Mercurial > hg > nginx-tests
changeset 1843:818e6d8c43b5
Tests: LibreSSL does not send CA lists with TLSv1.3.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 23 Mar 2023 19:50:19 +0300 |
parents | af47a0b348a5 |
children | 6705a3760f48 |
files | ssl_verify_client.t stream_ssl_verify_client.t |
diffstat | 2 files changed, 24 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/ssl_verify_client.t Thu Mar 23 19:50:17 2023 +0300 +++ b/ssl_verify_client.t Thu Mar 23 19:50:19 2023 +0300 @@ -55,6 +55,7 @@ %%TEST_GLOBALS_HTTP%% add_header X-Verify x$ssl_client_verify:${ssl_client_cert}x; + add_header X-Protocol $ssl_protocol; ssl_session_cache shared:SSL:1m; ssl_session_tickets off; @@ -169,15 +170,24 @@ SKIP: { skip 'Net::SSLeay version >= 1.36 required', 1 if $Net::SSLeay::VERSION < 1.36; +TODO: { +local $TODO = 'broken TLSv1.3 CA list in LibreSSL' + if $t->has_module('LibreSSL') && test_tls13(); + my $ca = join ' ', get('optional', '3.example.com'); is($ca, '/CN=2.example.com', 'no trusted sent'); } +} like(get('optional', undef, 'localhost'), qr/421 Misdirected/, 'misdirected'); ############################################################################### +sub test_tls13 { + get('optional') =~ /TLSv1.3/; +} + sub get { my ($sni, $cert, $host) = @_;
--- a/stream_ssl_verify_client.t Thu Mar 23 19:50:17 2023 +0300 +++ b/stream_ssl_verify_client.t Thu Mar 23 19:50:19 2023 +0300 @@ -86,6 +86,11 @@ ssl_verify_client optional_no_ca; ssl_client_certificate 2.example.com.crt; } + + server { + listen 127.0.0.1:8084 ssl; + return $ssl_protocol; + } } EOF @@ -126,10 +131,15 @@ SKIP: { skip 'Net::SSLeay version >= 1.36 required', 1 if $Net::SSLeay::VERSION < 1.36; +TODO: { +local $TODO = 'broken TLSv1.3 CA list in LibreSSL' + if $t->has_module('LibreSSL') && test_tls13(); + my $ca = join ' ', get(8082, '3.example.com'); is($ca, '/CN=2.example.com', 'no trusted sent'); } +} $t->stop(); @@ -137,6 +147,10 @@ ############################################################################### +sub test_tls13 { + get(8084) =~ /TLSv1.3/; +} + sub get { my ($port, $cert) = @_;