diff options
Diffstat (limited to 'test/recipes/80-test_ssl_old.t')
| -rw-r--r-- | test/recipes/80-test_ssl_old.t | 27 |
1 files changed, 14 insertions, 13 deletions
diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t index 855e7c66f4..13fcfbe6df 100644 --- a/test/recipes/80-test_ssl_old.t +++ b/test/recipes/80-test_ssl_old.t @@ -811,20 +811,21 @@ sub testssl { plan tests => 3; SKIP: { - skip "Certificate Transparency is not supported by this OpenSSL build", 3 - if $no_ct; - skip "TLSv1.0 is not supported by this OpenSSL build", 3 - if $no_tls1; - - $ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); - ok(run(test([@ssltest, "-bio_pair", "-tls1", "-noct"]))); - ok(run(test([@ssltest, "-bio_pair", "-tls1", "-requestct"]))); - # No SCTs provided, so this should fail. - ok(run(test([@ssltest, "-bio_pair", "-tls1", "-requirect", - "-should_negotiate", "fail-client"]))); - } + skip "Certificate Transparency is not supported by this OpenSSL build", 3 + if $no_ct; + skip "TLSv1.0 is not supported by this OpenSSL build", 3 + if $no_tls1; + + $ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); + my @ca = qw(-CAfile certCA.ss); + ok(run(test([@ssltest, @ca, "-bio_pair", "-tls1", "-noct"]))); + # No SCTs provided, so this should fail. + ok(run(test([@ssltest, @ca, "-bio_pair", "-tls1", "-ct", + "-should_negotiate", "fail-client"]))); + # No SCTs provided, unverified chains still succeed. + ok(run(test([@ssltest, "-bio_pair", "-tls1", "-ct"]))); + } }; - } sub testsslproxy { |