Mercurial > hg > nginx-tests
changeset 1968:b72a8c4a1bef
Tests: CA list handling with Net::SSLeay with LibreSSL.
LibreSSL is not able to work with CA lists (certificate_authorities extension)
when using TLSv1.3. As such, relevant tests fail if Net::SSLeay is compiled
with LibreSSL. Notably, this affects macOS, where Net::SSLeay compiled
with LibreSSL is shipped with the OS.
Fix is to mark relevant tests as TODO if Net:SSLeay is compiled with
LibreSSL, similarly to what we already do for TLSv1.3 CA list issues in
LibreSSL on the server side.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 06 May 2024 00:02:01 +0300 |
parents | 0a93f101925a |
children | 3ba1668cea87 |
files | ssl_verify_client.t stream_ssl_verify_client.t |
diffstat | 2 files changed, 4 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/ssl_verify_client.t Mon May 06 00:01:53 2024 +0300 +++ b/ssl_verify_client.t Mon May 06 00:02:01 2024 +0300 @@ -158,6 +158,8 @@ TODO: { local $TODO = 'broken TLSv1.3 CA list in LibreSSL' if $t->has_module('LibreSSL') && test_tls13(); +local $TODO = 'no TLSv1.3 CA list in Net::SSLeay (LibreSSL)' + if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13(); my $ca = join ' ', get('optional', '3.example.com'); is($ca, '/CN=2.example.com', 'no trusted sent');
--- a/stream_ssl_verify_client.t Mon May 06 00:01:53 2024 +0300 +++ b/stream_ssl_verify_client.t Mon May 06 00:02:01 2024 +0300 @@ -126,6 +126,8 @@ TODO: { local $TODO = 'broken TLSv1.3 CA list in LibreSSL' if $t->has_module('LibreSSL') && test_tls13(); +local $TODO = 'no TLSv1.3 CA list in Net::SSLeay (LibreSSL)' + if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13(); my $ca = join ' ', get(8082, '3.example.com'); is($ca, '/CN=2.example.com', 'no trusted sent');