From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Fri, 13 Jul 2018 06:45:49 +0000 (+0200)
Subject: tests: gnutls-cli-debug.sh: corrected run under FIPS mode
X-Git-Tag: gnutls_3_6_3~15
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=bc1fc07e6bfaa526a1292f8ca81451884bb53400;p=thirdparty%2Fgnutls.git

tests: gnutls-cli-debug.sh: corrected run under FIPS mode

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---

diff --git a/tests/gnutls-cli-debug.sh b/tests/gnutls-cli-debug.sh
index 1251d3c17e..60bb74677a 100755
--- a/tests/gnutls-cli-debug.sh
+++ b/tests/gnutls-cli-debug.sh
@@ -80,8 +80,15 @@ declare -a arr=("whether we need to disable TLS 1.2... no" "for TLS 1.0 (RFC2246
 		"TLS1.2 neg fallback from TLS 1.6 to... TLS1.2" "for safe renegotiation (RFC5746) support... yes"
 		"for encrypt-then-MAC (RFC7366) support... yes" "for ext master secret (RFC7627) support... yes"
 		"for RFC7919 Diffie-Hellman support... yes" "for curve SECP256r1 (RFC4492)... yes"
-		"for AES-GCM cipher (RFC5288) support... yes" "for CHACHA20-POLY1305 cipher (RFC7905) support... yes"
-		"for SHA1 MAC support... yes" "for MD5 MAC support... no" "for ARCFOUR 128 cipher (RFC2246) support... no")
+		"for AES-GCM cipher (RFC5288) support... yes"
+		"for SHA1 MAC support... yes")
+
+if test "${GNUTLS_FORCE_FIPS_MODE}" != 1;then
+#these tests are not run in FIPS mode
+arr+=("for MD5 MAC support... no")
+arr+=("for ARCFOUR 128 cipher (RFC2246) support... no")
+arr+=("for CHACHA20-POLY1305 cipher (RFC7905) support... yes")
+fi
 
 for txt in "${arr[@]}"
 do
@@ -117,8 +124,15 @@ declare -a arr=("whether we need to disable TLS 1.2... no" "for TLS 1.0 (RFC2246
 		"TLS1.2 neg fallback from TLS 1.6 to... TLS1.2" "for safe renegotiation (RFC5746) support... yes"
 		"for encrypt-then-MAC (RFC7366) support... yes" "for ext master secret (RFC7627) support... yes"
 		"for RFC7919 Diffie-Hellman support... yes" "for curve SECP256r1 (RFC4492)... yes"
-		"for AES-GCM cipher (RFC5288) support... yes" "for CHACHA20-POLY1305 cipher (RFC7905) support... yes"
-		"for SHA1 MAC support... yes" "for MD5 MAC support... no" "for ARCFOUR 128 cipher (RFC2246) support... no")
+		"for AES-GCM cipher (RFC5288) support... yes"
+		"for SHA1 MAC support... yes")
+
+if test "${GNUTLS_FORCE_FIPS_MODE}" != 1;then
+#these tests are not run in FIPS mode
+arr+=("for MD5 MAC support... no")
+arr+=("for ARCFOUR 128 cipher (RFC2246) support... no")
+arr+=("for CHACHA20-POLY1305 cipher (RFC7905) support... yes")
+fi
 
 for txt in "${arr[@]}"
 do