From 6c0ac9b99f2b7278a5ec60ef0c29c71e9eb4f40d Mon Sep 17 00:00:00 2001 From: Benjamin Kaduk Date: Mon, 3 May 2021 13:23:53 -0700 Subject: [PATCH] adapt tests to SSL_OP_LEGACY_SERVER_CONNECT change The "bad DTLS" tests run into trouble due to the special behavior for that "bad" version, and the SSL record tests need to set the -legacy_server_connect flag to allow an SSLv2 ClientHello to work against any TLS server (since SSLv2 ClientHello messages cannot carry extensions as would be needed in order to negotiate the use of the renegitiation_info extension). Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/15127) --- test/bad_dtls_test.c | 2 ++ test/recipes/70-test_sslrecords.t | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/test/bad_dtls_test.c b/test/bad_dtls_test.c index 48cf45bae63..a67db1737ea 100644 --- a/test/bad_dtls_test.c +++ b/test/bad_dtls_test.c @@ -494,6 +494,8 @@ static int test_bad_dtls(void) if (!TEST_ptr(ctx) || !TEST_true(SSL_CTX_set_min_proto_version(ctx, DTLS1_BAD_VER)) || !TEST_true(SSL_CTX_set_max_proto_version(ctx, DTLS1_BAD_VER)) + || !TEST_true(SSL_CTX_set_options(ctx, + SSL_OP_LEGACY_SERVER_CONNECT)) || !TEST_true(SSL_CTX_set_cipher_list(ctx, "AES128-SHA"))) goto end; diff --git a/test/recipes/70-test_sslrecords.t b/test/recipes/70-test_sslrecords.t index 729a41856dd..318c9235b0c 100644 --- a/test/recipes/70-test_sslrecords.t +++ b/test/recipes/70-test_sslrecords.t @@ -96,7 +96,7 @@ my $sslv2testtype = TLSV1_2_IN_SSLV2; $proxy->clear(); $proxy->filter(\&add_sslv2_filter); $proxy->serverflags("-tls1_2"); -$proxy->clientflags("-no_tls1_3"); +$proxy->clientflags("-no_tls1_3 -legacy_renegotiation"); $proxy->ciphers("AES128-SHA:\@SECLEVEL=0"); $proxy->start(); ok(TLSProxy::Message->success(), "TLSv1.2 in SSLv2 ClientHello test"); -- 2.47.2