root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Enhance ssltestlib's create_ssl_ctx_pair to take min and max proto version 

Have all test programs using that function specify those versions.
Additionally, have the remaining test programs that use SSL_CTX_new
directly specify at least the maximum protocol version.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5663)
This commit is contained in:
Richard Levitte 2018-03-19 09:08:06 +01:00
parent 2e2faa8c48
commit 7d7f6834e5
13 changed files with 127 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
test/asynciotest.c
View File

@ -299,6 +299,7 @@ static int test_asyncio(int test)
char buf[sizeof(testdata)]; char buf[sizeof(testdata)];
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
TLS1_VERSION, TLS_MAX_VERSION,
&serverctx, &clientctx, cert, privkey))) &serverctx, &clientctx, cert, privkey)))
goto end; goto end;

2
test/clienthellotest.c
View File

@ -78,6 +78,8 @@ static int test_client_hello(int currtest)
ctx = SSL_CTX_new(TLS_method()); ctx = SSL_CTX_new(TLS_method());
if (!TEST_ptr(ctx)) if (!TEST_ptr(ctx))
goto end; goto end;
if (!TEST_true(SSL_CTX_set_max_proto_version(ctx, TLS_MAX_VERSION)))
goto end;
switch(currtest) { switch(currtest) {
case TEST_SET_SESSION_TICK_DATA_VER_NEG: case TEST_SET_SESSION_TICK_DATA_VER_NEG:

5
test/dtlstest.c
View File

@ -61,8 +61,9 @@ static int test_dtls_unprocessed(int testidx)
timer_cb_count = 0; timer_cb_count = 0;
if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(), if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(),
DTLS_client_method(), &sctx, DTLS_client_method(),
&cctx, cert, privkey))) DTLS1_VERSION, DTLS_MAX_VERSION,
&sctx, &cctx, cert, privkey)))
return 0; return 0;
if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "AES128-SHA"))) if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "AES128-SHA")))

5
test/fatalerrtest.c
View File

@ -28,8 +28,9 @@ static int test_fatalerr(void)
0x17, 0x03, 0x03, 0x00, 0x05, 'D', 'u', 'm', 'm', 'y' 0x17, 0x03, 0x03, 0x00, 0x05, 'D', 'u', 'm', 'm', 'y'
}; };
if (!TEST_true(create_ssl_ctx_pair(TLS_method(), TLS_method(), &sctx, &cctx, if (!TEST_true(create_ssl_ctx_pair(TLS_method(), TLS_method(),
cert, privkey))) TLS1_VERSION, TLS_MAX_VERSION,
&sctx, &cctx, cert, privkey)))
goto err; goto err;
/* /*

1
test/recordlentest.c
View File

@ -103,6 +103,7 @@ static int test_record_overflow(int idx)
ERR_clear_error(); ERR_clear_error();
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
TLS1_VERSION, TLS_MAX_VERSION,
&sctx, &cctx, cert, privkey))) &sctx, &cctx, cert, privkey)))
goto end; goto end;

27
test/ssl_test.c
View File

@ -406,15 +406,27 @@ static int test_handshake(int idx)
#ifndef OPENSSL_NO_DTLS #ifndef OPENSSL_NO_DTLS
if (test_ctx->method == SSL_TEST_METHOD_DTLS) { if (test_ctx->method == SSL_TEST_METHOD_DTLS) {
server_ctx = SSL_CTX_new(DTLS_server_method()); server_ctx = SSL_CTX_new(DTLS_server_method());
if (!TEST_true(SSL_CTX_set_max_proto_version(server_ctx,
DTLS_MAX_VERSION)))
goto err;
if (test_ctx->extra.server.servername_callback != if (test_ctx->extra.server.servername_callback !=
SSL_TEST_SERVERNAME_CB_NONE) { SSL_TEST_SERVERNAME_CB_NONE) {
if (!TEST_ptr(server2_ctx = SSL_CTX_new(DTLS_server_method()))) if (!TEST_ptr(server2_ctx = SSL_CTX_new(DTLS_server_method())))
goto err; goto err;
} }
client_ctx = SSL_CTX_new(DTLS_client_method()); client_ctx = SSL_CTX_new(DTLS_client_method());
if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx,
DTLS_MAX_VERSION)))
goto err;
if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) { if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {
resume_server_ctx = SSL_CTX_new(DTLS_server_method()); resume_server_ctx = SSL_CTX_new(DTLS_server_method());
if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx,
DTLS_MAX_VERSION)))
goto err;
resume_client_ctx = SSL_CTX_new(DTLS_client_method()); resume_client_ctx = SSL_CTX_new(DTLS_client_method());
if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx,
DTLS_MAX_VERSION)))
goto err;
if (!TEST_ptr(resume_server_ctx) if (!TEST_ptr(resume_server_ctx)
|| !TEST_ptr(resume_client_ctx)) || !TEST_ptr(resume_client_ctx))
goto err; goto err;
@ -423,17 +435,32 @@ static int test_handshake(int idx)
#endif #endif
if (test_ctx->method == SSL_TEST_METHOD_TLS) { if (test_ctx->method == SSL_TEST_METHOD_TLS) {
server_ctx = SSL_CTX_new(TLS_server_method()); server_ctx = SSL_CTX_new(TLS_server_method());
if (!TEST_true(SSL_CTX_set_max_proto_version(server_ctx,
TLS_MAX_VERSION)))
goto err;
/* SNI on resumption isn't supported/tested yet. */ /* SNI on resumption isn't supported/tested yet. */
if (test_ctx->extra.server.servername_callback != if (test_ctx->extra.server.servername_callback !=
SSL_TEST_SERVERNAME_CB_NONE) { SSL_TEST_SERVERNAME_CB_NONE) {
if (!TEST_ptr(server2_ctx = SSL_CTX_new(TLS_server_method()))) if (!TEST_ptr(server2_ctx = SSL_CTX_new(TLS_server_method())))
goto err; goto err;
if (!TEST_true(SSL_CTX_set_max_proto_version(server2_ctx,
TLS_MAX_VERSION)))
goto err;
} }
client_ctx = SSL_CTX_new(TLS_client_method()); client_ctx = SSL_CTX_new(TLS_client_method());
if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx,
TLS_MAX_VERSION)))
goto err;
if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) { if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {
resume_server_ctx = SSL_CTX_new(TLS_server_method()); resume_server_ctx = SSL_CTX_new(TLS_server_method());
if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx,
TLS_MAX_VERSION)))
goto err;
resume_client_ctx = SSL_CTX_new(TLS_client_method()); resume_client_ctx = SSL_CTX_new(TLS_client_method());
if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx,
TLS_MAX_VERSION)))
goto err;
if (!TEST_ptr(resume_server_ctx) if (!TEST_ptr(resume_server_ctx)
|| !TEST_ptr(resume_client_ctx)) || !TEST_ptr(resume_client_ctx))
goto err; goto err;

95
test/sslapitest.c
View File

@ -272,6 +272,7 @@ static int test_keylog(void)
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
TLS_client_method(), TLS_client_method(),
TLS1_VERSION, TLS_MAX_VERSION,
&sctx, &cctx, cert, privkey))) &sctx, &cctx, cert, privkey)))
return 0; return 0;
@ -349,9 +350,9 @@ static int test_keylog_no_master_key(void)
server_log_buffer_index = 0; server_log_buffer_index = 0;
error_writing_log = 0; error_writing_log = 0;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
TLS_client_method(), &sctx, TLS1_VERSION, TLS_MAX_VERSION,
&cctx, cert, privkey))) &sctx, &cctx, cert, privkey)))
return 0; return 0;
if (!TEST_true(SSL_CTX_get_keylog_callback(cctx) == NULL) if (!TEST_true(SSL_CTX_get_keylog_callback(cctx) == NULL)
@ -452,9 +453,9 @@ static int test_client_hello_cb(void)
SSL *clientssl = NULL, *serverssl = NULL; SSL *clientssl = NULL, *serverssl = NULL;
int testctr = 0, testresult = 0; int testctr = 0, testresult = 0;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
TLS_client_method(), &sctx, TLS1_VERSION, TLS_MAX_VERSION,
&cctx, cert, privkey))) &sctx, &cctx, cert, privkey)))
goto end; goto end;
SSL_CTX_set_client_hello_cb(sctx, full_client_hello_callback, &testctr); SSL_CTX_set_client_hello_cb(sctx, full_client_hello_callback, &testctr);
@ -490,7 +491,9 @@ end:
#endif #endif
static int execute_test_large_message(const SSL_METHOD *smeth, static int execute_test_large_message(const SSL_METHOD *smeth,
const SSL_METHOD *cmeth, int read_ahead) const SSL_METHOD *cmeth,
int min_version, int max_version,
int read_ahead)
{ {
SSL_CTX *cctx = NULL, *sctx = NULL; SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL; SSL *clientssl = NULL, *serverssl = NULL;
@ -508,8 +511,8 @@ static int execute_test_large_message(const SSL_METHOD *smeth,
if (!TEST_ptr(chaincert)) if (!TEST_ptr(chaincert))
goto end; goto end;
if (!TEST_true(create_ssl_ctx_pair(smeth, cmeth, &sctx, if (!TEST_true(create_ssl_ctx_pair(smeth, cmeth, min_version, max_version,
&cctx, cert, privkey))) &sctx, &cctx, cert, privkey)))
goto end; goto end;
if (read_ahead) { if (read_ahead) {
@ -566,12 +569,14 @@ static int execute_test_large_message(const SSL_METHOD *smeth,
static int test_large_message_tls(void) static int test_large_message_tls(void)
{ {
return execute_test_large_message(TLS_server_method(), TLS_client_method(), return execute_test_large_message(TLS_server_method(), TLS_client_method(),
TLS1_VERSION, TLS_MAX_VERSION,
0); 0);
} }
static int test_large_message_tls_read_ahead(void) static int test_large_message_tls_read_ahead(void)
{ {
return execute_test_large_message(TLS_server_method(), TLS_client_method(), return execute_test_large_message(TLS_server_method(), TLS_client_method(),
TLS1_VERSION, TLS_MAX_VERSION,
1); 1);
} }
@ -583,7 +588,9 @@ static int test_large_message_dtls(void)
* read_ahead is set. * read_ahead is set.
*/ */
return execute_test_large_message(DTLS_server_method(), return execute_test_large_message(DTLS_server_method(),
DTLS_client_method(), 0); DTLS_client_method(),
DTLS1_VERSION, DTLS_MAX_VERSION,
0);
} }
#endif #endif
@ -642,8 +649,9 @@ static int test_tlsext_status_type(void)
OCSP_RESPID *id = NULL; OCSP_RESPID *id = NULL;
BIO *certbio = NULL; BIO *certbio = NULL;
if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), &sctx, if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
&cctx, cert, privkey)) TLS1_VERSION, TLS_MAX_VERSION,
&sctx, &cctx, cert, privkey))
return 0; return 0;
if (SSL_CTX_get_tlsext_status_type(cctx) != -1) if (SSL_CTX_get_tlsext_status_type(cctx) != -1)
@ -806,9 +814,9 @@ static int execute_test_session(int maxprot, int use_int_cache,
new_called = remove_called = 0; new_called = remove_called = 0;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
TLS_client_method(), &sctx, TLS1_VERSION, TLS_MAX_VERSION,
&cctx, cert, privkey))) &sctx, &cctx, cert, privkey)))
return 0; return 0;
/* /*
@ -1341,9 +1349,9 @@ static int test_set_sigalgs(int idx)
curr = testctx ? &testsigalgs[idx] curr = testctx ? &testsigalgs[idx]
: &testsigalgs[idx - OSSL_NELEM(testsigalgs)]; : &testsigalgs[idx - OSSL_NELEM(testsigalgs)];
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
TLS_client_method(), &sctx, TLS1_VERSION, TLS_MAX_VERSION,
&cctx, cert, privkey))) &sctx, &cctx, cert, privkey)))
return 0; return 0;
/* /*
@ -1558,9 +1566,9 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity,
static int setupearly_data_test(SSL_CTX **cctx, SSL_CTX **sctx, SSL **clientssl, static int setupearly_data_test(SSL_CTX **cctx, SSL_CTX **sctx, SSL **clientssl,
SSL **serverssl, SSL_SESSION **sess, int idx) SSL **serverssl, SSL_SESSION **sess, int idx)
{ {
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
TLS_client_method(), sctx, TLS1_VERSION, TLS_MAX_VERSION,
cctx, cert, privkey)) sctx, cctx, cert, privkey))
|| !TEST_true(SSL_CTX_set_max_early_data(*sctx, || !TEST_true(SSL_CTX_set_max_early_data(*sctx,
SSL3_RT_MAX_PLAIN_LENGTH)) SSL3_RT_MAX_PLAIN_LENGTH))
|| !TEST_true(SSL_CTX_set_max_early_data(*cctx, || !TEST_true(SSL_CTX_set_max_early_data(*cctx,
@ -2440,9 +2448,9 @@ static int test_ciphersuite_change(void)
const SSL_CIPHER *aes_128_gcm_sha256 = NULL; const SSL_CIPHER *aes_128_gcm_sha256 = NULL;
/* Create a session based on SHA-256 */ /* Create a session based on SHA-256 */
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
TLS_client_method(), &sctx, TLS1_VERSION, TLS_MAX_VERSION,
&cctx, cert, privkey)) &sctx, &cctx, cert, privkey))
|| !TEST_true(SSL_CTX_set_ciphersuites(cctx, || !TEST_true(SSL_CTX_set_ciphersuites(cctx,
"TLS_AES_128_GCM_SHA256")) "TLS_AES_128_GCM_SHA256"))
|| !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
@ -2573,9 +2581,9 @@ static int test_tls13_psk(int idx)
}; };
int testresult = 0; int testresult = 0;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
TLS_client_method(), &sctx, TLS1_VERSION, TLS_MAX_VERSION,
&cctx, cert, privkey))) &sctx, &cctx, cert, privkey)))
goto end; goto end;
/* /*
@ -2808,9 +2816,9 @@ static int test_stateless(void)
SSL *serverssl = NULL, *clientssl = NULL; SSL *serverssl = NULL, *clientssl = NULL;
int testresult = 0; int testresult = 0;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
TLS_client_method(), &sctx, TLS1_VERSION, TLS_MAX_VERSION,
&cctx, cert, privkey))) &sctx, &cctx, cert, privkey)))
goto end; goto end;
/* The arrival of CCS messages can confuse the test */ /* The arrival of CCS messages can confuse the test */
@ -3032,14 +3040,15 @@ static int test_custom_exts(int tst)
clntaddnewcb = clntparsenewcb = srvaddnewcb = srvparsenewcb = 0; clntaddnewcb = clntparsenewcb = srvaddnewcb = srvparsenewcb = 0;
snicb = 0; snicb = 0;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
TLS_client_method(), &sctx, TLS1_VERSION, TLS_MAX_VERSION,
&cctx, cert, privkey))) &sctx, &cctx, cert, privkey)))
goto end; goto end;
if (tst == 2 if (tst == 2
&& !TEST_true(create_ssl_ctx_pair(TLS_server_method(), NULL, &sctx2, && !TEST_true(create_ssl_ctx_pair(TLS_server_method(), NULL,
NULL, cert, privkey))) TLS1_VERSION, TLS_MAX_VERSION,
&sctx2, NULL, cert, privkey)))
goto end; goto end;
@ -3308,9 +3317,9 @@ static int test_export_key_mat(int tst)
if (tst == 3) if (tst == 3)
return 1; return 1;
#endif #endif
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
TLS_client_method(), &sctx, TLS1_VERSION, TLS_MAX_VERSION,
&cctx, cert, privkey))) &sctx, &cctx, cert, privkey)))
goto end; goto end;
OPENSSL_assert(tst >= 0 && (size_t)tst < OSSL_NELEM(protocols)); OPENSSL_assert(tst >= 0 && (size_t)tst < OSSL_NELEM(protocols));
@ -3488,9 +3497,9 @@ static int test_ssl_clear(int idx)
#endif #endif
/* Create an initial connection */ /* Create an initial connection */
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
TLS_client_method(), &sctx, TLS1_VERSION, TLS_MAX_VERSION,
&cctx, cert, privkey)) &sctx, &cctx, cert, privkey))
|| (idx == 1 || (idx == 1
&& !TEST_true(SSL_CTX_set_max_proto_version(cctx, && !TEST_true(SSL_CTX_set_max_proto_version(cctx,
TLS1_2_VERSION))) TLS1_2_VERSION)))
@ -3644,8 +3653,8 @@ static int test_pha_key_update(void)
SSL *clientssl = NULL, *serverssl = NULL; SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0; int testresult = 0;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
TLS_client_method(), TLS1_VERSION, TLS_MAX_VERSION,
&sctx, &cctx, cert, privkey))) &sctx, &cctx, cert, privkey)))
return 0; return 0;

1
test/sslbuffertest.c
View File

@ -166,6 +166,7 @@ int setup_tests(void)
return 0; return 0;
if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
TLS1_VERSION, TLS_MAX_VERSION,
&serverctx, &clientctx, cert, pkey)) { &serverctx, &clientctx, cert, pkey)) {
TEST_error("Failed to create SSL_CTX pair\n"); TEST_error("Failed to create SSL_CTX pair\n");
return 0; return 0;

6
test/sslcorrupttest.c
View File

@ -193,9 +193,9 @@ static int test_ssl_corrupt(int testidx)
TEST_info("Starting #%d, %s", testidx, cipher_list[testidx]); TEST_info("Starting #%d, %s", testidx, cipher_list[testidx]);
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
TLS_client_method(), &sctx, TLS1_VERSION, TLS_MAX_VERSION,
&cctx, cert, privkey))) &sctx, &cctx, cert, privkey)))
return 0; return 0;
if (!TEST_true(SSL_CTX_set_cipher_list(cctx, cipher_list[testidx]))) if (!TEST_true(SSL_CTX_set_cipher_list(cctx, cipher_list[testidx])))

9
test/ssltest_old.c
View File

@ -1330,10 +1330,13 @@ int main(int argc, char *argv[])
} else if (tls1_2) { } else if (tls1_2) {
min_version = TLS1_2_VERSION; min_version = TLS1_2_VERSION;
max_version = TLS1_2_VERSION; max_version = TLS1_2_VERSION;
} else {
min_version = SSL3_VERSION;
max_version = TLS_MAX_VERSION;
} }
#endif #endif
#ifndef OPENSSL_NO_DTLS #ifndef OPENSSL_NO_DTLS
if (dtls || dtls1 || dtls12) if (dtls || dtls1 || dtls12) {
meth = DTLS_method(); meth = DTLS_method();
if (dtls1) { if (dtls1) {
min_version = DTLS1_VERSION; min_version = DTLS1_VERSION;
@ -1341,6 +1344,10 @@ int main(int argc, char *argv[])
} else if (dtls12) { } else if (dtls12) {
min_version = DTLS1_2_VERSION; min_version = DTLS1_2_VERSION;
max_version = DTLS1_2_VERSION; max_version = DTLS1_2_VERSION;
} else {
min_version = DTLS_MIN_VERSION;
max_version = DTLS_MAX_VERSION;
}
} }
#endif #endif

17
test/ssltestlib.c
View File

@ -511,6 +511,7 @@ static int mempacket_test_puts(BIO *bio, const char *str)
} }
int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm, int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm,
int min_proto_version, int max_proto_version,
SSL_CTX **sctx, SSL_CTX **cctx, char *certfile, SSL_CTX **sctx, SSL_CTX **cctx, char *certfile,
char *privkeyfile) char *privkeyfile)
{ {
@ -521,6 +522,22 @@ int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm,
|| (cctx != NULL && !TEST_ptr(clientctx = SSL_CTX_new(cm)))) || (cctx != NULL && !TEST_ptr(clientctx = SSL_CTX_new(cm))))
goto err; goto err;
if ((min_proto_version > 0
&& !TEST_true(SSL_CTX_set_min_proto_version(serverctx,
min_proto_version)))
|| (max_proto_version > 0
&& !TEST_true(SSL_CTX_set_max_proto_version(serverctx,
max_proto_version))))
goto err;
if (clientctx != NULL
&& ((min_proto_version > 0
&& !TEST_true(SSL_CTX_set_min_proto_version(serverctx,
min_proto_version)))
|| (max_proto_version > 0
&& !TEST_true(SSL_CTX_set_max_proto_version(serverctx,
max_proto_version)))))
goto err;
if (!TEST_int_eq(SSL_CTX_use_certificate_file(serverctx, certfile, if (!TEST_int_eq(SSL_CTX_use_certificate_file(serverctx, certfile,
SSL_FILETYPE_PEM), 1) SSL_FILETYPE_PEM), 1)
|| !TEST_int_eq(SSL_CTX_use_PrivateKey_file(serverctx, privkeyfile, || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(serverctx, privkeyfile,

1
test/ssltestlib.h
View File

@ -13,6 +13,7 @@
# include <openssl/ssl.h> # include <openssl/ssl.h>
int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm, int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm,
int min_proto_version, int max_proto_version,
SSL_CTX **sctx, SSL_CTX **cctx, char *certfile, SSL_CTX **sctx, SSL_CTX **cctx, char *certfile,
char *privkeyfile); char *privkeyfile);
int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl, int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl,

1
test/tls13ccstest.c
View File

@ -255,6 +255,7 @@ static int test_tls13ccs(int tst)
chsessidlen = 0; chsessidlen = 0;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
TLS1_VERSION, TLS_MAX_VERSION,
&sctx, &cctx, cert, privkey)) &sctx, &cctx, cert, privkey))
|| !TEST_true(SSL_CTX_set_max_early_data(sctx, || !TEST_true(SSL_CTX_set_max_early_data(sctx,
SSL3_RT_MAX_PLAIN_LENGTH)) SSL3_RT_MAX_PLAIN_LENGTH))