cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-09-10 07:36:28 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7153 from lpy4105/issue/1785/backport-ssl-test-script-fail

Browse Source 
Backport 2.28: compat.sh: Skip static ECDH cases if unsupported in openssl
This commit is contained in:
Gilles Peskine 2023-02-28 18:11:42 +01:00 committed by GitHub
commit 440535e694
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 20 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.travis.yml
View File

@ -55,8 +55,8 @@ jobs:
# Exclude a few test cases that are failing mysteriously. # Exclude a few test cases that are failing mysteriously.
# https://github.com/Mbed-TLS/mbedtls/issues/6660 # https://github.com/Mbed-TLS/mbedtls/issues/6660
- tests/ssl-opt.sh -e 'Fallback SCSV:\ .*list' - tests/ssl-opt.sh -e 'Fallback SCSV:\ .*list'
# Modern OpenSSL does not support fixed ECDH, null or ancient ciphers. # Modern OpenSSL does not support null or ancient ciphers.
- tests/compat.sh -p OpenSSL -e 'NULL\|ECDH-\|DES\|RC4' - tests/compat.sh -p OpenSSL -e 'NULL\|DES\|RC4'
- tests/scripts/travis-log-failure.sh - tests/scripts/travis-log-failure.sh
# GnuTLS supports CAMELLIA but compat.sh doesn't properly enable it. # GnuTLS supports CAMELLIA but compat.sh doesn't properly enable it.
# Modern GnuTLS does not support DES. # Modern GnuTLS does not support DES.

19
tests/compat.sh
View File

@ -861,6 +861,16 @@ add_mbedtls_ciphersuites()
esac esac
} }
# o_check_ciphersuite CIPHER_SUITE_NAME
o_check_ciphersuite()
{
if [ "${O_SUPPORT_ECDH}" = "NO" ]; then
case "$1" in
*ECDH-*) SKIP_NEXT="YES"
esac
fi
}
setup_arguments() setup_arguments()
{ {
O_MODE="" O_MODE=""
@ -947,6 +957,11 @@ setup_arguments()
;; ;;
esac esac
case $($OPENSSL ciphers ALL) in
*ECDH-ECDSA*|*ECDH-RSA*) O_SUPPORT_ECDH="YES";;
*) O_SUPPORT_ECDH="NO";;
esac
if [ "X$VERIFY" = "XYES" ]; if [ "X$VERIFY" = "XYES" ];
then then
M_SERVER_ARGS="$M_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required" M_SERVER_ARGS="$M_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
@ -1160,7 +1175,7 @@ run_client() {
if [ $EXIT -eq 0 ]; then if [ $EXIT -eq 0 ]; then
RESULT=0 RESULT=0
else else
# If the cipher isn't supported... # If it is NULL cipher ...
if grep 'Cipher is (NONE)' $CLI_OUT >/dev/null; then if grep 'Cipher is (NONE)' $CLI_OUT >/dev/null; then
RESULT=1 RESULT=1
else else
@ -1373,6 +1388,7 @@ for MODE in $MODES; do
if [ "X" != "X$M_CIPHERS" ]; then if [ "X" != "X$M_CIPHERS" ]; then
start_server "OpenSSL" start_server "OpenSSL"
for i in $M_CIPHERS; do for i in $M_CIPHERS; do
o_check_ciphersuite "$i"
run_client mbedTLS $i run_client mbedTLS $i
done done
stop_server stop_server
@ -1381,6 +1397,7 @@ for MODE in $MODES; do
if [ "X" != "X$O_CIPHERS" ]; then if [ "X" != "X$O_CIPHERS" ]; then
start_server "mbedTLS" start_server "mbedTLS"
for i in $O_CIPHERS; do for i in $O_CIPHERS; do
o_check_ciphersuite "$i"
run_client OpenSSL $i run_client OpenSSL $i
done done
stop_server stop_server