From: Neil Horman Date: Wed, 4 Dec 2024 14:33:30 +0000 (-0500) Subject: Disable server address validation on interop handshake test X-Git-Tag: openssl-3.5.0-alpha1~293 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=78f7141c12d58f0cbf9dde193b23857023700146;p=thirdparty%2Fopenssl.git Disable server address validation on interop handshake test The handshake test in the interop suite requires that no server address validation be preformed, so disable it for this test Reviewed-by: Saša Nedvědický Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/26114) --- diff --git a/demos/guide/quic-hq-interop-server.c b/demos/guide/quic-hq-interop-server.c index 3f28a0ec97a..df3864fcebf 100644 --- a/demos/guide/quic-hq-interop-server.c +++ b/demos/guide/quic-hq-interop-server.c @@ -33,6 +33,7 @@ * Defaults to "./downloads" if not set. * - SSLKEYLOGFILE: specifies that keylogging should be preformed on the server * should be set to a file name to record keylog data to + * - NO_ADDR_VALIDATE: Disables server address validation of clients * */ @@ -491,13 +492,21 @@ static int run_quic_server(SSL_CTX *ctx, BIO *sock) int ok = 0; SSL *listener, *conn, *stream; unsigned long errcode; + uint64_t flags = 0; + + /* + * If NO_ADDR_VALIDATE exists in our environment + * then disable address validation on our listener + */ + if (getenv("NO_ADDR_VALIDATE") != NULL) + flags |= SSL_LISTENER_FLAG_NO_VALIDATE; /* * Create a new QUIC listener. Listeners, and other QUIC objects, default * to operating in blocking mode. The configured behaviour is inherited by * child objects. */ - if ((listener = SSL_new_listener(ctx, 0)) == NULL) + if ((listener = SSL_new_listener(ctx, flags)) == NULL) goto err; /* Provide the listener with our UDP socket. */ diff --git a/test/quic-openssl-docker/run_endpoint.sh b/test/quic-openssl-docker/run_endpoint.sh index e8729c30dd4..829825de7ad 100644 --- a/test/quic-openssl-docker/run_endpoint.sh +++ b/test/quic-openssl-docker/run_endpoint.sh @@ -88,7 +88,10 @@ elif [ "$ROLE" == "server" ]; then echo "TESTCASE is $TESTCASE" rm -f $CURLRC case "$TESTCASE" in - "handshake"|"transfer"|"retry"|"resumption") + "handshake") + NO_ADDR_VALIDATE=yes SSLKEYLOGFILE=/logs/keys.log FILEPREFIX=/www quic-hq-interop-server 443 /certs/cert.pem /certs/priv.key + ;; + "transfer"|"retry"|"resumption") SSLKEYLOGFILE=/logs/keys.log FILEPREFIX=/www quic-hq-interop-server 443 /certs/cert.pem /certs/priv.key ;; "chacha20")