Mercurial > hg > nginx-tests

diff ssl_stapling.t @ 1842:af47a0b348a5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: LibreSSL certificate negotiation with TLSv1.3. LibreSSL fails to negotiate certificates based on signature algorithms when using TLSv1.3, and fails with "missing rsa certificate" and "unknown pkey type" errors.
author Maxim Dounin <mdounin@mdounin.ru>
date Thu, 23 Mar 2023 19:50:17 +0300
parents 2d371452658c
children 0e1865aa9b33
line wrap: on
line diff
--- a/ssl_stapling.t
+++ b/ssl_stapling.t
@@ -38,7 +38,7 @@ my $t = Test::Nginx->new()->has(qw/http 
 
 plan(skip_all => 'no OCSP stapling') if $t->has_module('BoringSSL');
 
-$t->plan(9)->write_file_expand('nginx.conf', <<'EOF');
+$t->plan(10)->write_file_expand('nginx.conf', <<'EOF');
 
 %%TEST_GLOBALS%%
 
@@ -259,11 +259,25 @@ staple(8449, 'ECDSA');
 sleep 1;
 
 ok(!staple(8443, 'RSA'), 'staple revoked');
+
+TODO: {
+local $TODO = 'broken TLSv1.3 sigalgs in LibreSSL'
+	if $t->has_module('LibreSSL') && $version > 0x303;
+
 ok(staple(8443, 'ECDSA'), 'staple success');
 
+}
+
 ok(!staple(8444, 'RSA'), 'responder revoked');
+
+TODO: {
+local $TODO = 'broken TLSv1.3 sigalgs in LibreSSL'
+	if $t->has_module('LibreSSL') && $version > 0x303;
+
 ok(staple(8444, 'ECDSA'), 'responder success');
 
+}
+
 ok(!staple(8445, 'ECDSA'), 'verify - root not trusted');
 
 ok(staple(8446, 'ECDSA', "$d/int.crt"), 'cert store');
@@ -273,6 +287,14 @@ is(staple(8448, 'ECDSA'), '1 0', 'file s
 
 ok(!staple(8449, 'ECDSA'), 'ocsp error');
 
+TODO: {
+local $TODO = 'broken TLSv1.3 sigalgs in LibreSSL'
+	if $t->has_module('LibreSSL') && $version > 0x303;
+
+like(`grep -F '[crit]' ${\($t->testdir())}/error.log`, qr/^$/s, 'no crit');
+
+}
+
 ###############################################################################
 
 sub staple {