Mercurial > hg > nginx-tests
diff ssl_certificates.t @ 1967:0a93f101925a
Tests: sigalgs handling with Net::SSLeay with LibreSSL.
LibreSSL does not provide a way to configure signature algorithms, and
this makes it impossible to request a particular server certificate
when using TLSv1.3. As such, relevant tests fail if Net::SSLeay is compiled
with LibreSSL. Notably, this affects macOS, where Net::SSLeay compiled
with LibreSSL is shipped with the OS.
Fix is to mark relevant tests as TODO if Net:SSLeay is compiled with
LibreSSL, similarly to what we already do for sigalg issues in LibreSSL
on the server side.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 06 May 2024 00:01:53 +0300 |
parents | 1ba5108b6c24 |
children | 94e0390dc64f |
line wrap: on
line diff
--- a/ssl_certificates.t Mon May 06 00:01:46 2024 +0300 +++ b/ssl_certificates.t Mon May 06 00:01:53 2024 +0300 @@ -99,8 +99,16 @@ } +TODO: { +local $TODO = 'no TLSv1.3 sigalgs in Net::SSLeay (LibreSSL)' + if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") + && !$t->has_module('LibreSSL') + && test_tls13(); + like(cert('ECDSA'), qr/CN=ec/, 'ssl cert ECDSA'); +} + ############################################################################### sub test_tls13 {