Mercurial > hg > nginx-tests

--- a/ssl_verify_client.t
+++ b/ssl_verify_client.t
@@ -55,6 +55,7 @@ http {
     %%TEST_GLOBALS_HTTP%%

     add_header X-Verify x$ssl_client_verify:${ssl_client_cert}x;
+    add_header X-Protocol $ssl_protocol;

     ssl_session_cache shared:SSL:1m;
     ssl_session_tickets off;
@@ -169,15 +170,24 @@ like(get('optional', '3.example.com'), q
 SKIP: {
 skip 'Net::SSLeay version >= 1.36 required', 1 if $Net::SSLeay::VERSION < 1.36;

+TODO: {
+local $TODO = 'broken TLSv1.3 CA list in LibreSSL'
+	if $t->has_module('LibreSSL') && test_tls13();
+
 my $ca = join ' ', get('optional', '3.example.com');
 is($ca, '/CN=2.example.com', 'no trusted sent');

 }
+}

 like(get('optional', undef, 'localhost'), qr/421 Misdirected/, 'misdirected');

 ###############################################################################

+sub test_tls13 {
+	get('optional') =~ /TLSv1.3/;
+}
+
 sub get {
 	my ($sni, $cert, $host) = @_;
--- a/stream_ssl_verify_client.t
+++ b/stream_ssl_verify_client.t
@@ -86,6 +86,11 @@ stream {
         ssl_verify_client optional_no_ca;
         ssl_client_certificate 2.example.com.crt;
     }
+
+    server {
+        listen  127.0.0.1:8084 ssl;
+        return  $ssl_protocol;
+    }
 }

 EOF
@@ -126,10 +131,15 @@ like(get(8082, '3.example.com'), qr/SUCC
 SKIP: {
 skip 'Net::SSLeay version >= 1.36 required', 1 if $Net::SSLeay::VERSION < 1.36;

+TODO: {
+local $TODO = 'broken TLSv1.3 CA list in LibreSSL'
+	if $t->has_module('LibreSSL') && test_tls13();
+
 my $ca = join ' ', get(8082, '3.example.com');
 is($ca, '/CN=2.example.com', 'no trusted sent');

 }
+}

 $t->stop();

@@ -137,6 +147,10 @@ is($t->read_file('status.log'), "500\n20

 ###############################################################################

+sub test_tls13 {
+	get(8084) =~ /TLSv1.3/;
+}
+
 sub get {
 	my ($port, $cert) = @_;