mbedtls: fix pytest for newer versions

Fix the expectations in pytest for newer versions of mbedtls

Closes #13132

diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
index 3fefb612bd1af304b49f54db6192c27d68d185f5..5f07e78ef7cf2f1bc22a20aab3307a299c1688bf 100644 (file)
--- a/lib/vtls/mbedtls.c
+++ b/lib/vtls/mbedtls.c
@@ -687,14 +687,13 @@ mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
                               &backend->clicert, &backend->pk);
   }
 
-  if(connssl->peer.sni) {
-    if(mbedtls_ssl_set_hostname(&backend->ssl, connssl->peer.sni)) {
-      /* mbedtls_ssl_set_hostname() sets the name to use in CN/SAN checks and
-         the name to set in the SNI extension. So even if curl connects to a
-         host specified as an IP address, this function must be used. */
-      failf(data, "Failed to set SNI");
-      return CURLE_SSL_CONNECT_ERROR;
-    }
+  if(mbedtls_ssl_set_hostname(&backend->ssl, connssl->peer.sni?
+                              connssl->peer.sni : connssl->peer.hostname)) {
+    /* mbedtls_ssl_set_hostname() sets the name to use in CN/SAN checks and
+       the name to set in the SNI extension. So even if curl connects to a
+       host specified as an IP address, this function must be used. */
+    failf(data, "Failed to set SNI");
+    return CURLE_SSL_CONNECT_ERROR;
   }
 
 #ifdef HAS_ALPN

diff --git a/tests/http/test_10_proxy.py b/tests/http/test_10_proxy.py
index ad3a5990f1ccd7b488cdcb9d8ddda7ba62ec8f8f..c191432fb045a2c49e501cb4a65e07d40ab29e0a 100644 (file)
--- a/tests/http/test_10_proxy.py
+++ b/tests/http/test_10_proxy.py
@@ -362,6 +362,10 @@ class TestProxy:
         xargs = curl.get_proxy_args(proto=proto, use_ip=True)
         r = curl.http_download(urls=[url], alpn_proto='http/1.1', with_stats=True,
                                extra_args=xargs)
-        r.check_response(count=1, http_status=200,
-                         protocol='HTTP/2' if proto == 'h2' else 'HTTP/1.1')
+        if env.curl_uses_lib('mbedtls') and \
+                not env.curl_lib_version_at_least('mbedtls', '3.5.0'):
+            r.check_exit_code(60) # CURLE_PEER_FAILED_VERIFICATION
+        else:
+            r.check_response(count=1, http_status=200,
+                             protocol='HTTP/2' if proto == 'h2' else 'HTTP/1.1')
 

diff --git a/tests/http/testenv/env.py b/tests/http/testenv/env.py
index 29f9726f7bd64e720faa9f004d15da8b21f51bd3..a207059dcd57c585ebd2dc82bcb9f5bfec7be906 100644 (file)
--- a/tests/http/testenv/env.py
+++ b/tests/http/testenv/env.py
@@ -185,15 +185,15 @@ class EnvConfig:
                 log.error(f'{self.apxs} failed to run: {e}')
         return self._httpd_version
 
-    def _versiontuple(self, v):
+    def versiontuple(self, v):
         v = re.sub(r'(\d+\.\d+(\.\d+)?)(-\S+)?', r'\1', v)
         return tuple(map(int, v.split('.')))
 
     def httpd_is_at_least(self, minv):
         if self.httpd_version is None:
             return False
-        hv = self._versiontuple(self.httpd_version)
-        return hv >= self._versiontuple(minv)
+        hv = self.versiontuple(self.httpd_version)
+        return hv >= self.versiontuple(minv)
 
     def is_complete(self) -> bool:
         return os.path.isfile(self.httpd) and \
@@ -275,6 +275,14 @@ class Env:
                 return lversion[len(prefix):]
         return 'unknown'
 
+    @staticmethod
+    def curl_lib_version_at_least(libname: str, min_version) -> str:
+        lversion = Env.curl_lib_version(libname)
+        if lversion != 'unknown':
+            return Env.CONFIG.versiontuple(min_version) <= \
+                   Env.CONFIG.versiontuple(lversion)
+        return False
+
     @staticmethod
     def curl_os() -> str:
         return Env.CONFIG.curl_props['os']