diff options
author | Benjamin Kaduk <bkaduk@akamai.com> | 2021-05-03 22:23:53 +0200 |
---|---|---|
committer | Benjamin Kaduk <kaduk@mit.edu> | 2021-05-05 17:13:51 +0200 |
commit | 6c0ac9b99f2b7278a5ec60ef0c29c71e9eb4f40d (patch) | |
tree | d4758294547db8f4f1e79039028b550cfeb0c32a | |
parent | Correct ssl_conf logic for "legacy_server_connect" (diff) | |
download | openssl-6c0ac9b99f2b7278a5ec60ef0c29c71e9eb4f40d.tar.xz openssl-6c0ac9b99f2b7278a5ec60ef0c29c71e9eb4f40d.zip |
adapt tests to SSL_OP_LEGACY_SERVER_CONNECT change
The "bad DTLS" tests run into trouble due to the special behavior
for that "bad" version, and the SSL record tests need to set the
-legacy_server_connect flag to allow an SSLv2 ClientHello to work
against any TLS server (since SSLv2 ClientHello messages cannot
carry extensions as would be needed in order to negotiate the use
of the renegitiation_info extension).
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15127)
-rw-r--r-- | test/bad_dtls_test.c | 2 | ||||
-rw-r--r-- | test/recipes/70-test_sslrecords.t | 2 |
2 files changed, 3 insertions, 1 deletions
diff --git a/test/bad_dtls_test.c b/test/bad_dtls_test.c index 48cf45bae6..a67db1737e 100644 --- a/test/bad_dtls_test.c +++ b/test/bad_dtls_test.c @@ -494,6 +494,8 @@ static int test_bad_dtls(void) if (!TEST_ptr(ctx) || !TEST_true(SSL_CTX_set_min_proto_version(ctx, DTLS1_BAD_VER)) || !TEST_true(SSL_CTX_set_max_proto_version(ctx, DTLS1_BAD_VER)) + || !TEST_true(SSL_CTX_set_options(ctx, + SSL_OP_LEGACY_SERVER_CONNECT)) || !TEST_true(SSL_CTX_set_cipher_list(ctx, "AES128-SHA"))) goto end; diff --git a/test/recipes/70-test_sslrecords.t b/test/recipes/70-test_sslrecords.t index 729a41856d..318c9235b0 100644 --- a/test/recipes/70-test_sslrecords.t +++ b/test/recipes/70-test_sslrecords.t @@ -96,7 +96,7 @@ my $sslv2testtype = TLSV1_2_IN_SSLV2; $proxy->clear(); $proxy->filter(\&add_sslv2_filter); $proxy->serverflags("-tls1_2"); -$proxy->clientflags("-no_tls1_3"); +$proxy->clientflags("-no_tls1_3 -legacy_renegotiation"); $proxy->ciphers("AES128-SHA:\@SECLEVEL=0"); $proxy->start(); ok(TLSProxy::Message->success(), "TLSv1.2 in SSLv2 ClientHello test"); |