From: Matt Caswell <matt@openssl.org>
Date: Wed, 6 Nov 2024 09:59:46 +0000 (+0000)
Subject: Add a test for setting TLSv1.2 ciphersuites on a QUIC object
X-Git-Tag: openssl-3.5.0-alpha1~929
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b10cfd93fd58cc1e9c876be159253b5389dc11a5;p=thirdparty%2Fopenssl.git

Add a test for setting TLSv1.2 ciphersuites on a QUIC object

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25886)
---

diff --git a/test/quicapitest.c b/test/quicapitest.c
index 25a9889d487..d384d17cbd1 100644
--- a/test/quicapitest.c
+++ b/test/quicapitest.c
@@ -285,7 +285,7 @@ static int test_fin_only_blocking(void)
 static int test_ciphersuites(void)
 {
     SSL_CTX *ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
-    SSL *ssl;
+    SSL *ssl = NULL;
     int testresult = 0;
     const STACK_OF(SSL_CIPHER) *ciphers = NULL;
     const SSL_CIPHER *cipher;
@@ -302,10 +302,20 @@ static int test_ciphersuites(void)
     if (!TEST_ptr(ctx))
         return 0;
 
+    /*
+     * Attempting to set TLSv1.2 ciphersuites should succeed, even though they
+     * aren't used in QUIC.
+     */
+    if (!TEST_true(SSL_CTX_set_cipher_list(ctx, "DEFAULT")))
+        goto err;
+
     ssl = SSL_new(ctx);
     if (!TEST_ptr(ssl))
         goto err;
 
+    if (!TEST_true(SSL_set_cipher_list(ssl, "DEFAULT")))
+        goto err;
+
     ciphers = SSL_get_ciphers(ssl);
 
     for (i = 0, j = 0; i < OSSL_NELEM(cipherids); i++) {