Mercurial > hg > nginx-tests
diff ssl_stapling.t @ 1871:1ba5108b6c24
Tests: handled unsupported PSS in sigalgs.
It might happen that TLSv1.3 is disabled and PSS isn't supported as seen on
Amazon Linux (LTS). Now setting sigalgs is retried without PSS on failure.
Patch by Maxim Dounin.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 23 May 2023 16:30:02 +0400 |
parents | 231b14e2041a |
children | 0b5ec15c62ed |
line wrap: on
line diff
--- a/ssl_stapling.t Tue May 23 16:30:01 2023 +0400 +++ b/ssl_stapling.t Tue May 23 16:30:02 2023 +0400 @@ -321,10 +321,11 @@ return unless defined $ciphers; my $ssleay = Net::SSLeay::SSLeay(); return if ($ssleay < 0x1000200f || $ssleay == 0x20000000); - my $sigalgs = 'RSA+SHA256:PSS+SHA256'; - $sigalgs = $ciphers . '+SHA256' unless $ciphers eq 'RSA'; + my @sigalgs = ('RSA+SHA256:PSS+SHA256', 'RSA+SHA256'); + @sigalgs = ($ciphers . '+SHA256') unless $ciphers eq 'RSA'; # SSL_CTRL_SET_SIGALGS_LIST - Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs) + Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs[0]) + or Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs[1]) or die("Failed to set sigalgs"); };