From 374768c6cfeff0def073ccd4bc2a85c2a92ecdbf Mon Sep 17 00:00:00 2001 From: Frederik Wedel-Heinen Date: Thu, 27 Feb 2025 07:11:18 +0100 Subject: [PATCH] Adds a workaround for false negative test results with TLSProxy The server is not able to shut down correctly when the client sends an alert in epoch 0 and the server has sent its Finished message. As a workaround we accept a bad exit code for a failing DTLS test run. Fixes #26915 Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/26922) --- util/perl/TLSProxy/Proxy.pm | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/util/perl/TLSProxy/Proxy.pm b/util/perl/TLSProxy/Proxy.pm index badc179a472..8276915ae73 100644 --- a/util/perl/TLSProxy/Proxy.pm +++ b/util/perl/TLSProxy/Proxy.pm @@ -477,7 +477,14 @@ sub clientstart print "Waiting for s_server process to close: $pid...\n"; # it's done already, just collect the exit code [and reap]... waitpid($pid, 0); - die "exit code $? from s_server process\n" if $? != 0; + + # TODO(DTLSv1.3): The server is not able to shut down correctly + # when the client sends an alert in epoch 0 and the + # server has sent its Finished message. + # As a workaround we accept a bad exit code for a failing + # DTLS test run. + die "exit code $? from s_server process\n" + if $? != 0 && (!$self->{isdtls} || $success == 1); } else { # It's a bit counter-intuitive spot to make next connection to # the s_server. Rationale is that established connection works -- 2.47.2