Adds a workaround for false negative test results with TLSProxy

The server is not able to shut down correctly
when the client sends an alert in epoch 0 and the
server has sent its Finished message.
As a workaround we accept a bad exit code for a failing
DTLS test run.

Fixes #26915

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26922)

diff --git a/util/perl/TLSProxy/Proxy.pm b/util/perl/TLSProxy/Proxy.pm
index badc179a47287117bca67ce14f99829879e600d8..8276915ae7370c109e14a77b44d71b417a2e2f8f 100644 (file)
--- a/util/perl/TLSProxy/Proxy.pm
+++ b/util/perl/TLSProxy/Proxy.pm
@@ -477,7 +477,14 @@ sub clientstart
         print "Waiting for s_server process to close: $pid...\n";
         # it's done already, just collect the exit code [and reap]...
         waitpid($pid, 0);
-        die "exit code $? from s_server process\n" if $? != 0;
+
+        # TODO(DTLSv1.3): The server is not able to shut down correctly
+        #                 when the client sends an alert in epoch 0 and the
+        #                 server has sent its Finished message.
+        #                 As a workaround we accept a bad exit code for a failing
+        #                 DTLS test run.
+        die "exit code $? from s_server process\n"
+            if $? != 0 && (!$self->{isdtls} || $success == 1);
     } else {
         # It's a bit counter-intuitive spot to make next connection to
         # the s_server. Rationale is that established connection works