From: Jouni Malinen <jouni@codeaurora.org>
Date: Mon, 3 Jun 2019 17:25:56 +0000 (+0300)
Subject: tests: Fix EAP-FAST protocol testing with older OpenSSL library versions
X-Git-Tag: hostap_2_9~181
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fe40c679d22b330a0fb9b35d9236666d9b364306;p=thirdparty%2Fhostap.git

tests: Fix EAP-FAST protocol testing with older OpenSSL library versions

Looks like the previous fix for a newer OpenSSL versions broke
functionality with older versions that did not seem to like @SECLEVEL=0
in the cipher list. Make that addition conditional on OpenSSL version to
work with both versions.

Fixes: e87e6f609bb1 ("tests: Fix EAP-FAST protocol testing with newer OpenSSL and pyOpenSSL")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
---

diff --git a/tests/hwsim/test_eap_proto.py b/tests/hwsim/test_eap_proto.py
index db30594eb..7aeaf968c 100644
--- a/tests/hwsim/test_eap_proto.py
+++ b/tests/hwsim/test_eap_proto.py
@@ -10110,7 +10110,10 @@ def run_eap_fast_phase2(dev, test_payload, test_failure=True):
         ctx['sslctx'] = OpenSSL.SSL.Context(OpenSSL.SSL.TLSv1_METHOD)
         ctx['sslctx'].set_info_callback(ssl_info_callback)
         ctx['sslctx'].load_tmp_dh("auth_serv/dh.conf")
-        ctx['sslctx'].set_cipher_list("ADH-AES128-SHA:@SECLEVEL=0")
+        if OpenSSL.SSL.OPENSSL_VERSION_NUMBER >= 0x10100000:
+            ctx['sslctx'].set_cipher_list("ADH-AES128-SHA:@SECLEVEL=0")
+        else:
+            ctx['sslctx'].set_cipher_list("ADH-AES128-SHA")
         ctx['conn'] = OpenSSL.SSL.Connection(ctx['sslctx'], None)
         ctx['conn'].set_accept_state()
         log_conn_state(ctx['conn'])