[PATCH 4 of 5] Tests: guarded ssl_stapling.t for old OpenSSL versions
Maxim Dounin
mdounin at mdounin.ru
Wed May 1 01:53:10 UTC 2024
# HG changeset patch
# User Maxim Dounin <mdounin at mdounin.ru>
# Date 1714527830 -10800
# Wed May 01 04:43:50 2024 +0300
# Node ID aaba4e48aa7d327e49dee8cca02cd1a7b9b6e0c3
# Parent c20055d3b8275fbc29f872ba8059d7b625be78c5
Tests: guarded ssl_stapling.t for old OpenSSL versions.
Stapling requires the certificate status TLS extension. It is implemented
in OpenSSL 0.9.8h and available if TLS extensions support is explicitly
configured, and by default since 0.9.8j.
To properly test if stapling is available, OpenSSL version is checked,
and SNI availability is checked to ensure TLS extensions support is
compiled in.
diff --git a/ssl_stapling.t b/ssl_stapling.t
--- a/ssl_stapling.t
+++ b/ssl_stapling.t
@@ -32,7 +32,12 @@ plan(skip_all => 'Net::SSLeay too old')
eval { defined &IO::Socket::SSL::SSL_OCSP_TRY_STAPLE or die; };
plan(skip_all => 'IO::Socket::SSL too old') if $@;
-plan(skip_all => 'no OCSP stapling') if $t->has_module('BoringSSL');
+plan(skip_all => 'no OCSP stapling')
+ if $t->has_module('BoringSSL');
+plan(skip_all => 'no OCSP stapling')
+ if $t->has_module('OpenSSL') and not $t->has_feature('openssl:0.9.8h');
+plan(skip_all => 'no OCSP stapling')
+ if not $t->has_module('sni');
$t->plan(10)->write_file_expand('nginx.conf', <<'EOF');
More information about the nginx-devel
mailing list