Mercurial > hg > nginx-tests
changeset 1842:af47a0b348a5
Tests: LibreSSL certificate negotiation with TLSv1.3.
LibreSSL fails to negotiate certificates based on signature algorithms
when using TLSv1.3, and fails with "missing rsa certificate" and
"unknown pkey type" errors.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 23 Mar 2023 19:50:17 +0300 |
parents | db6fd9184fa0 |
children | 818e6d8c43b5 |
files | ssl_stapling.t |
diffstat | 1 files changed, 23 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/ssl_stapling.t Thu Mar 23 19:50:15 2023 +0300 +++ b/ssl_stapling.t Thu Mar 23 19:50:17 2023 +0300 @@ -38,7 +38,7 @@ plan(skip_all => 'no OCSP stapling') if $t->has_module('BoringSSL'); -$t->plan(9)->write_file_expand('nginx.conf', <<'EOF'); +$t->plan(10)->write_file_expand('nginx.conf', <<'EOF'); %%TEST_GLOBALS%% @@ -259,11 +259,25 @@ sleep 1; ok(!staple(8443, 'RSA'), 'staple revoked'); + +TODO: { +local $TODO = 'broken TLSv1.3 sigalgs in LibreSSL' + if $t->has_module('LibreSSL') && $version > 0x303; + ok(staple(8443, 'ECDSA'), 'staple success'); +} + ok(!staple(8444, 'RSA'), 'responder revoked'); + +TODO: { +local $TODO = 'broken TLSv1.3 sigalgs in LibreSSL' + if $t->has_module('LibreSSL') && $version > 0x303; + ok(staple(8444, 'ECDSA'), 'responder success'); +} + ok(!staple(8445, 'ECDSA'), 'verify - root not trusted'); ok(staple(8446, 'ECDSA', "$d/int.crt"), 'cert store'); @@ -273,6 +287,14 @@ ok(!staple(8449, 'ECDSA'), 'ocsp error'); +TODO: { +local $TODO = 'broken TLSv1.3 sigalgs in LibreSSL' + if $t->has_module('LibreSSL') && $version > 0x303; + +like(`grep -F '[crit]' ${\($t->testdir())}/error.log`, qr/^$/s, 'no crit'); + +} + ############################################################################### sub staple {