Mercurial > hg > nginx-tests
changeset 1216:de7d3e249b35
Tests: switch from DSS to ECDSA in ssl_certificates.t.
All known supported platforms are shipped with OpenSSL version that supports
ECDSA certificates so it's safe for a switch. Besides that, as an additional
demand to switch, LibreSSL removed DSS/DSA support in 2.6.0 and nginx breaks
here with such cert which is covered under try_run() which is still there.
While here, now that DSS is no more, remove henceforth unneeded try_run().
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Thu, 07 Sep 2017 15:09:03 +0300 |
parents | 26884729e06b |
children | 7df2265e61be |
files | ssl_certificates.t |
diffstat | 1 files changed, 7 insertions(+), 11 deletions(-) [+] |
line wrap: on
line diff
--- a/ssl_certificates.t Thu Aug 31 19:09:04 2017 +0300 +++ b/ssl_certificates.t Thu Sep 07 15:09:03 2017 +0300 @@ -41,8 +41,6 @@ http { %%TEST_GLOBALS_HTTP%% - ssl_dhparam dhparam.pem; - ssl_certificate_key rsa.key; ssl_certificate rsa.crt; @@ -50,8 +48,8 @@ listen 127.0.0.1:8080 ssl; server_name localhost; - ssl_certificate_key dsa.key; - ssl_certificate dsa.crt; + ssl_certificate_key ec.key; + ssl_certificate ec.crt; ssl_certificate_key rsa.key; ssl_certificate rsa.crt; @@ -73,14 +71,12 @@ my $d = $t->testdir(); -system("openssl dhparam -dsaparam -out '$d/dhparam.pem' 1024 " - . ">>$d/openssl.out 2>&1") == 0 or die "Can't create DH param: $!\n"; +system("openssl ecparam -genkey -out '$d/ec.key' -name prime256v1 " + . ">>$d/openssl.out 2>&1") == 0 or die "Can't create EC pem: $!\n"; system("openssl genrsa -out '$d/rsa.key' 1024 >>$d/openssl.out 2>&1") == 0 or die "Can't create RSA pem: $!\n"; -system("openssl dsaparam -genkey -out '$d/dsa.key' 1024 >>$d/openssl 2>&1") == 0 - or die "Can't create DSA pem: $!\n"; -foreach my $name ('dsa', 'rsa') { +foreach my $name ('ec', 'rsa') { system("openssl req -x509 -new -key '$d/$name.key' " . "-config '$d/openssl.conf' -subj '/CN=$name/' " . "-out '$d/$name.crt' -keyout '$d/$name.key' " @@ -88,12 +84,12 @@ or die "Can't create certificate for $name: $!\n"; } -$t->try_run('no multiple certificates')->plan(2); +$t->run()->plan(2); ############################################################################### like(get_cert('RSA'), qr/CN=rsa/, 'ssl cert RSA'); -like(get_cert('DSS'), qr/CN=dsa/, 'ssl cert DSA'); +like(get_cert('ECDSA'), qr/CN=ec/, 'ssl cert ECDSA'); ###############################################################################