Mercurial > hg > nginx-tests
comparison ssl_ocsp.t @ 1848:727741cdff74
Tests: fixed ssl_ocsp.t with LibreSSL and TLSv1.3.
LibreSSL does not support session reuse with TLSv1.3.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 23 Mar 2023 19:50:29 +0300 |
parents | a9704b9ed7a2 |
children | 0e1865aa9b33 |
comparison
equal
deleted
inserted
replaced
1847:a9704b9ed7a2 | 1848:727741cdff74 |
---|---|
367 like(get('ec-end'), qr/200 OK.*SUCCESS/s, 'ocsp ecdsa'); | 367 like(get('ec-end'), qr/200 OK.*SUCCESS/s, 'ocsp ecdsa'); |
368 | 368 |
369 my ($s, $ssl) = get('ec-end'); | 369 my ($s, $ssl) = get('ec-end'); |
370 my $ses = Net::SSLeay::get_session($ssl); | 370 my $ses = Net::SSLeay::get_session($ssl); |
371 | 371 |
372 TODO: { | |
373 local $TODO = 'no TLSv1.3 sessions in LibreSSL' | |
374 if $t->has_module('LibreSSL') and $version > 0x303; | |
375 | |
372 like(get('ec-end', ses => $ses), | 376 like(get('ec-end', ses => $ses), |
373 qr/200 OK.*SUCCESS:r/s, 'session reused'); | 377 qr/200 OK.*SUCCESS:r/s, 'session reused'); |
378 | |
379 } | |
374 | 380 |
375 # revoke with saved session | 381 # revoke with saved session |
376 | 382 |
377 system("openssl ca -config $d/ca.conf -revoke $d/ec-end.crt " | 383 system("openssl ca -config $d/ca.conf -revoke $d/ec-end.crt " |
378 . "-keyfile $d/root.key -cert $d/root.crt " | 384 . "-keyfile $d/root.key -cert $d/root.crt " |
389 . ">>$d/openssl.out 2>&1") == 0 | 395 . ">>$d/openssl.out 2>&1") == 0 |
390 or die "Can't create OCSP response: $!\n"; | 396 or die "Can't create OCSP response: $!\n"; |
391 | 397 |
392 # reusing session with revoked certificate | 398 # reusing session with revoked certificate |
393 | 399 |
400 TODO: { | |
401 local $TODO = 'no TLSv1.3 sessions in LibreSSL' | |
402 if $t->has_module('LibreSSL') and $version > 0x303; | |
403 | |
394 like(get('ec-end', ses => $ses), | 404 like(get('ec-end', ses => $ses), |
395 qr/400 Bad.*FAILED:certificate revoked:r/s, 'session reused - revoked'); | 405 qr/400 Bad.*FAILED:certificate revoked:r/s, 'session reused - revoked'); |
406 | |
407 } | |
396 | 408 |
397 # regression test for self-signed | 409 # regression test for self-signed |
398 | 410 |
399 like(get('root', port => 8447), qr/200 OK.*SUCCESS/s, 'ocsp one'); | 411 like(get('root', port => 8447), qr/200 OK.*SUCCESS/s, 'ocsp one'); |
400 | 412 |