Mercurial > hg > nginx-tests
comparison ssl_stapling.t @ 1967:0a93f101925a
Tests: sigalgs handling with Net::SSLeay with LibreSSL.
LibreSSL does not provide a way to configure signature algorithms, and
this makes it impossible to request a particular server certificate
when using TLSv1.3. As such, relevant tests fail if Net::SSLeay is compiled
with LibreSSL. Notably, this affects macOS, where Net::SSLeay compiled
with LibreSSL is shipped with the OS.
Fix is to mark relevant tests as TODO if Net:SSLeay is compiled with
LibreSSL, similarly to what we already do for sigalg issues in LibreSSL
on the server side.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Mon, 06 May 2024 00:01:53 +0300 |
| parents | 0b5ec15c62ed |
| children | f3573393f36f |
comparison
equal
deleted
inserted
replaced
| 1966:c924ae8d7104 | 1967:0a93f101925a |
|---|---|
| 260 ok(!staple(8443, 'RSA'), 'staple revoked'); | 260 ok(!staple(8443, 'RSA'), 'staple revoked'); |
| 261 | 261 |
| 262 TODO: { | 262 TODO: { |
| 263 local $TODO = 'broken TLSv1.3 sigalgs in LibreSSL' | 263 local $TODO = 'broken TLSv1.3 sigalgs in LibreSSL' |
| 264 if $t->has_module('LibreSSL') && test_tls13(); | 264 if $t->has_module('LibreSSL') && test_tls13(); |
| 265 local $TODO = 'no TLSv1.3 sigalgs in Net::SSLeay (LibreSSL)' | |
| 266 if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13(); | |
| 265 | 267 |
| 266 ok(staple(8443, 'ECDSA'), 'staple success'); | 268 ok(staple(8443, 'ECDSA'), 'staple success'); |
| 267 | 269 |
| 268 } | 270 } |
| 269 | 271 |
| 270 ok(!staple(8444, 'RSA'), 'responder revoked'); | 272 ok(!staple(8444, 'RSA'), 'responder revoked'); |
| 271 | 273 |
| 272 TODO: { | 274 TODO: { |
| 273 local $TODO = 'broken TLSv1.3 sigalgs in LibreSSL' | 275 local $TODO = 'broken TLSv1.3 sigalgs in LibreSSL' |
| 274 if $t->has_module('LibreSSL') && test_tls13(); | 276 if $t->has_module('LibreSSL') && test_tls13(); |
| 277 local $TODO = 'no TLSv1.3 sigalgs in Net::SSLeay (LibreSSL)' | |
| 278 if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13(); | |
| 275 | 279 |
| 276 ok(staple(8444, 'ECDSA'), 'responder success'); | 280 ok(staple(8444, 'ECDSA'), 'responder success'); |
| 277 | 281 |
| 278 } | 282 } |
| 279 | 283 |
| 286 | 290 |
| 287 ok(!staple(8449, 'ECDSA'), 'ocsp error'); | 291 ok(!staple(8449, 'ECDSA'), 'ocsp error'); |
| 288 | 292 |
| 289 TODO: { | 293 TODO: { |
| 290 local $TODO = 'broken TLSv1.3 sigalgs in LibreSSL' | 294 local $TODO = 'broken TLSv1.3 sigalgs in LibreSSL' |
| 291 if $t->has_module('LibreSSL') && test_tls13(); | 295 if $t->has_module('LibreSSL') |
| 296 && !Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") | |
| 297 && test_tls13(); | |
| 292 | 298 |
| 293 like(`grep -F '[crit]' ${\($t->testdir())}/error.log`, qr/^$/s, 'no crit'); | 299 like(`grep -F '[crit]' ${\($t->testdir())}/error.log`, qr/^$/s, 'no crit'); |
| 294 | 300 |
| 295 } | 301 } |
| 296 | 302 |