Mercurial > hg > nginx-tests

changeset 1842:af47a0b348a5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: LibreSSL certificate negotiation with TLSv1.3. LibreSSL fails to negotiate certificates based on signature algorithms when using TLSv1.3, and fails with "missing rsa certificate" and "unknown pkey type" errors.
author Maxim Dounin <mdounin@mdounin.ru>
date Thu, 23 Mar 2023 19:50:17 +0300
parents db6fd9184fa0
children 818e6d8c43b5
files ssl_stapling.t
diffstat 1 files changed, 23 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/ssl_stapling.t
+++ b/ssl_stapling.t
@@ -38,7 +38,7 @@ my $t = Test::Nginx->new()->has(qw/http 
 
 plan(skip_all => 'no OCSP stapling') if $t->has_module('BoringSSL');
 
-$t->plan(9)->write_file_expand('nginx.conf', <<'EOF');
+$t->plan(10)->write_file_expand('nginx.conf', <<'EOF');
 
 %%TEST_GLOBALS%%
 
@@ -259,11 +259,25 @@ staple(8449, 'ECDSA');
 sleep 1;
 
 ok(!staple(8443, 'RSA'), 'staple revoked');
+
+TODO: {
+local $TODO = 'broken TLSv1.3 sigalgs in LibreSSL'
+	if $t->has_module('LibreSSL') && $version > 0x303;
+
 ok(staple(8443, 'ECDSA'), 'staple success');
 
+}
+
 ok(!staple(8444, 'RSA'), 'responder revoked');
+
+TODO: {
+local $TODO = 'broken TLSv1.3 sigalgs in LibreSSL'
+	if $t->has_module('LibreSSL') && $version > 0x303;
+
 ok(staple(8444, 'ECDSA'), 'responder success');
 
+}
+
 ok(!staple(8445, 'ECDSA'), 'verify - root not trusted');
 
 ok(staple(8446, 'ECDSA', "$d/int.crt"), 'cert store');
@@ -273,6 +287,14 @@ is(staple(8448, 'ECDSA'), '1 0', 'file s
 
 ok(!staple(8449, 'ECDSA'), 'ocsp error');
 
+TODO: {
+local $TODO = 'broken TLSv1.3 sigalgs in LibreSSL'
+	if $t->has_module('LibreSSL') && $version > 0x303;
+
+like(`grep -F '[crit]' ${\($t->testdir())}/error.log`, qr/^$/s, 'no crit');
+
+}
+
 ###############################################################################
 
 sub staple {