# HG changeset patch
# User Maxim Dounin <mdounin@mdounin.ru>
# Date 1679590217 -10800
# Node ID af47a0b348a5e9bd71ac9078692894b196627828
# Parent  db6fd9184fa097c67006fe726d922731e4acc1de
Tests: LibreSSL certificate negotiation with TLSv1.3.

LibreSSL fails to negotiate certificates based on signature algorithms
when using TLSv1.3, and fails with "missing rsa certificate" and
"unknown pkey type" errors.

diff --git a/ssl_stapling.t b/ssl_stapling.t
--- a/ssl_stapling.t
+++ b/ssl_stapling.t
@@ -38,7 +38,7 @@ my $t = Test::Nginx->new()->has(qw/http 
 
 plan(skip_all => 'no OCSP stapling') if $t->has_module('BoringSSL');
 
-$t->plan(9)->write_file_expand('nginx.conf', <<'EOF');
+$t->plan(10)->write_file_expand('nginx.conf', <<'EOF');
 
 %%TEST_GLOBALS%%
 
@@ -259,11 +259,25 @@ staple(8449, 'ECDSA');
 sleep 1;
 
 ok(!staple(8443, 'RSA'), 'staple revoked');
+
+TODO: {
+local $TODO = 'broken TLSv1.3 sigalgs in LibreSSL'
+	if $t->has_module('LibreSSL') && $version > 0x303;
+
 ok(staple(8443, 'ECDSA'), 'staple success');
 
+}
+
 ok(!staple(8444, 'RSA'), 'responder revoked');
+
+TODO: {
+local $TODO = 'broken TLSv1.3 sigalgs in LibreSSL'
+	if $t->has_module('LibreSSL') && $version > 0x303;
+
 ok(staple(8444, 'ECDSA'), 'responder success');
 
+}
+
 ok(!staple(8445, 'ECDSA'), 'verify - root not trusted');
 
 ok(staple(8446, 'ECDSA', "$d/int.crt"), 'cert store');
@@ -273,6 +287,14 @@ is(staple(8448, 'ECDSA'), '1 0', 'file s
 
 ok(!staple(8449, 'ECDSA'), 'ocsp error');
 
+TODO: {
+local $TODO = 'broken TLSv1.3 sigalgs in LibreSSL'
+	if $t->has_module('LibreSSL') && $version > 0x303;
+
+like(`grep -F '[crit]' ${\($t->testdir())}/error.log`, qr/^$/s, 'no crit');
+
+}
+
 ###############################################################################
 
 sub staple {