tests: fix ci

willmafh · willmafh · commit 15fe37611f23 · 2025-10-20T11:04:34.000+08:00
diff --git a/src/ngx_stream_lua_proxy_ssl_verifyby.c b/src/ngx_stream_lua_proxy_ssl_verifyby.c
@@ -32,13 +32,20 @@ ngx_int_t
 ngx_stream_lua_proxy_ssl_verify_set_callback(ngx_conf_t *cf)
 {
 
-#ifdef LIBRESSL_VERSION_NUMBER
+#if defined(LIBRESSL_VERSION_NUMBER)
 
     ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
                   "LibreSSL does not support by proxy_ssl_verify_by_lua*");
 
     return NGX_ERROR;
 
+#elif defined(OPENSSL_IS_BORINGSSL)
+
+    ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
+                  "BoringSSL does not support by proxy_ssl_verify_by_lua*");
+
+    return NGX_ERROR;
+
 #else
 
     ngx_flag_t           proxy_ssl = 0;
@@ -161,6 +168,22 @@ char *
 ngx_stream_lua_proxy_ssl_verify_by_lua(ngx_conf_t *cf, ngx_command_t *cmd,
     void *conf)
 {
+#if defined(LIBRESSL_VERSION_NUMBER)
+
+    ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
+                  "LibreSSL does not support by proxy_ssl_verify_by_lua*");
+
+    return NGX_CONF_ERROR;
+
+#elif defined(OPENSSL_IS_BORINGSSL)
+
+    ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
+                  "BoringSSL does not support by proxy_ssl_verify_by_lua*");
+
+    return NGX_CONF_ERROR;
+
+#else
+
 #if (!defined SSL_ERROR_WANT_RETRY_VERIFY \
      || OPENSSL_VERSION_NUMBER < 0x30000020L)
 
@@ -244,12 +267,30 @@ ngx_stream_lua_proxy_ssl_verify_by_lua(ngx_conf_t *cf, ngx_command_t *cmd,
     return NGX_CONF_OK;
 
 #endif  /* SSL_ERROR_WANT_RETRY_VERIFY */
+
+#endif
 }
 
 
 int
 ngx_stream_lua_proxy_ssl_verify_handler(X509_STORE_CTX *x509_store, void *arg)
 {
+#if defined(LIBRESSL_VERSION_NUMBER)
+
+    ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0,
+        "LibreSSL does not support by proxy_ssl_verify_by_lua*");
+
+    return 1;
+
+#elif defined(OPENSSL_IS_BORINGSSL)
+
+    ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0,
+        "BoringSSL does not support by proxy_ssl_verify_by_lua*");
+
+    return 1;
+
+#else
+
     lua_State                          *L;
     ngx_int_t                           rc;
     ngx_connection_t                   *c;
@@ -395,6 +436,8 @@ ngx_stream_lua_proxy_ssl_verify_handler(X509_STORE_CTX *x509_store, void *arg)
 
     return 0;  /* verify failure or error */
 #endif
+
+#endif
 }
 
 
@@ -573,6 +616,20 @@ int
 ngx_stream_lua_ffi_proxy_ssl_set_verify_result(ngx_stream_lua_request_t *r,
     int verify_result, char **err)
 {
+#if defined(LIBRESSL_VERSION_NUMBER)
+
+    *err = "LibreSSL does not support this function";
+
+    return NGX_ERROR;
+
+#elif defined(OPENSSL_IS_BORINGSSL)
+
+    *err = "BoringSSL does not support this function";
+
+    return NGX_ERROR;
+
+#else
+
 #ifdef SSL_ERROR_WANT_RETRY_VERIFY
     ngx_stream_upstream_t           *u;
     ngx_ssl_conn_t                  *ssl_conn;
@@ -618,13 +675,29 @@ ngx_stream_lua_ffi_proxy_ssl_set_verify_result(ngx_stream_lua_request_t *r,
 
     return NGX_ERROR;
 #endif
+
+#endif
 }
 
 
 int
 ngx_stream_lua_ffi_proxy_ssl_get_verify_result(ngx_stream_lua_request_t *r,
     char **err)
 {
+#if defined(LIBRESSL_VERSION_NUMBER)
+
+    *err = "LibreSSL does not support this function";
+
+    return NGX_ERROR;
+
+#elif defined(OPENSSL_IS_BORINGSSL)
+
+    *err = "BoringSSL does not support this function";
+
+    return NGX_ERROR;
+
+#else
+
 #ifdef SSL_ERROR_WANT_RETRY_VERIFY
     ngx_stream_upstream_t           *u;
     ngx_ssl_conn_t                  *ssl_conn;
@@ -668,6 +741,8 @@ ngx_stream_lua_ffi_proxy_ssl_get_verify_result(ngx_stream_lua_request_t *r,
 
     return NGX_ERROR;
 #endif
+
+#endif
 }
 
 
@@ -684,6 +759,20 @@ void *
 ngx_stream_lua_ffi_proxy_ssl_get_verify_cert(ngx_stream_lua_request_t *r,
     char **err)
 {
+#if defined(LIBRESSL_VERSION_NUMBER)
+
+    *err = "LibreSSL does not support this function";
+
+    return NGX_ERROR;
+
+#elif defined(OPENSSL_IS_BORINGSSL)
+
+    *err = "BoringSSL does not support this function";
+
+    return NGX_ERROR;
+
+#else
+
 #ifdef SSL_ERROR_WANT_RETRY_VERIFY
     ngx_stream_upstream_t           *u;
     ngx_ssl_conn_t                  *ssl_conn;
@@ -735,6 +824,8 @@ ngx_stream_lua_ffi_proxy_ssl_get_verify_cert(ngx_stream_lua_request_t *r,
 
     return NULL;
 #endif
+
+#endif
 }
 
 
diff --git a/t/164-proxy-ssl-verify-by.t b/t/164-proxy-ssl-verify-by.t
@@ -13,9 +13,13 @@ if ($openssl_version =~ m/built with OpenSSL (\d+)\.(\d+)\.(\d+)/) {
     if ($major < 3 || ($major == 3 && $minor == 0 && $patch < 2)) {
         plan(skip_all => "too old OpenSSL, need >= 3.0.2, was " .
             "$major.$minor.$patch");
+    } else {
+        plan tests => repeat_each() * (blocks() * 6 + 3);
     }
+} elsif ($openssl_version =~ m/running with BoringSSL/) {
+    plan(skip_all => "does not support BoringSSL");
 } else {
-    plan tests => repeat_each() * (blocks() * 6 + 5);
+    die "unknown SSL";
 }
 
 $ENV{TEST_NGINX_HTML_DIR} ||= html_dir();

Original file line number	Diff line number	Diff line change
`@@ -13,9 +13,13 @@ if ($openssl_version =~ m/built with OpenSSL (\d+)\.(\d+)\.(\d+)/) {`
`13`	`13`	`if ($major < 3 \|\| ($major == 3 && $minor == 0 && $patch < 2)) {`
`14`	`14`	`plan(skip_all => "too old OpenSSL, need >= 3.0.2, was " .`
`15`	`15`	`"$major.$minor.$patch");`
	`16`	`+ } else {`
	`17`	`+ plan tests => repeat_each() * (blocks() * 6 + 3);`
`16`	`18`	`}`
	`19`	`+} elsif ($openssl_version =~ m/running with BoringSSL/) {`
	`20`	`+ plan(skip_all => "does not support BoringSSL");`
`17`	`21`	`} else {`
`18`		`- plan tests => repeat_each() * (blocks() * 6 + 5);`
	`22`	`+ die "unknown SSL";`
`19`	`23`	`}`
`20`	`24`
`21`	`25`	`$ENV{TEST_NGINX_HTML_DIR} \|\|= html_dir();`