> On 23 Mar 2023, at 18:18, Maxim Dounin <mdou...@mdounin.ru> wrote: > > Hello! > > On Wed, Mar 22, 2023 at 03:43:12PM +0400, Sergey Kandaurov wrote: > >>> On 18 Mar 2023, at 18:14, Maxim Dounin <mdou...@mdounin.ru> wrote: >>> >>> Hello! >>> >>> Here are patch series for the test suite to address test failures >>> observed with TLSv1.3 enabled with BoringSSL and LibreSSL. >>> >>> Short summary of the issues seen: >>> >>> - BoringSSL with TLSv1.3 does not support session reuse via server-side >>> session cache, only with tickets. >>> >>> - BoringSSL with TLSv1.3 does not provide $ssl_session_id. >>> >>> - LibreSSL with TLSv1.3 does not support session reuse. >>> >>> - LibreSSL with TLSv1.3 fails to negotiate certificates based on >>> signature algorithms supported by the client, and fails with >>> "missing rsa certificate" and "unknown pkey type" errors. >>> >>> - LibreSSL with TLSv1.3 does not send CA lists to the client. >>> >> >> Missing peaces that allow me to run with LibreSSL: >> >> # HG changeset patch >> # User Sergey Kandaurov <pluk...@nginx.com> >> # Date 1679485246 -14400 >> # Wed Mar 22 15:40:46 2023 +0400 >> # Node ID dfe434f295d3da7e3b67bbbafeab245bb591f397 >> # Parent 826e00e7c037d617781239963e8b868b6b0de225 >> Tests: fixed upstream zone tests with LibreSSL and TLSv1.3. >> >> LibreSSL does not support session reuse with TLSv1.3. >> >> diff --git a/stream_upstream_zone_ssl.t b/stream_upstream_zone_ssl.t >> --- a/stream_upstream_zone_ssl.t >> +++ b/stream_upstream_zone_ssl.t > > Thanks. I've happen to compile nginx without upstream zone > modules as a leftover from some previous tests, and missed these. > Added a similar change with TODOs. > > Full series with all the fixes:
Looks good, thanks for your work. -- Sergey Kandaurov _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
