Mercurial > hg > nginx-tests

diff ssl_stapling.t @ 1871:1ba5108b6c24
Tests: handled unsupported PSS in sigalgs. It might happen that TLSv1.3 is disabled and PSS isn't supported as seen on Amazon Linux (LTS). Now setting sigalgs is retried without PSS on failure. Patch by Maxim Dounin.
author: Sergey Kandaurov <pluknet@nginx.com>
date: Tue, 23 May 2023 16:30:02 +0400
parents: 231b14e2041a
children: 0b5ec15c62ed
--- a/ssl_stapling.t
+++ b/ssl_stapling.t
@@ -321,10 +321,11 @@ sub staple {
 		return unless defined $ciphers;
 		my $ssleay = Net::SSLeay::SSLeay();
 		return if ($ssleay < 0x1000200f || $ssleay == 0x20000000);
-		my $sigalgs = 'RSA+SHA256:PSS+SHA256';
-		$sigalgs = $ciphers . '+SHA256' unless $ciphers eq 'RSA';
+		my @sigalgs = ('RSA+SHA256:PSS+SHA256', 'RSA+SHA256');
+		@sigalgs = ($ciphers . '+SHA256') unless $ciphers eq 'RSA';
 		# SSL_CTRL_SET_SIGALGS_LIST
-		Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs)
+		Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs[0])
+			or Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs[1])
 			or die("Failed to set sigalgs");
 	};
author	Sergey Kandaurov <pluknet@nginx.com>
date	Tue, 23 May 2023 16:30:02 +0400
parents	231b14e2041a
children	0b5ec15c62ed