Tests: guarded ssl_certificates.t for old OpenSSL versions. The ssl_certificates.t test uses ECDSA ciphers, which are only available starting with OpenSSL 0.9.8b. In previous versions, notably in OpenSSL 0.9.8 and 0.9.8a, only non-standard example ciphers where available, which cannot be used with any other clients. The same applies to ssl_stapling.t, but it also requires the certificate status TLS extension, which is only available since OpenSSL 0.9.8h, and therefore no additional checks are needed.

--- a/ssl_certificates.t
+++ b/ssl_certificates.t
@@ -25,7 +25,10 @@ select STDOUT; $| = 1;
 my $t = Test::Nginx->new()->has(qw/http http_ssl socket_ssl/)
 	->has_daemon('openssl');
 
-plan(skip_all => 'no multiple certificates') if $t->has_module('BoringSSL');
+plan(skip_all => 'no multiple certificates')
+	if $t->has_module('BoringSSL');
+plan(skip_all => 'no ECDSA support')
+	if $t->has_module('OpenSSL') and not $t->has_feature('openssl:0.9.8b');
 
 $t->write_file_expand('nginx.conf', <<'EOF');