# HG changeset patch # User Maxim Dounin <mdou...@mdounin.ru> # Date 1741398262 -10800 # Sat Mar 08 04:44:22 2025 +0300 # Node ID 00307a7f3cadcc3a1eb4f9446e779e8a093657c4 # Parent a84cf984d25e61f759ebabe5f7fabb79d3653ac2 Tests: adjusted TODOs for LibreSSL 4.0.0.
Issue with signature algorithms in TLSv1.3 is fixed in LibreSSL 4.0.0 (https://github.com/libressl/portable/issues/1058), ssl_certificates.t and ssl_stapling.t tests adjusted accordingly. Note thought that LibreSSL also fails to provide correct certificate information when OCSP stapling is used with TLSv1.3 and multiple certificates (https://github.com/libressl/portable/issues/1059), so some tests in ssl_stapling.t are still failing even with the fix. Additionally, sending alerts in QUIC is also fixed in LibreSSL 4.0.0, as seen in the h3_ssl_reject_handshake.t test. diff --git a/h3_ssl_reject_handshake.t b/h3_ssl_reject_handshake.t --- a/h3_ssl_reject_handshake.t +++ b/h3_ssl_reject_handshake.t @@ -114,7 +114,9 @@ skip "OpenSSL too old", 3 if $got && $go # default virtual server rejected TODO: { -local $TODO = 'broken send_alert in LibreSSL' if $t->has_module('LibreSSL'); +local $TODO = 'broken send_alert in LibreSSL' + if $t->has_module('LibreSSL') + and not $t->has_feature('libressl:4.0.0'); is(bad('default', 8980), $alert, 'default rejected'); is(bad(undef, 8980), $alert, 'absent sni rejected'); @@ -132,7 +134,9 @@ like(get(undef, 8982), qr/200/, 'absent like(get('virtual1', 8982), qr/virtual1/, 'virtual 1 accepted'); TODO: { -local $TODO = 'broken send_alert in LibreSSL' if $t->has_module('LibreSSL'); +local $TODO = 'broken send_alert in LibreSSL' + if $t->has_module('LibreSSL') + and not $t->has_feature('libressl:4.0.0'); is(bad('virtual2', 8982), $alert, 'virtual 2 rejected'); diff --git a/ssl_certificates.t b/ssl_certificates.t --- a/ssl_certificates.t +++ b/ssl_certificates.t @@ -96,7 +96,9 @@ foreach my $name ('ec', 'rsa') { TODO: { local $TODO = 'broken TLSv1.3 sigalgs in LibreSSL' - if $t->has_module('LibreSSL') && test_tls13(); + if $t->has_module('LibreSSL') + && !$t->has_feature('libressl:4.0.0') + && test_tls13(); like(cert('RSA'), qr/CN=rsa/, 'ssl cert RSA'); diff --git a/ssl_stapling.t b/ssl_stapling.t --- a/ssl_stapling.t +++ b/ssl_stapling.t @@ -298,6 +298,7 @@ ok(!staple(8449, 'ECDSA'), 'ocsp error') TODO: { local $TODO = 'broken TLSv1.3 sigalgs in LibreSSL' if $t->has_module('LibreSSL') + && !$t->has_feature('libressl:4.0.0') && !Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") && test_tls13();
