# HG changeset patch # User Maxim Dounin # Date 1714943062 -10800 # Node ID f3573393f36f47e1aeeea99bf13cb23b1b4ea7f1 # Parent ab45ee8011df2453e2b1dbee9662d00f8e579e3b Tests: guarded ssl_stapling.t for old OpenSSL versions. Stapling requires the certificate status TLS extension. It is implemented in OpenSSL 0.9.8h and available if TLS extensions support is explicitly configured, and by default since 0.9.8j. To properly test if stapling is available, OpenSSL version is checked, and SNI availability is checked to ensure TLS extensions support is compiled in. diff --git a/ssl_stapling.t b/ssl_stapling.t --- a/ssl_stapling.t +++ b/ssl_stapling.t @@ -32,7 +32,12 @@ plan(skip_all => 'Net::SSLeay too old') eval { defined &IO::Socket::SSL::SSL_OCSP_TRY_STAPLE or die; }; plan(skip_all => 'IO::Socket::SSL too old') if $@; -plan(skip_all => 'no OCSP stapling') if $t->has_module('BoringSSL'); +plan(skip_all => 'no OCSP stapling') + if $t->has_module('BoringSSL'); +plan(skip_all => 'no OCSP stapling') + if $t->has_module('OpenSSL') and not $t->has_feature('openssl:0.9.8h'); +plan(skip_all => 'no OCSP stapling') + if not $t->has_module('sni'); $t->plan(10)->write_file_expand('nginx.conf', <<'EOF');