Mercurial > hg > nginx-tests
diff ssl_certificates.t @ 1871:1ba5108b6c24
Tests: handled unsupported PSS in sigalgs.
It might happen that TLSv1.3 is disabled and PSS isn't supported as seen on
Amazon Linux (LTS). Now setting sigalgs is retried without PSS on failure.
Patch by Maxim Dounin.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 23 May 2023 16:30:02 +0400 |
parents | 0e1865aa9b33 |
children | 0a93f101925a |
line wrap: on
line diff
--- a/ssl_certificates.t +++ b/ssl_certificates.t @@ -120,10 +120,11 @@ sub get_socket { return unless defined $type; my $ssleay = Net::SSLeay::SSLeay(); return if ($ssleay < 0x1000200f || $ssleay == 0x20000000); - my $sigalgs = 'RSA+SHA256:PSS+SHA256'; - $sigalgs = $type . '+SHA256' unless $type eq 'RSA'; + my @sigalgs = ('RSA+SHA256:PSS+SHA256', 'RSA+SHA256'); + @sigalgs = ($type . '+SHA256') unless $type eq 'RSA'; # SSL_CTRL_SET_SIGALGS_LIST - Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs) + Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs[0]) + or Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs[1]) or die("Failed to set sigalgs"); };