# HG changeset patch # User Sergey Kandaurov # Date 1684845002 -14400 # Node ID 1ba5108b6c2479b4b91097334713ba2de7df94dd # Parent 884e898b9fe75ae287ddf47469d7d38933393c44 Tests: handled unsupported PSS in sigalgs. It might happen that TLSv1.3 is disabled and PSS isn't supported as seen on Amazon Linux (LTS). Now setting sigalgs is retried without PSS on failure. Patch by Maxim Dounin. diff --git a/ssl_certificates.t b/ssl_certificates.t --- a/ssl_certificates.t +++ b/ssl_certificates.t @@ -120,10 +120,11 @@ sub get_socket { return unless defined $type; my $ssleay = Net::SSLeay::SSLeay(); return if ($ssleay < 0x1000200f || $ssleay == 0x20000000); - my $sigalgs = 'RSA+SHA256:PSS+SHA256'; - $sigalgs = $type . '+SHA256' unless $type eq 'RSA'; + my @sigalgs = ('RSA+SHA256:PSS+SHA256', 'RSA+SHA256'); + @sigalgs = ($type . '+SHA256') unless $type eq 'RSA'; # SSL_CTRL_SET_SIGALGS_LIST - Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs) + Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs[0]) + or Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs[1]) or die("Failed to set sigalgs"); }; diff --git a/ssl_stapling.t b/ssl_stapling.t --- a/ssl_stapling.t +++ b/ssl_stapling.t @@ -321,10 +321,11 @@ sub staple { return unless defined $ciphers; my $ssleay = Net::SSLeay::SSLeay(); return if ($ssleay < 0x1000200f || $ssleay == 0x20000000); - my $sigalgs = 'RSA+SHA256:PSS+SHA256'; - $sigalgs = $ciphers . '+SHA256' unless $ciphers eq 'RSA'; + my @sigalgs = ('RSA+SHA256:PSS+SHA256', 'RSA+SHA256'); + @sigalgs = ($ciphers . '+SHA256') unless $ciphers eq 'RSA'; # SSL_CTRL_SET_SIGALGS_LIST - Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs) + Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs[0]) + or Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs[1]) or die("Failed to set sigalgs"); };