |
189 } | |
180 | 190 |
181 sub get { | 191 sub get { |
182 my ($sni, $cert, $host) = @_; | 192 my ($sni, $cert, $host) = @_; |
183 | 193 |
184 local $SIG{PIPE} = 'IGNORE'; | 194 local $SIG{PIPE} = 'IGNORE'; |