# HG changeset patch
# User Maxim Dounin <mdou...@mdounin.ru>
# Date 1679148869 -10800
# Sat Mar 18 17:14:29 2023 +0300
# Node ID f6f6a21b1c2a0d88cb2a4993f4c0113a3fb1e019
# Parent 782531c3cd79dcf700276e10bef00e524de009d1
Tests: fixed ssl_ocsp.t with LibreSSL and TLSv1.3.
LibreSSL does not support session reuse with TLSv1.3.
diff --git a/ssl_ocsp.t b/ssl_ocsp.t
--- a/ssl_ocsp.t
+++ b/ssl_ocsp.t
@@ -371,9 +371,15 @@ like(get('ec-end'), qr/200 OK.*SUCCESS/s
my ($s, $ssl) = get('ec-end');
my $ses = Net::SSLeay::get_session($ssl);
+TODO: {
+local $TODO = 'no TLSv1.3 sessions in LibreSSL'
+ if $t->has_module('LibreSSL') and $version > 0x303;
+
like(get('ec-end', ses => $ses),
qr/200 OK.*SUCCESS:r/s, 'session reused');
+}
+
# revoke with saved session
system("openssl ca -config $d/ca.conf -revoke $d/ec-end.crt "
@@ -393,9 +399,15 @@ system("openssl ocsp -index $d/certindex
# reusing session with revoked certificate
+TODO: {
+local $TODO = 'no TLSv1.3 sessions in LibreSSL'
+ if $t->has_module('LibreSSL') and $version > 0x303;
+
like(get('ec-end', ses => $ses),
qr/400 Bad.*FAILED:certificate revoked:r/s, 'session reused - revoked');
+}
+
# regression test for self-signed
like(get('root', port => 8447), qr/200 OK.*SUCCESS/s, 'ocsp one');
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
