Tests: switch from DSS to ECDSA in ssl_certificates.t.
All known supported platforms are shipped with OpenSSL version that supports
ECDSA certificates so it's safe for a switch. Besides that, as an additional
demand to switch, LibreSSL removed DSS/DSA support in 2.6.0 and nginx breaks
here with such cert which is covered under try_run() which is still there.
While here, now that DSS is no more, remove henceforth unneeded try_run().
diff --git a/ssl_certificates.t b/ssl_certificates.t
index 7e27263..8188d36 100644
--- a/ssl_certificates.t
+++ b/ssl_certificates.t
@@ -41,8 +41,6 @@
http {
%%TEST_GLOBALS_HTTP%%
- ssl_dhparam dhparam.pem;
-
ssl_certificate_key rsa.key;
ssl_certificate rsa.crt;
@@ -50,8 +48,8 @@
listen 127.0.0.1:8080 ssl;
server_name localhost;
- ssl_certificate_key dsa.key;
- ssl_certificate dsa.crt;
+ ssl_certificate_key ec.key;
+ ssl_certificate ec.crt;
ssl_certificate_key rsa.key;
ssl_certificate rsa.crt;
@@ -73,14 +71,12 @@
my $d = $t->testdir();
-system("openssl dhparam -dsaparam -out '$d/dhparam.pem' 1024 "
- . ">>$d/openssl.out 2>&1") == 0 or die "Can't create DH param: $!\n";
+system("openssl ecparam -genkey -out '$d/ec.key' -name prime256v1 "
+ . ">>$d/openssl.out 2>&1") == 0 or die "Can't create EC pem: $!\n";
system("openssl genrsa -out '$d/rsa.key' 1024 >>$d/openssl.out 2>&1") == 0
or die "Can't create RSA pem: $!\n";
-system("openssl dsaparam -genkey -out '$d/dsa.key' 1024 >>$d/openssl 2>&1") == 0
- or die "Can't create DSA pem: $!\n";
-foreach my $name ('dsa', 'rsa') {
+foreach my $name ('ec', 'rsa') {
system("openssl req -x509 -new -key '$d/$name.key' "
. "-config '$d/openssl.conf' -subj '/CN=$name/' "
. "-out '$d/$name.crt' -keyout '$d/$name.key' "
@@ -88,12 +84,12 @@
or die "Can't create certificate for $name: $!\n";
}
-$t->try_run('no multiple certificates')->plan(2);
+$t->run()->plan(2);
###############################################################################
like(get_cert('RSA'), qr/CN=rsa/, 'ssl cert RSA');
-like(get_cert('DSS'), qr/CN=dsa/, 'ssl cert DSA');
+like(get_cert('ECDSA'), qr/CN=ec/, 'ssl cert ECDSA');
###############################################################################