Mercurial > hg > nginx-tests
comparison ssl_stapling.t @ 1871:1ba5108b6c24
Tests: handled unsupported PSS in sigalgs.
It might happen that TLSv1.3 is disabled and PSS isn't supported as seen on
Amazon Linux (LTS). Now setting sigalgs is retried without PSS on failure.
Patch by Maxim Dounin.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Tue, 23 May 2023 16:30:02 +0400 |
| parents | 231b14e2041a |
| children | 0b5ec15c62ed |
comparison
equal
deleted
inserted
replaced
| 1870:884e898b9fe7 | 1871:1ba5108b6c24 |
|---|---|
| 319 my $ctx_cb = sub { | 319 my $ctx_cb = sub { |
| 320 my $ctx = shift; | 320 my $ctx = shift; |
| 321 return unless defined $ciphers; | 321 return unless defined $ciphers; |
| 322 my $ssleay = Net::SSLeay::SSLeay(); | 322 my $ssleay = Net::SSLeay::SSLeay(); |
| 323 return if ($ssleay < 0x1000200f || $ssleay == 0x20000000); | 323 return if ($ssleay < 0x1000200f || $ssleay == 0x20000000); |
| 324 my $sigalgs = 'RSA+SHA256:PSS+SHA256'; | 324 my @sigalgs = ('RSA+SHA256:PSS+SHA256', 'RSA+SHA256'); |
| 325 $sigalgs = $ciphers . '+SHA256' unless $ciphers eq 'RSA'; | 325 @sigalgs = ($ciphers . '+SHA256') unless $ciphers eq 'RSA'; |
| 326 # SSL_CTRL_SET_SIGALGS_LIST | 326 # SSL_CTRL_SET_SIGALGS_LIST |
| 327 Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs) | 327 Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs[0]) |
| 328 or Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs[1]) | |
| 328 or die("Failed to set sigalgs"); | 329 or die("Failed to set sigalgs"); |
| 329 }; | 330 }; |
| 330 | 331 |
| 331 my $s = http_get( | 332 my $s = http_get( |
| 332 '/', start => 1, PeerAddr => '127.0.0.1:' . port($port), | 333 '/', start => 1, PeerAddr => '127.0.0.1:' . port($port), |