Mercurial > hg > nginx-tests
comparison stream_ssl_verify_client.t @ 1843:818e6d8c43b5
Tests: LibreSSL does not send CA lists with TLSv1.3.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Thu, 23 Mar 2023 19:50:19 +0300 |
| parents | fd440d324700 |
| children | dbb7561a9441 |
comparison
equal
deleted
inserted
replaced
| 1842:af47a0b348a5 | 1843:818e6d8c43b5 |
|---|---|
| 84 return $ssl_client_verify:$ssl_client_cert; | 84 return $ssl_client_verify:$ssl_client_cert; |
| 85 | 85 |
| 86 ssl_verify_client optional_no_ca; | 86 ssl_verify_client optional_no_ca; |
| 87 ssl_client_certificate 2.example.com.crt; | 87 ssl_client_certificate 2.example.com.crt; |
| 88 } | 88 } |
| 89 | |
| 90 server { | |
| 91 listen 127.0.0.1:8084 ssl; | |
| 92 return $ssl_protocol; | |
| 93 } | |
| 89 } | 94 } |
| 90 | 95 |
| 91 EOF | 96 EOF |
| 92 | 97 |
| 93 $t->write_file('openssl.conf', <<EOF); | 98 $t->write_file('openssl.conf', <<EOF); |
| 124 like(get(8082, '3.example.com'), qr/SUCCESS.*BEGIN/, 'good cert trusted'); | 129 like(get(8082, '3.example.com'), qr/SUCCESS.*BEGIN/, 'good cert trusted'); |
| 125 | 130 |
| 126 SKIP: { | 131 SKIP: { |
| 127 skip 'Net::SSLeay version >= 1.36 required', 1 if $Net::SSLeay::VERSION < 1.36; | 132 skip 'Net::SSLeay version >= 1.36 required', 1 if $Net::SSLeay::VERSION < 1.36; |
| 128 | 133 |
| 134 TODO: { | |
| 135 local $TODO = 'broken TLSv1.3 CA list in LibreSSL' | |
| 136 if $t->has_module('LibreSSL') && test_tls13(); | |
| 137 | |
| 129 my $ca = join ' ', get(8082, '3.example.com'); | 138 my $ca = join ' ', get(8082, '3.example.com'); |
| 130 is($ca, '/CN=2.example.com', 'no trusted sent'); | 139 is($ca, '/CN=2.example.com', 'no trusted sent'); |
| 131 | 140 |
| 141 } | |
| 132 } | 142 } |
| 133 | 143 |
| 134 $t->stop(); | 144 $t->stop(); |
| 135 | 145 |
| 136 is($t->read_file('status.log'), "500\n200\n", 'log'); | 146 is($t->read_file('status.log'), "500\n200\n", 'log'); |
| 137 | 147 |
| 138 ############################################################################### | 148 ############################################################################### |
| 149 | |
| 150 sub test_tls13 { | |
| 151 get(8084) =~ /TLSv1.3/; | |
| 152 } | |
| 139 | 153 |
| 140 sub get { | 154 sub get { |
| 141 my ($port, $cert) = @_; | 155 my ($port, $cert) = @_; |
| 142 | 156 |
| 143 my $s = IO::Socket::INET->new('127.0.0.1:' . port($port)); | 157 my $s = IO::Socket::INET->new('127.0.0.1:' . port($port)); |