From: Neil Horman <nhorman@openssl.org>
Date: Tue, 24 Sep 2024 08:24:26 +0000 (-0400)
Subject: Add SSL_CIPHER_SUITES env variable to quic-hq-interop
X-Git-Tag: openssl-3.5.0-alpha1~1049
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5f43a3376bd3e9560141f390eee0e12a77279a83;p=thirdparty%2Fopenssl.git

Add SSL_CIPHER_SUITES env variable to quic-hq-interop

To run the chacha20 test in interop we need to:
1) negotiate an hq-interop alpn
2) only use chacha 20

Item 1 requires the use of quic-hq-interop, the latter requires this
change

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25528)
---

diff --git a/demos/guide/quic-hq-interop.c b/demos/guide/quic-hq-interop.c
index 92dff14f62f..c4eb2f3d125 100644
--- a/demos/guide/quic-hq-interop.c
+++ b/demos/guide/quic-hq-interop.c
@@ -38,6 +38,7 @@
  * SSL_SESSION_FILE - set to a file path to record ssl sessions and restore
  *                    said sessions on next invocation
  * SSL_CERT_FILE - The ca file to use when validating a server
+ * SSL_CIPHER_SUITES - The list of cipher suites to use (see openssl-ciphers)
  */
 #include <string.h>
 
@@ -814,6 +815,17 @@ static int setup_connection(char *hostname, char *port, int ipv6,
         if (set_keylog_file(*ctx, sslkeylogfile))
             goto end;
 
+    /*
+     * If the SSL_CIPHER_SUITES env variable is set, assign those
+     * ciphers to the context
+     */
+    if (getenv("SSL_CIPHER_SUITES") != NULL) {
+        if (!SSL_CTX_set_ciphersuites(*ctx, getenv("SSL_CIPHER_SUITES"))) {
+            fprintf(stderr, "Failed to set cipher suites for connection\n");
+            goto end;
+        }
+    }
+
     /* Create an SSL object to represent the TLS connection */
     *ssl = SSL_new(*ctx);
     if (*ssl == NULL) {