Mercurial > hg > nginx-tests

diff ssl_certificates.t @ 1871:1ba5108b6c24
Tests: handled unsupported PSS in sigalgs. It might happen that TLSv1.3 is disabled and PSS isn't supported as seen on Amazon Linux (LTS). Now setting sigalgs is retried without PSS on failure. Patch by Maxim Dounin.
author: Sergey Kandaurov <pluknet@nginx.com>
date: Tue, 23 May 2023 16:30:02 +0400
parents: 0e1865aa9b33
children: 0a93f101925a
--- a/ssl_certificates.t
+++ b/ssl_certificates.t
@@ -120,10 +120,11 @@ sub get_socket {
 		return unless defined $type;
 		my $ssleay = Net::SSLeay::SSLeay();
 		return if ($ssleay < 0x1000200f || $ssleay == 0x20000000);
-		my $sigalgs = 'RSA+SHA256:PSS+SHA256';
-		$sigalgs = $type . '+SHA256' unless $type eq 'RSA';
+		my @sigalgs = ('RSA+SHA256:PSS+SHA256', 'RSA+SHA256');
+		@sigalgs = ($type . '+SHA256') unless $type eq 'RSA';
 		# SSL_CTRL_SET_SIGALGS_LIST
-		Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs)
+		Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs[0])
+			or Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs[1])
 			or die("Failed to set sigalgs");
 	};
author	Sergey Kandaurov <pluknet@nginx.com>
date	Tue, 23 May 2023 16:30:02 +0400
parents	0e1865aa9b33
children	0a93f101925a