You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by rj...@apache.org on 2018/10/18 15:20:49 UTC

svn commit: r1844255 - /httpd/test/framework/trunk/t/ssl/ocsp.t

Author: rjung
Date: Thu Oct 18 15:20:49 2018
New Revision: 1844255

URL: http://svn.apache.org/viewvc?rev=1844255&view=rev
Log:
Disable OCSP test for Openssl < 1.0.2.

Long term one could try to fix the CGI script
t/htdocs/modules/cgi/ocsp.pl.PL. Currently the
script passes the OCSP request to openssl via
"-reqin -" which is not supported in OpenSSL
before 1.0.2.

The script could instead read the data, place
it in a temp file and let OpenSSL use the temp
file.

For now we simply disable the test for the old
OpenSSL versions.

Modified:
    httpd/test/framework/trunk/t/ssl/ocsp.t

Modified: httpd/test/framework/trunk/t/ssl/ocsp.t
URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/ssl/ocsp.t?rev=1844255&r1=1844254&r2=1844255&view=diff
==============================================================================
--- httpd/test/framework/trunk/t/ssl/ocsp.t (original)
+++ httpd/test/framework/trunk/t/ssl/ocsp.t Thu Oct 18 15:20:49 2018
@@ -21,6 +21,7 @@ Apache::TestRequest::module('ssl_ocsp');
 # support in earlier versions without messing around with stderr
 my $openssl = Apache::TestSSLCA::openssl();
 if (!have_min_apache_version('2.4.26')
+    or Net::SSLeay::OPENSSL_VERSION_NUMBER() < 0x10002000
     or `$openssl list -commands 2>&1` !~ /ocsp/) {
     print "1..0 # skip: No OpenSSL or mod_ssl OCSP support";
     exit 0;