[nginx-tests] Tests: fixed ssl_certificates.t with LibreSSL client.

[Maxim Dounin]

details:   http://freenginx.org/hg/nginx-tests/rev/05796ad34858
branches:  
changeset: 2015:05796ad34858
user:      Maxim Dounin <mdounin at mdounin.ru>
date:      Sat Jul 19 05:25:17 2025 +0300
description:
Tests: fixed ssl_certificates.t with LibreSSL client.

When Net::SSLeay is built with LibreSSL, it is not possible to control
signature algorithms sent to the server, which results in incorrect
certificate selection with TLSv1.3.  Notably, with LibreSSL on server
an ECDSA certificate is always used, and with OpenSSL an RSA certificate.

Following 2005:00307a7f3cad, TODO in a test expecting an RSA certificate is
no longer used for LibreSSL 4.0.0 and above.  This works with OpenSSL on
the server, but breaks when LibreSSL is used on the server.

Fix is to mark the test as TODO when LibreSSL (any version) is used both
on the server and by the Net::SSLeay library.

diffstat:

 ssl_certificates.t |  4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diffs (14 lines):

diff --git a/ssl_certificates.t b/ssl_certificates.t
--- a/ssl_certificates.t
+++ b/ssl_certificates.t
@@ -99,6 +99,10 @@ local $TODO = 'broken TLSv1.3 sigalgs in
 	if $t->has_module('LibreSSL')
 	&& !$t->has_feature('libressl:4.0.0')
 	&& test_tls13();
+local $TODO = 'no TLSv1.3 sigalgs in Net::SSLeay (LibreSSL)'
+	if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER")
+	&& $t->has_module('LibreSSL')
+	&& test_tls13();
 
 like(cert('RSA'), qr/CN=rsa/, 'ssl cert RSA');