Mercurial > hg > nginx-tests
diff ssl_verify_client.t @ 1968:b72a8c4a1bef
Tests: CA list handling with Net::SSLeay with LibreSSL.
LibreSSL is not able to work with CA lists (certificate_authorities extension)
when using TLSv1.3. As such, relevant tests fail if Net::SSLeay is compiled
with LibreSSL. Notably, this affects macOS, where Net::SSLeay compiled
with LibreSSL is shipped with the OS.
Fix is to mark relevant tests as TODO if Net:SSLeay is compiled with
LibreSSL, similarly to what we already do for TLSv1.3 CA list issues in
LibreSSL on the server side.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 06 May 2024 00:02:01 +0300 |
parents | 0e1865aa9b33 |
children |
line wrap: on
line diff
--- a/ssl_verify_client.t +++ b/ssl_verify_client.t @@ -158,6 +158,8 @@ skip 'Net::SSLeay version >= 1.36 requir TODO: { local $TODO = 'broken TLSv1.3 CA list in LibreSSL' if $t->has_module('LibreSSL') && test_tls13(); +local $TODO = 'no TLSv1.3 CA list in Net::SSLeay (LibreSSL)' + if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13(); my $ca = join ' ', get('optional', '3.example.com'); is($ca, '/CN=2.example.com', 'no trusted sent');