Hello! On Thu, Mar 23, 2023 at 08:01:09PM +0400, Sergey Kandaurov wrote:
> > On 23 Mar 2023, at 18:18, Maxim Dounin <mdou...@mdounin.ru> wrote: > > > > Hello! > > > > On Wed, Mar 22, 2023 at 03:43:12PM +0400, Sergey Kandaurov wrote: > > > >>> On 18 Mar 2023, at 18:14, Maxim Dounin <mdou...@mdounin.ru> wrote: > >>> > >>> Hello! > >>> > >>> Here are patch series for the test suite to address test failures > >>> observed with TLSv1.3 enabled with BoringSSL and LibreSSL. > >>> > >>> Short summary of the issues seen: > >>> > >>> - BoringSSL with TLSv1.3 does not support session reuse via server-side > >>> session cache, only with tickets. > >>> > >>> - BoringSSL with TLSv1.3 does not provide $ssl_session_id. > >>> > >>> - LibreSSL with TLSv1.3 does not support session reuse. > >>> > >>> - LibreSSL with TLSv1.3 fails to negotiate certificates based on > >>> signature algorithms supported by the client, and fails with > >>> "missing rsa certificate" and "unknown pkey type" errors. > >>> > >>> - LibreSSL with TLSv1.3 does not send CA lists to the client. > >>> > >> > >> Missing peaces that allow me to run with LibreSSL: > >> > >> # HG changeset patch > >> # User Sergey Kandaurov <pluk...@nginx.com> > >> # Date 1679485246 -14400 > >> # Wed Mar 22 15:40:46 2023 +0400 > >> # Node ID dfe434f295d3da7e3b67bbbafeab245bb591f397 > >> # Parent 826e00e7c037d617781239963e8b868b6b0de225 > >> Tests: fixed upstream zone tests with LibreSSL and TLSv1.3. > >> > >> LibreSSL does not support session reuse with TLSv1.3. > >> > >> diff --git a/stream_upstream_zone_ssl.t b/stream_upstream_zone_ssl.t > >> --- a/stream_upstream_zone_ssl.t > >> +++ b/stream_upstream_zone_ssl.t > > > > Thanks. I've happen to compile nginx without upstream zone > > modules as a leftover from some previous tests, and missed these. > > Added a similar change with TODOs. > > > > Full series with all the fixes: > > Looks good, thanks for your work. Pushed to http://mdounin.ru/hg/nginx-tests, thanks for the review. -- Maxim Dounin http://mdounin.ru/ _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
