summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBenjamin Kaduk <bkaduk@akamai.com>2021-05-03 22:23:53 +0200
committerBenjamin Kaduk <kaduk@mit.edu>2021-05-05 17:13:51 +0200
commit6c0ac9b99f2b7278a5ec60ef0c29c71e9eb4f40d (patch)
treed4758294547db8f4f1e79039028b550cfeb0c32a
parentCorrect ssl_conf logic for "legacy_server_connect" (diff)
downloadopenssl-6c0ac9b99f2b7278a5ec60ef0c29c71e9eb4f40d.tar.xz
openssl-6c0ac9b99f2b7278a5ec60ef0c29c71e9eb4f40d.zip
adapt tests to SSL_OP_LEGACY_SERVER_CONNECT change
The "bad DTLS" tests run into trouble due to the special behavior for that "bad" version, and the SSL record tests need to set the -legacy_server_connect flag to allow an SSLv2 ClientHello to work against any TLS server (since SSLv2 ClientHello messages cannot carry extensions as would be needed in order to negotiate the use of the renegitiation_info extension). Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15127)
-rw-r--r--test/bad_dtls_test.c2
-rw-r--r--test/recipes/70-test_sslrecords.t2
2 files changed, 3 insertions, 1 deletions
diff --git a/test/bad_dtls_test.c b/test/bad_dtls_test.c
index 48cf45bae6..a67db1737e 100644
--- a/test/bad_dtls_test.c
+++ b/test/bad_dtls_test.c
@@ -494,6 +494,8 @@ static int test_bad_dtls(void)
if (!TEST_ptr(ctx)
|| !TEST_true(SSL_CTX_set_min_proto_version(ctx, DTLS1_BAD_VER))
|| !TEST_true(SSL_CTX_set_max_proto_version(ctx, DTLS1_BAD_VER))
+ || !TEST_true(SSL_CTX_set_options(ctx,
+ SSL_OP_LEGACY_SERVER_CONNECT))
|| !TEST_true(SSL_CTX_set_cipher_list(ctx, "AES128-SHA")))
goto end;
diff --git a/test/recipes/70-test_sslrecords.t b/test/recipes/70-test_sslrecords.t
index 729a41856d..318c9235b0 100644
--- a/test/recipes/70-test_sslrecords.t
+++ b/test/recipes/70-test_sslrecords.t
@@ -96,7 +96,7 @@ my $sslv2testtype = TLSV1_2_IN_SSLV2;
$proxy->clear();
$proxy->filter(\&add_sslv2_filter);
$proxy->serverflags("-tls1_2");
-$proxy->clientflags("-no_tls1_3");
+$proxy->clientflags("-no_tls1_3 -legacy_renegotiation");
$proxy->ciphers("AES128-SHA:\@SECLEVEL=0");
$proxy->start();
ok(TLSProxy::Message->success(), "TLSv1.2 in SSLv2 ClientHello test");