From: Benjamin Kaduk Date: Mon, 3 May 2021 20:23:53 +0000 (-0700) Subject: adapt tests to SSL_OP_LEGACY_SERVER_CONNECT change X-Git-Tag: openssl-3.0.0-alpha16~15 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6c0ac9b99f2b7278a5ec60ef0c29c71e9eb4f40d;p=thirdparty%2Fopenssl.git adapt tests to SSL_OP_LEGACY_SERVER_CONNECT change The "bad DTLS" tests run into trouble due to the special behavior for that "bad" version, and the SSL record tests need to set the -legacy_server_connect flag to allow an SSLv2 ClientHello to work against any TLS server (since SSLv2 ClientHello messages cannot carry extensions as would be needed in order to negotiate the use of the renegitiation_info extension). Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/15127) --- diff --git a/test/bad_dtls_test.c b/test/bad_dtls_test.c index 48cf45bae63..a67db1737ea 100644 --- a/test/bad_dtls_test.c +++ b/test/bad_dtls_test.c @@ -494,6 +494,8 @@ static int test_bad_dtls(void) if (!TEST_ptr(ctx) || !TEST_true(SSL_CTX_set_min_proto_version(ctx, DTLS1_BAD_VER)) || !TEST_true(SSL_CTX_set_max_proto_version(ctx, DTLS1_BAD_VER)) + || !TEST_true(SSL_CTX_set_options(ctx, + SSL_OP_LEGACY_SERVER_CONNECT)) || !TEST_true(SSL_CTX_set_cipher_list(ctx, "AES128-SHA"))) goto end; diff --git a/test/recipes/70-test_sslrecords.t b/test/recipes/70-test_sslrecords.t index 729a41856dd..318c9235b0c 100644 --- a/test/recipes/70-test_sslrecords.t +++ b/test/recipes/70-test_sslrecords.t @@ -96,7 +96,7 @@ my $sslv2testtype = TLSV1_2_IN_SSLV2; $proxy->clear(); $proxy->filter(\&add_sslv2_filter); $proxy->serverflags("-tls1_2"); -$proxy->clientflags("-no_tls1_3"); +$proxy->clientflags("-no_tls1_3 -legacy_renegotiation"); $proxy->ciphers("AES128-SHA:\@SECLEVEL=0"); $proxy->start(); ok(TLSProxy::Message->success(), "TLSv1.2 in SSLv2 ClientHello test");