# HG changeset patch # User Maxim Dounin # Date 1714942921 -10800 # Node ID b72a8c4a1bef38349eb20662e521a7d330f388f9 # Parent 0a93f101925aa009f06258524e03c0235d00d51e Tests: CA list handling with Net::SSLeay with LibreSSL. LibreSSL is not able to work with CA lists (certificate_authorities extension) when using TLSv1.3. As such, relevant tests fail if Net::SSLeay is compiled with LibreSSL. Notably, this affects macOS, where Net::SSLeay compiled with LibreSSL is shipped with the OS. Fix is to mark relevant tests as TODO if Net:SSLeay is compiled with LibreSSL, similarly to what we already do for TLSv1.3 CA list issues in LibreSSL on the server side. diff --git a/ssl_verify_client.t b/ssl_verify_client.t --- a/ssl_verify_client.t +++ b/ssl_verify_client.t @@ -158,6 +158,8 @@ skip 'Net::SSLeay version >= 1.36 requir TODO: { local $TODO = 'broken TLSv1.3 CA list in LibreSSL' if $t->has_module('LibreSSL') && test_tls13(); +local $TODO = 'no TLSv1.3 CA list in Net::SSLeay (LibreSSL)' + if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13(); my $ca = join ' ', get('optional', '3.example.com'); is($ca, '/CN=2.example.com', 'no trusted sent'); diff --git a/stream_ssl_verify_client.t b/stream_ssl_verify_client.t --- a/stream_ssl_verify_client.t +++ b/stream_ssl_verify_client.t @@ -126,6 +126,8 @@ skip 'Net::SSLeay version >= 1.36 requir TODO: { local $TODO = 'broken TLSv1.3 CA list in LibreSSL' if $t->has_module('LibreSSL') && test_tls13(); +local $TODO = 'no TLSv1.3 CA list in Net::SSLeay (LibreSSL)' + if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13(); my $ca = join ' ', get(8082, '3.example.com'); is($ca, '/CN=2.example.com', 'no trusted sent');