diff options
| author |   jsing <jsing@openbsd.org> | 2020-04-06 16:52:26 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2020-04-06 16:52:26 +0000 |
| commit | a7a6ad09b0c51d6111bb475e1e2dba0a9ddda949 (patch) | |
| tree | 7e8bdd51cefd93b6d49ea69d68e18db9a95b9db4 | |
| parent | Zero the client random field in the TLSv1.2 golden value. (diff) | |
| download | wireguard-openbsd-a7a6ad09b0c51d6111bb475e1e2dba0a9ddda949.tar.xz wireguard-openbsd-a7a6ad09b0c51d6111bb475e1e2dba0a9ddda949.zip | |
Add tests that cover TLSv1.2 and disable those that trigger TLSv1.3.
This allows the test to pass again.
| -rw-r--r-- | regress/lib/libssl/client/clienttest.c | 35 |
1 files changed, 32 insertions, 3 deletions
diff --git a/regress/lib/libssl/client/clienttest.c b/regress/lib/libssl/client/clienttest.c index 3156ef13aa2..3487348c9e3 100644 --- a/regress/lib/libssl/client/clienttest.c +++ b/regress/lib/libssl/client/clienttest.c @@ -200,13 +200,22 @@ static struct client_hello_test client_hello_tests[] = { .random_start = SSL3_RANDOM_OFFSET, .ssl_method = TLSv1_2_client_method, }, +#if 0 { .desc = "SSLv23 default", - .protocol = TLS1_2_VERSION, + .protocol = TLS1_3_VERSION, .random_start = SSL3_RANDOM_OFFSET, .ssl_method = SSLv23_client_method, .ssl_options = 0, }, +#endif + { + .desc = "SSLv23 default (no TLSv1.3)", + .protocol = TLS1_2_VERSION, + .random_start = SSL3_RANDOM_OFFSET, + .ssl_method = SSLv23_client_method, + .ssl_options = SSL_OP_NO_TLSv1_3, + }, { .desc = "SSLv23 (no TLSv1.2)", .protocol = TLS1_1_VERSION, @@ -221,13 +230,22 @@ static struct client_hello_test client_hello_tests[] = { .ssl_method = SSLv23_client_method, .ssl_options = SSL_OP_NO_TLSv1_1, }, +#if 0 { .desc = "TLS default", - .protocol = TLS1_2_VERSION, + .protocol = TLS1_3_VERSION, .random_start = SSL3_RANDOM_OFFSET, .ssl_method = TLS_client_method, .ssl_options = 0, }, +#endif + { + .desc = "TLS (no TLSv1.3)", + .protocol = TLS1_2_VERSION, + .random_start = SSL3_RANDOM_OFFSET, + .ssl_method = TLS_client_method, + .ssl_options = SSL_OP_NO_TLSv1_3, + }, { .desc = "TLS (no TLSv1.2)", .protocol = TLS1_1_VERSION, @@ -242,13 +260,24 @@ static struct client_hello_test client_hello_tests[] = { .ssl_method = TLS_client_method, .ssl_options = SSL_OP_NO_TLSv1_1, }, +#if 0 { .desc = "TLS (no TLSv1.0, no TLSv1.1)", - .protocol = TLS1_2_VERSION, + .protocol = TLS1_3_VERSION, .random_start = SSL3_RANDOM_OFFSET, .ssl_method = TLS_client_method, .ssl_options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1, }, +#endif +#if 0 + { + .desc = "TLS (no TLSv1.0, no TLSv1.1, no TLSv1.2)", + .protocol = TLS1_3_VERSION, + .random_start = SSL3_RANDOM_OFFSET, + .ssl_method = TLS_client_method, + .ssl_options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2, + }, +#endif }; #define N_CLIENT_HELLO_TESTS \ |