Welcome! Log In Create A New Profile

Re: [PATCH 20 of 20] Tests: fixed ssl_ocsp.t with LibreSSL and TLSv1.3

Forum List Message List New Topic Print View

Maxim Dounin

March 23, 2023 10:20AM

Hello!

On Wed, Mar 22, 2023 at 03:11:44PM +0400, Sergey Kandaurov wrote:

> > On 18 Mar 2023, at 18:15, Maxim Dounin <mdounin@mdounin.ru> wrote:
> >
> > # HG changeset patch
> > # User Maxim Dounin <mdounin@mdounin.ru>
> > # Date 1679148869 -10800
> > # Sat Mar 18 17:14:29 2023 +0300
> > # Node ID f6f6a21b1c2a0d88cb2a4993f4c0113a3fb1e019
> > # Parent 782531c3cd79dcf700276e10bef00e524de009d1
> > Tests: fixed ssl_ocsp.t with LibreSSL and TLSv1.3.
> >
> > LibreSSL does not support session reuse with TLSv1.3.
>
> Since LibreSSL is so broken wrt TLSv1.3, I don't think
> it deserves annotating every test in separate changed.
> The LibreSSL changes could be easily combined:
> this is at least p11, p12, p13, p16, p17, p20.

That's more about logic of the patch series, see previous
responses. Combining some patches is certainly possible, though
it will be much harder to manage without per-test logic
universally applied to all changes.

>
> Other broken or missing functionality such as signature
> algorithms and certificate authorities can be skipped
> in separate commits, though.
>
> >
> > diff --git a/ssl_ocsp.t b/ssl_ocsp.t
> > --- a/ssl_ocsp.t
> > +++ b/ssl_ocsp.t
> > @@ -371,9 +371,15 @@ like(get('ec-end'), qr/200 OK.*SUCCESS/s
> > my ($s, $ssl) = get('ec-end');
> > my $ses = Net::SSLeay::get_session($ssl);
> >
> > +TODO: {
> > +local $TODO = 'no TLSv1.3 sessions in LibreSSL'
> > + if $t->has_module('LibreSSL') and $version > 0x303;
> > +
> > like(get('ec-end', ses => $ses),
> > qr/200 OK.*SUCCESS:r/s, 'session reused');
> >
> > +}
> > +
> > # revoke with saved session
> >
> > system("openssl ca -config $d/ca.conf -revoke $d/ec-end.crt "
> > @@ -393,9 +399,15 @@ system("openssl ocsp -index $d/certindex
> >
> > # reusing session with revoked certificate
> >
> > +TODO: {
> > +local $TODO = 'no TLSv1.3 sessions in LibreSSL'
> > + if $t->has_module('LibreSSL') and $version > 0x303;
> > +
> > like(get('ec-end', ses => $ses),
> > qr/400 Bad.*FAILED:certificate revoked:r/s, 'session reused - revoked');
> >
> > +}
> > +
> > # regression test for self-signed
> >
> > like(get('root', port => 8447), qr/200 OK.*SUCCESS/s, 'ocsp one');

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
[PATCH 00 of 20] tests suite fixes for TLSv1.3	Maxim Dounin	535	March 18, 2023 10:18AM
[PATCH 03 of 20] Tests: separate SSL session reuse tests in mail	Maxim Dounin	154	March 18, 2023 10:18AM
Re: [PATCH 03 of 20] Tests: separate SSL session reuse tests in mail	Sergey Kandaurov	130	March 22, 2023 05:22AM
Re: [PATCH 03 of 20] Tests: separate SSL session reuse tests in mail	Maxim Dounin	122	March 23, 2023 10:18AM
Re: [PATCH 03 of 20] Tests: separate SSL session reuse tests in mail	Sergey Kandaurov	144	March 22, 2023 05:48AM
Re: [PATCH 03 of 20] Tests: separate SSL session reuse tests in mail	Maxim Dounin	129	March 23, 2023 10:16AM
Re: [PATCH 03 of 20] Tests: separate SSL session reuse tests in mail	Sergey Kandaurov	125	March 23, 2023 12:00PM
[PATCH 01 of 20] Tests: separate SSL session reuse tests	Maxim Dounin	203	March 18, 2023 10:18AM
Re: [PATCH 01 of 20] Tests: separate SSL session reuse tests	Sergey Kandaurov	189	March 22, 2023 04:58AM
Re: [PATCH 01 of 20] Tests: separate SSL session reuse tests	Maxim Dounin	131	March 23, 2023 10:12AM
Re: [PATCH 01 of 20] Tests: separate SSL session reuse tests	Sergey Kandaurov	123	March 23, 2023 12:00PM
Re: [PATCH 01 of 20] Tests: separate SSL session reuse tests	Maxim Dounin	172	March 23, 2023 01:26PM
Re: [PATCH 01 of 20] Tests: separate SSL session reuse tests	Sergey Kandaurov	185	March 24, 2023 08:40AM
[PATCH 08 of 20] Tests: enabled session reuse via TLS session tickets	Maxim Dounin	130	March 18, 2023 10:20AM
[PATCH 07 of 20] Tests: BoringSSL does not provide session ids with TLSv1.3	Maxim Dounin	139	March 18, 2023 10:20AM
[PATCH 09 of 20] Tests: restored proper port numbers in ssl_sni_sessions.t	Maxim Dounin	132	March 18, 2023 10:20AM
[PATCH 10 of 20] Tests: disabled ssl_sni_sessions.t with LibreSSL and BoringSSL	Maxim Dounin	149	March 18, 2023 10:20AM
[PATCH 05 of 20] Tests: separate SSL session reuse tests in stream	Maxim Dounin	145	March 18, 2023 10:20AM
Re: [PATCH 05 of 20] Tests: separate SSL session reuse tests in stream	Sergey Kandaurov	141	March 22, 2023 05:56AM
Re: [PATCH 05 of 20] Tests: separate SSL session reuse tests in stream	Maxim Dounin	123	March 23, 2023 10:18AM
[PATCH 06 of 20] Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in mail	Maxim Dounin	131	March 18, 2023 10:20AM
Re: [PATCH 06 of 20] Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in mail	Sergey Kandaurov	129	March 22, 2023 06:00AM
Re: [PATCH 06 of 20] Tests: LibreSSL and BoringSSL session reuse with TLSv1.3 in mail	Maxim Dounin	118	March 23, 2023 10:18AM
[PATCH 12 of 20] Tests: fixed ssl_session_ticket_key.t with LibreSSL and TLSv1.3	Maxim Dounin	113	March 18, 2023 10:20AM
[PATCH 13 of 20] Tests: fixed ssl_sni.t with LibreSSL and TLSv1.3	Maxim Dounin	170	March 18, 2023 10:20AM
[PATCH 11 of 20] Tests: fixed proxy_ssl.t with LibreSSL and TLSv1.3	Maxim Dounin	161	March 18, 2023 10:20AM
[PATCH 14 of 20] Tests: LibreSSL certificate negotiation with TLSv1.3	Maxim Dounin	200	March 18, 2023 10:20AM
[PATCH 15 of 20] Tests: LibreSSL does not send CA lists with TLSv1.3	Maxim Dounin	160	March 18, 2023 10:20AM
Re: [PATCH 15 of 20] Tests: LibreSSL does not send CA lists with TLSv1.3	Sergey Kandaurov	144	March 22, 2023 06:40AM
[PATCH 16 of 20] Tests: fixed stream_proxy_ssl.t with LibreSSL and TLSv1.3	Maxim Dounin	193	March 18, 2023 10:20AM
[PATCH 18 of 20] Tests: cleaned up ssl_ocsp.t	Maxim Dounin	159	March 18, 2023 10:20AM
[PATCH 20 of 20] Tests: fixed ssl_ocsp.t with LibreSSL and TLSv1.3	Maxim Dounin	166	March 18, 2023 10:20AM
Re: [PATCH 20 of 20] Tests: fixed ssl_ocsp.t with LibreSSL and TLSv1.3	Sergey Kandaurov	152	March 22, 2023 07:12AM
Re: [PATCH 20 of 20] Tests: fixed ssl_ocsp.t with LibreSSL and TLSv1.3	Maxim Dounin	134	March 23, 2023 10:20AM
[PATCH 19 of 20] Tests: removed multiple server certificates from ssl_ocsp.t	Maxim Dounin	150	March 18, 2023 10:20AM
Re: [PATCH 19 of 20] Tests: removed multiple server certificates from ssl_ocsp.t	Sergey Kandaurov	135	March 22, 2023 07:06AM
Re: [PATCH 19 of 20] Tests: removed multiple server certificates from ssl_ocsp.t	Maxim Dounin	127	March 23, 2023 10:18AM
[PATCH 17 of 20] Tests: fixed stream_ssl_variables.t.t with LibreSSL and TLSv1.3	Maxim Dounin	139	March 18, 2023 10:20AM
Re: [PATCH 00 of 20] tests suite fixes for TLSv1.3	Sergey Kandaurov	120	March 22, 2023 07:44AM
Re: [PATCH 00 of 20] tests suite fixes for TLSv1.3	Maxim Dounin	143	March 23, 2023 10:20AM
Re: [PATCH 00 of 20] tests suite fixes for TLSv1.3	Sergey Kandaurov	120	March 23, 2023 12:02PM
Re: [PATCH 00 of 20] tests suite fixes for TLSv1.3	Maxim Dounin	116	March 23, 2023 12:54PM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 293

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018