Mercurial > hg > nginx-tests
comparison ssl_certificates.t @ 1871:1ba5108b6c24
Tests: handled unsupported PSS in sigalgs.
It might happen that TLSv1.3 is disabled and PSS isn't supported as seen on
Amazon Linux (LTS). Now setting sigalgs is retried without PSS on failure.
Patch by Maxim Dounin.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Tue, 23 May 2023 16:30:02 +0400 |
| parents | 0e1865aa9b33 |
| children | 0a93f101925a |
comparison
equal
deleted
inserted
replaced
| 1870:884e898b9fe7 | 1871:1ba5108b6c24 |
|---|---|
| 118 my $ctx_cb = sub { | 118 my $ctx_cb = sub { |
| 119 my $ctx = shift; | 119 my $ctx = shift; |
| 120 return unless defined $type; | 120 return unless defined $type; |
| 121 my $ssleay = Net::SSLeay::SSLeay(); | 121 my $ssleay = Net::SSLeay::SSLeay(); |
| 122 return if ($ssleay < 0x1000200f || $ssleay == 0x20000000); | 122 return if ($ssleay < 0x1000200f || $ssleay == 0x20000000); |
| 123 my $sigalgs = 'RSA+SHA256:PSS+SHA256'; | 123 my @sigalgs = ('RSA+SHA256:PSS+SHA256', 'RSA+SHA256'); |
| 124 $sigalgs = $type . '+SHA256' unless $type eq 'RSA'; | 124 @sigalgs = ($type . '+SHA256') unless $type eq 'RSA'; |
| 125 # SSL_CTRL_SET_SIGALGS_LIST | 125 # SSL_CTRL_SET_SIGALGS_LIST |
| 126 Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs) | 126 Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs[0]) |
| 127 or Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs[1]) | |
| 127 or die("Failed to set sigalgs"); | 128 or die("Failed to set sigalgs"); |
| 128 }; | 129 }; |
| 129 | 130 |
| 130 return http_get( | 131 return http_get( |
| 131 '/', start => 1, | 132 '/', start => 1, |