From: Matt Caswell <matt@openssl.org>
Date: Fri, 22 Jul 2022 10:12:52 +0000 (+0100)
Subject: Fix no-dtls1_2
X-Git-Tag: openssl-3.2.0-alpha1~2338
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a6843e6ae8ae0551aae8555783f06dab7951f112;p=thirdparty%2Fopenssl.git

Fix no-dtls1_2

dtlstest.c needs some adjusting to handle no-dtls1_2 since commit
7bf2e4d7f0c banned DTLSv1 at the default security level - causing the
test to fail.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18848)
---

diff --git a/test/dtlstest.c b/test/dtlstest.c
index e2359addbf6..bb781604fa2 100644
--- a/test/dtlstest.c
+++ b/test/dtlstest.c
@@ -405,6 +405,12 @@ static int test_just_finished(void)
                                        &sctx, NULL, cert, privkey)))
         return 0;
 
+#ifdef OPENSSL_NO_DTLS1_2
+    /* DTLSv1 is not allowed at the default security level */
+    if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0")))
+        goto end;
+#endif
+
     serverssl = SSL_new(sctx);
     rbio = BIO_new(BIO_s_mem());
     wbio = BIO_new(BIO_s_mem());