Mercurial > hg > nginx-tests
comparison ssl_stapling.t @ 1967:0a93f101925a
Tests: sigalgs handling with Net::SSLeay with LibreSSL.
LibreSSL does not provide a way to configure signature algorithms, and
this makes it impossible to request a particular server certificate
when using TLSv1.3. As such, relevant tests fail if Net::SSLeay is compiled
with LibreSSL. Notably, this affects macOS, where Net::SSLeay compiled
with LibreSSL is shipped with the OS.
Fix is to mark relevant tests as TODO if Net:SSLeay is compiled with
LibreSSL, similarly to what we already do for sigalg issues in LibreSSL
on the server side.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 06 May 2024 00:01:53 +0300 |
parents | 0b5ec15c62ed |
children | f3573393f36f |
comparison
equal
deleted
inserted
replaced
1966:c924ae8d7104 | 1967:0a93f101925a |
---|---|
260 ok(!staple(8443, 'RSA'), 'staple revoked'); | 260 ok(!staple(8443, 'RSA'), 'staple revoked'); |
261 | 261 |
262 TODO: { | 262 TODO: { |
263 local $TODO = 'broken TLSv1.3 sigalgs in LibreSSL' | 263 local $TODO = 'broken TLSv1.3 sigalgs in LibreSSL' |
264 if $t->has_module('LibreSSL') && test_tls13(); | 264 if $t->has_module('LibreSSL') && test_tls13(); |
265 local $TODO = 'no TLSv1.3 sigalgs in Net::SSLeay (LibreSSL)' | |
266 if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13(); | |
265 | 267 |
266 ok(staple(8443, 'ECDSA'), 'staple success'); | 268 ok(staple(8443, 'ECDSA'), 'staple success'); |
267 | 269 |
268 } | 270 } |
269 | 271 |
270 ok(!staple(8444, 'RSA'), 'responder revoked'); | 272 ok(!staple(8444, 'RSA'), 'responder revoked'); |
271 | 273 |
272 TODO: { | 274 TODO: { |
273 local $TODO = 'broken TLSv1.3 sigalgs in LibreSSL' | 275 local $TODO = 'broken TLSv1.3 sigalgs in LibreSSL' |
274 if $t->has_module('LibreSSL') && test_tls13(); | 276 if $t->has_module('LibreSSL') && test_tls13(); |
277 local $TODO = 'no TLSv1.3 sigalgs in Net::SSLeay (LibreSSL)' | |
278 if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13(); | |
275 | 279 |
276 ok(staple(8444, 'ECDSA'), 'responder success'); | 280 ok(staple(8444, 'ECDSA'), 'responder success'); |
277 | 281 |
278 } | 282 } |
279 | 283 |
286 | 290 |
287 ok(!staple(8449, 'ECDSA'), 'ocsp error'); | 291 ok(!staple(8449, 'ECDSA'), 'ocsp error'); |
288 | 292 |
289 TODO: { | 293 TODO: { |
290 local $TODO = 'broken TLSv1.3 sigalgs in LibreSSL' | 294 local $TODO = 'broken TLSv1.3 sigalgs in LibreSSL' |
291 if $t->has_module('LibreSSL') && test_tls13(); | 295 if $t->has_module('LibreSSL') |
296 && !Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") | |
297 && test_tls13(); | |
292 | 298 |
293 like(`grep -F '[crit]' ${\($t->testdir())}/error.log`, qr/^$/s, 'no crit'); | 299 like(`grep -F '[crit]' ${\($t->testdir())}/error.log`, qr/^$/s, 'no crit'); |
294 | 300 |
295 } | 301 } |
296 | 302 |