mirror of
https://repo.or.cz/socat.git
synced 2024-12-22 23:42:34 +00:00
test.sh: Fixed renogotiation tests for newer OpenSSL
This commit is contained in:
parent
f2d17f0949
commit
f8985bc1ab
2 changed files with 14 additions and 2 deletions
5
CHANGES
5
CHANGES
|
@ -10,6 +10,11 @@ Testing:
|
|||
OPENSSLCERTSERVER, OPENSSL_CN_CLIENT_SECURITY, and
|
||||
OPENSSL_CN_SERVER_SECURITY now tolerate this.
|
||||
|
||||
OpenSSL no longer allows explicit renegotiation with TLSv1.3, thus the
|
||||
appropriate tests failed.
|
||||
Fix: use TLSv1.2 for renegotiation tests
|
||||
Tests: OPENSSLRENEG1 OPENSSLRENEG2
|
||||
|
||||
####################### V 1.7.3.4:
|
||||
|
||||
Corrections:
|
||||
|
|
11
test.sh
11
test.sh
|
@ -11238,8 +11238,14 @@ PORT=$((PORT+1))
|
|||
N=$((N+1))
|
||||
|
||||
|
||||
if type openssl >/dev/null 2>&1; then
|
||||
OPENSSL_METHOD=$(openssl s_client -help 2>&1 |egrep -o -e '-tls1(_[012])?' |sort -V |tail -n 1)
|
||||
[ -z "$OPENSSL_METHOD" ] && OPENSSL_METHOD="-tls1" # just so
|
||||
fi
|
||||
|
||||
# socat up to 1.7.1.1 (and 2.0.0-b3) terminated with error when an openssl peer
|
||||
# performed a renegotiation. Test if this is fixed.
|
||||
# Note: the renegotiation feature in OpenSSL exists only up to TLSv1.2
|
||||
NAME=OPENSSLRENEG1
|
||||
case "$TESTS" in
|
||||
*%$N%*|*%functions%*|*%bugs%*|*%openssl%*|*%socket%*|*%$NAME%*)
|
||||
|
@ -11267,7 +11273,7 @@ tdiff="$td/test$N.diff"
|
|||
da="test$N $(date) $RANDOM"
|
||||
CMD0="$TRACE $SOCAT $opts OPENSSL-LISTEN:$PORT,$REUSEADDR,cert=testsrv.crt,key=testsrv.key,verify=0 PIPE"
|
||||
#CMD1="openssl s_client -port $PORT -verify 0" # not with openssl 1.1.0g
|
||||
CMD1="openssl s_client -port $PORT"
|
||||
CMD1="openssl s_client $OPENSSL_METHOD -port $PORT"
|
||||
printf "test $F_n $TEST... " $N
|
||||
$CMD0 >/dev/null 2>"${te}0" &
|
||||
pid0=$!
|
||||
|
@ -11298,6 +11304,7 @@ N=$((N+1))
|
|||
# socat up to 1.7.1.1 (and 2.0.0-b3) terminated with error when an openssl peer
|
||||
# performed a renegotiation. The first temporary fix to this problem might
|
||||
# leave socat in a blocking ssl-read state. Test if this has been fixed.
|
||||
# Note: the renegotiation feature in OpenSSL exists only up to TLSv1.2
|
||||
NAME=OPENSSLRENEG2
|
||||
case "$TESTS" in
|
||||
*%$N%*|*%functions%*|*%bugs%*|*%openssl%*|*%socket%*|*%$NAME%*)
|
||||
|
@ -11326,7 +11333,7 @@ tdiff="$td/test$N.diff"
|
|||
da="test$N $(date) $RANDOM"
|
||||
CMD0="$TRACE $SOCAT $opts OPENSSL-LISTEN:$PORT,$REUSEADDR,cert=testsrv.crt,key=testsrv.key,verify=0 SYSTEM:\"sleep 1; echo \\\\\\\"\\\"$da\\\"\\\\\\\"; sleep 1\"!!STDIO"
|
||||
#CMD1="openssl s_client -port $PORT -verify 0" # not with openssl 1.1.0g
|
||||
CMD1="openssl s_client -port $PORT"
|
||||
CMD1="openssl s_client $OPENSSL_METHOD -port $PORT"
|
||||
printf "test $F_n $TEST... " $N
|
||||
eval "$CMD0 >/dev/null 2>\"${te}0\" &"
|
||||
pid0=$!
|
||||
|
|
Loading…
Reference in a new issue