Mercurial > hg > nginx-tests
changeset 1871:1ba5108b6c24
Tests: handled unsupported PSS in sigalgs.
It might happen that TLSv1.3 is disabled and PSS isn't supported as seen on
Amazon Linux (LTS). Now setting sigalgs is retried without PSS on failure.
Patch by Maxim Dounin.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 23 May 2023 16:30:02 +0400 |
parents | 884e898b9fe7 |
children | 7a27a4e4fdae |
files | ssl_certificates.t ssl_stapling.t |
diffstat | 2 files changed, 8 insertions(+), 6 deletions(-) [+] |
line wrap: on
line diff
--- a/ssl_certificates.t Tue May 23 16:30:01 2023 +0400 +++ b/ssl_certificates.t Tue May 23 16:30:02 2023 +0400 @@ -120,10 +120,11 @@ return unless defined $type; my $ssleay = Net::SSLeay::SSLeay(); return if ($ssleay < 0x1000200f || $ssleay == 0x20000000); - my $sigalgs = 'RSA+SHA256:PSS+SHA256'; - $sigalgs = $type . '+SHA256' unless $type eq 'RSA'; + my @sigalgs = ('RSA+SHA256:PSS+SHA256', 'RSA+SHA256'); + @sigalgs = ($type . '+SHA256') unless $type eq 'RSA'; # SSL_CTRL_SET_SIGALGS_LIST - Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs) + Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs[0]) + or Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs[1]) or die("Failed to set sigalgs"); };
--- a/ssl_stapling.t Tue May 23 16:30:01 2023 +0400 +++ b/ssl_stapling.t Tue May 23 16:30:02 2023 +0400 @@ -321,10 +321,11 @@ return unless defined $ciphers; my $ssleay = Net::SSLeay::SSLeay(); return if ($ssleay < 0x1000200f || $ssleay == 0x20000000); - my $sigalgs = 'RSA+SHA256:PSS+SHA256'; - $sigalgs = $ciphers . '+SHA256' unless $ciphers eq 'RSA'; + my @sigalgs = ('RSA+SHA256:PSS+SHA256', 'RSA+SHA256'); + @sigalgs = ($ciphers . '+SHA256') unless $ciphers eq 'RSA'; # SSL_CTRL_SET_SIGALGS_LIST - Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs) + Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs[0]) + or Net::SSLeay::CTX_ctrl($ctx, 98, 0, $sigalgs[1]) or die("Failed to set sigalgs"); };