Mercurial > hg > nginx-tests

comparison ssl_verify_client.t @ 1843:818e6d8c43b5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: LibreSSL does not send CA lists with TLSv1.3.
author Maxim Dounin <mdounin@mdounin.ru>
date Thu, 23 Mar 2023 19:50:19 +0300
parents dc89eb420196
children 0e1865aa9b33
comparison
equal deleted inserted replaced
1842:af47a0b348a5 1843:818e6d8c43b5
53 53
54 http { 54 http {
55 %%TEST_GLOBALS_HTTP%% 55 %%TEST_GLOBALS_HTTP%%
56 56
57 add_header X-Verify x$ssl_client_verify:${ssl_client_cert}x; 57 add_header X-Verify x$ssl_client_verify:${ssl_client_cert}x;
58 add_header X-Protocol $ssl_protocol;
58 59
59 ssl_session_cache shared:SSL:1m; 60 ssl_session_cache shared:SSL:1m;
60 ssl_session_tickets off; 61 ssl_session_tickets off;
61 62
62 server { 63 server {
167 like(get('optional', '3.example.com'), qr/SUCCESS.*BEGIN/, 'good cert trusted'); 168 like(get('optional', '3.example.com'), qr/SUCCESS.*BEGIN/, 'good cert trusted');
168 169
169 SKIP: { 170 SKIP: {
170 skip 'Net::SSLeay version >= 1.36 required', 1 if $Net::SSLeay::VERSION < 1.36; 171 skip 'Net::SSLeay version >= 1.36 required', 1 if $Net::SSLeay::VERSION < 1.36;
171 172
173 TODO: {
174 local $TODO = 'broken TLSv1.3 CA list in LibreSSL'
175 if $t->has_module('LibreSSL') && test_tls13();
176
172 my $ca = join ' ', get('optional', '3.example.com'); 177 my $ca = join ' ', get('optional', '3.example.com');
173 is($ca, '/CN=2.example.com', 'no trusted sent'); 178 is($ca, '/CN=2.example.com', 'no trusted sent');
174 179
175 } 180 }
181 }
176 182
177 like(get('optional', undef, 'localhost'), qr/421 Misdirected/, 'misdirected'); 183 like(get('optional', undef, 'localhost'), qr/421 Misdirected/, 'misdirected');
178 184
179 ############################################################################### 185 ###############################################################################
186
187 sub test_tls13 {
188 get('optional') =~ /TLSv1.3/;
189 }
180 190
181 sub get { 191 sub get {
182 my ($sni, $cert, $host) = @_; 192 my ($sni, $cert, $host) = @_;
183 193
184 local $SIG{PIPE} = 'IGNORE'; 194 local $SIG{PIPE} = 'IGNORE';