diff options
| author | Sam Roberts <rsam@ca.ibm.com> | 2018-11-26 22:58:52 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2019-02-14 14:54:56 +0100 |
| commit | 3c83c5ba4f6502c708b7a5f55c98a10e312668da (patch) | |
| tree | ca6386b1af5c76a460a3489ce7504d6747568b00 /test/ssltest_old.c | |
| parent | Configure: stop forcing use of DEFINE macros in headers (diff) | |
| download | openssl-3c83c5ba4f6502c708b7a5f55c98a10e312668da.tar.xz openssl-3c83c5ba4f6502c708b7a5f55c98a10e312668da.zip | |
Ignore cipher suites when setting cipher list
set_cipher_list() sets TLSv1.2 (and below) ciphers, and its success or
failure should not depend on whether set_ciphersuites() has been used to
setup TLSv1.3 ciphers.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7759)
Diffstat (limited to '')
| -rw-r--r-- | test/ssltest_old.c | 51 |
1 files changed, 46 insertions, 5 deletions
diff --git a/test/ssltest_old.c b/test/ssltest_old.c index f26bf85173..390ca88bb7 100644 --- a/test/ssltest_old.c +++ b/test/ssltest_old.c @@ -1382,11 +1382,52 @@ int main(int argc, char *argv[]) goto end; if (cipher != NULL) { - if (!SSL_CTX_set_cipher_list(c_ctx, cipher) - || !SSL_CTX_set_cipher_list(s_ctx, cipher) - || !SSL_CTX_set_cipher_list(s_ctx2, cipher)) { - ERR_print_errors(bio_err); - goto end; + if (strcmp(cipher, "") == 0) { + if (!SSL_CTX_set_cipher_list(c_ctx, cipher)) { + if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_NO_CIPHER_MATCH) { + ERR_clear_error(); + } else { + ERR_print_errors(bio_err); + goto end; + } + } else { + /* Should have failed when clearing all TLSv1.2 ciphers. */ + fprintf(stderr, "CLEARING ALL TLSv1.2 CIPHERS SHOULD FAIL\n"); + goto end; + } + + if (!SSL_CTX_set_cipher_list(s_ctx, cipher)) { + if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_NO_CIPHER_MATCH) { + ERR_clear_error(); + } else { + ERR_print_errors(bio_err); + goto end; + } + } else { + /* Should have failed when clearing all TLSv1.2 ciphers. */ + fprintf(stderr, "CLEARING ALL TLSv1.2 CIPHERS SHOULD FAIL\n"); + goto end; + } + + if (!SSL_CTX_set_cipher_list(s_ctx2, cipher)) { + if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_NO_CIPHER_MATCH) { + ERR_clear_error(); + } else { + ERR_print_errors(bio_err); + goto end; + } + } else { + /* Should have failed when clearing all TLSv1.2 ciphers. */ + fprintf(stderr, "CLEARING ALL TLSv1.2 CIPHERS SHOULD FAIL\n"); + goto end; + } + } else { + if (!SSL_CTX_set_cipher_list(c_ctx, cipher) + || !SSL_CTX_set_cipher_list(s_ctx, cipher) + || !SSL_CTX_set_cipher_list(s_ctx2, cipher)) { + ERR_print_errors(bio_err); + goto end; + } } } if (ciphersuites != NULL) { |