Mercurial > hg > nginx-tests
comparison ssl_ocsp.t @ 1848:727741cdff74
Tests: fixed ssl_ocsp.t with LibreSSL and TLSv1.3.
LibreSSL does not support session reuse with TLSv1.3.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Thu, 23 Mar 2023 19:50:29 +0300 |
| parents | a9704b9ed7a2 |
| children | 0e1865aa9b33 |
comparison
equal
deleted
inserted
replaced
| 1847:a9704b9ed7a2 | 1848:727741cdff74 |
|---|---|
| 367 like(get('ec-end'), qr/200 OK.*SUCCESS/s, 'ocsp ecdsa'); | 367 like(get('ec-end'), qr/200 OK.*SUCCESS/s, 'ocsp ecdsa'); |
| 368 | 368 |
| 369 my ($s, $ssl) = get('ec-end'); | 369 my ($s, $ssl) = get('ec-end'); |
| 370 my $ses = Net::SSLeay::get_session($ssl); | 370 my $ses = Net::SSLeay::get_session($ssl); |
| 371 | 371 |
| 372 TODO: { | |
| 373 local $TODO = 'no TLSv1.3 sessions in LibreSSL' | |
| 374 if $t->has_module('LibreSSL') and $version > 0x303; | |
| 375 | |
| 372 like(get('ec-end', ses => $ses), | 376 like(get('ec-end', ses => $ses), |
| 373 qr/200 OK.*SUCCESS:r/s, 'session reused'); | 377 qr/200 OK.*SUCCESS:r/s, 'session reused'); |
| 378 | |
| 379 } | |
| 374 | 380 |
| 375 # revoke with saved session | 381 # revoke with saved session |
| 376 | 382 |
| 377 system("openssl ca -config $d/ca.conf -revoke $d/ec-end.crt " | 383 system("openssl ca -config $d/ca.conf -revoke $d/ec-end.crt " |
| 378 . "-keyfile $d/root.key -cert $d/root.crt " | 384 . "-keyfile $d/root.key -cert $d/root.crt " |
| 389 . ">>$d/openssl.out 2>&1") == 0 | 395 . ">>$d/openssl.out 2>&1") == 0 |
| 390 or die "Can't create OCSP response: $!\n"; | 396 or die "Can't create OCSP response: $!\n"; |
| 391 | 397 |
| 392 # reusing session with revoked certificate | 398 # reusing session with revoked certificate |
| 393 | 399 |
| 400 TODO: { | |
| 401 local $TODO = 'no TLSv1.3 sessions in LibreSSL' | |
| 402 if $t->has_module('LibreSSL') and $version > 0x303; | |
| 403 | |
| 394 like(get('ec-end', ses => $ses), | 404 like(get('ec-end', ses => $ses), |
| 395 qr/400 Bad.*FAILED:certificate revoked:r/s, 'session reused - revoked'); | 405 qr/400 Bad.*FAILED:certificate revoked:r/s, 'session reused - revoked'); |
| 406 | |
| 407 } | |
| 396 | 408 |
| 397 # regression test for self-signed | 409 # regression test for self-signed |
| 398 | 410 |
| 399 like(get('root', port => 8447), qr/200 OK.*SUCCESS/s, 'ocsp one'); | 411 like(get('root', port => 8447), qr/200 OK.*SUCCESS/s, 'ocsp one'); |
| 400 | 412 |