# HG changeset patch
# User Maxim Dounin <mdou...@mdounin.ru>
# Date 1714527830 -10800
# Wed May 01 04:43:50 2024 +0300
# Node ID aaba4e48aa7d327e49dee8cca02cd1a7b9b6e0c3
# Parent c20055d3b8275fbc29f872ba8059d7b625be78c5
Tests: guarded ssl_stapling.t for old OpenSSL versions.
Stapling requires the certificate status TLS extension. It is implemented
in OpenSSL 0.9.8h and available if TLS extensions support is explicitly
configured, and by default since 0.9.8j.
To properly test if stapling is available, OpenSSL version is checked,
and SNI availability is checked to ensure TLS extensions support is
compiled in.
diff --git a/ssl_stapling.t b/ssl_stapling.t
--- a/ssl_stapling.t
+++ b/ssl_stapling.t
@@ -32,7 +32,12 @@ plan(skip_all => 'Net::SSLeay too old')
eval { defined &IO::Socket::SSL::SSL_OCSP_TRY_STAPLE or die; };
plan(skip_all => 'IO::Socket::SSL too old') if $@;
-plan(skip_all => 'no OCSP stapling') if $t->has_module('BoringSSL');
+plan(skip_all => 'no OCSP stapling')
+ if $t->has_module('BoringSSL');
+plan(skip_all => 'no OCSP stapling')
+ if $t->has_module('OpenSSL') and not $t->has_feature('openssl:0.9.8h');
+plan(skip_all => 'no OCSP stapling')
+ if not $t->has_module('sni');
$t->plan(10)->write_file_expand('nginx.conf', <<'EOF');
--
nginx-devel mailing list
nginx-devel@freenginx.org
https://freenginx.org/mailman/listinfo/nginx-devel
