[PATCH 5 of 5] Tests: CA list handling with Net::SSLeay with LibreSSL
Maxim Dounin
mdounin at mdounin.ru
Wed May 1 01:01:51 UTC 2024
# HG changeset patch
# User Maxim Dounin <mdounin at mdounin.ru>
# Date 1714514801 -10800
# Wed May 01 01:06:41 2024 +0300
# Node ID 3b779799abd153ebcc791be66604c50494b55c6c
# Parent c271d34326938c0948edac4061a2290922200188
Tests: CA list handling with Net::SSLeay with LibreSSL.
LibreSSL is not able to work with CA lists (certificate_authorities extension)
when using TLSv1.3. As such, relevant tests fail if Net::SSLeay is compiled
with LibreSSL. Notably, this affects macOS, where Net::SSLeay compiled
with LibreSSL is shipped with the OS.
Fix is to mark relevant tests as TODO if Net:SSLeay is compiled with
LibreSSL, similarly to what we already do for TLSv1.3 CA list issues in
LibreSSL on the server side.
diff --git a/ssl_verify_client.t b/ssl_verify_client.t
--- a/ssl_verify_client.t
+++ b/ssl_verify_client.t
@@ -158,6 +158,8 @@ skip 'Net::SSLeay version >= 1.36 requir
TODO: {
local $TODO = 'broken TLSv1.3 CA list in LibreSSL'
if $t->has_module('LibreSSL') && test_tls13();
+local $TODO = 'no TLSv1.3 CA list in Net::SSLeay (LibreSSL)'
+ if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13();
my $ca = join ' ', get('optional', '3.example.com');
is($ca, '/CN=2.example.com', 'no trusted sent');
diff --git a/stream_ssl_verify_client.t b/stream_ssl_verify_client.t
--- a/stream_ssl_verify_client.t
+++ b/stream_ssl_verify_client.t
@@ -126,6 +126,8 @@ skip 'Net::SSLeay version >= 1.36 requir
TODO: {
local $TODO = 'broken TLSv1.3 CA list in LibreSSL'
if $t->has_module('LibreSSL') && test_tls13();
+local $TODO = 'no TLSv1.3 CA list in Net::SSLeay (LibreSSL)'
+ if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13();
my $ca = join ' ', get(8082, '3.example.com');
is($ca, '/CN=2.example.com', 'no trusted sent');
More information about the nginx-devel
mailing list