Ensure that TLSv1.0 and TLSv1.1 are enabled before running SSLv2 client

hello tests.
author: jsing <> 2020-01-25 05:02:27 +0000
committer: jsing <> 2020-01-25 05:02:27 +0000
commit: 40b393a249ae30f396c396eef2207718311148ca (patch)
tree: 885f10f8f594e9b130325f5c143f42cba39b41a7 /src/regress/lib
parent: d9f20373ce9d8f4c452f2170c07f26f940778379 (diff)
download: openbsd-40b393a249ae30f396c396eef2207718311148ca.tar.gz
openbsd-40b393a249ae30f396c396eef2207718311148ca.tar.bz2
openbsd-40b393a249ae30f396c396eef2207718311148ca.zip
1 files changed, 10 insertions, 5 deletions
diff --git a/src/regress/lib/libssl/server/servertest.c b/src/regress/lib/libssl/server/servertest.c
index 32578599e5..e2ee3bb5e5 100644
--- a/src/regress/lib/libssl/server/servertest.c
+++ b/src/regress/lib/libssl/server/servertest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: servertest.c,v 1.1 2017/03/05 14:15:53 jsing Exp $ */
+/* $OpenBSD: servertest.c,v 1.2 2020/01/25 05:02:27 jsing Exp $ */
 /*
 * Copyright (c) 2015, 2016, 2017 Joel Sing <jsing@openbsd.org>
 *
@@ -80,7 +80,8 @@ struct server_hello_test {
        unsigned char *client_hello;
        const size_t client_hello_len;
        const SSL_METHOD *(*ssl_method)(void);
-        const long ssl_options;
+        const long ssl_clear_options;
+        const long ssl_set_options;
 };
 static struct server_hello_test server_hello_tests[] = {
@@ -89,14 +90,16 @@ static struct server_hello_test server_hello_tests[] = {
                .client_hello = sslv2_client_hello_tls10,
                .client_hello_len = sizeof(sslv2_client_hello_tls10),
                .ssl_method = TLS_server_method,
-                .ssl_options = 0,
+                .ssl_clear_options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1,
+                .ssl_set_options = 0,
        },
        {
                .desc = "TLSv1.2 in SSLv2 record",
                .client_hello = sslv2_client_hello_tls12,
                .client_hello_len = sizeof(sslv2_client_hello_tls12),
                .ssl_method = TLS_server_method,
-                .ssl_options = 0,
+                .ssl_clear_options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1,
+                .ssl_set_options = 0,
        },
 };
@@ -141,7 +144,9 @@ server_hello_test(int testno, struct server_hello_test *sht)
        SSL_CTX_set_dh_auto(ssl_ctx, 1);
        SSL_CTX_set_ecdh_auto(ssl_ctx, 1);
-        SSL_CTX_set_options(ssl_ctx, sht->ssl_options);
+        SSL_CTX_clear_options(ssl_ctx, sht->ssl_clear_options);
+        SSL_CTX_set_options(ssl_ctx, sht->ssl_set_options);
        if ((ssl = SSL_new(ssl_ctx)) == NULL) {
                fprintf(stderr, "SSL_new() returned NULL\n");
author	jsing <>	2020-01-25 05:02:27 +0000
committer	jsing <>	2020-01-25 05:02:27 +0000
commit	40b393a249ae30f396c396eef2207718311148ca (patch)
tree	885f10f8f594e9b130325f5c143f42cba39b41a7 /src/regress/lib
parent	d9f20373ce9d8f4c452f2170c07f26f940778379 (diff)
download	openbsd-40b393a249ae30f396c396eef2207718311148ca.tar.gz openbsd-40b393a249ae30f396c396eef2207718311148ca.tar.bz2 openbsd-40b393a249ae30f396c396eef2207718311148ca.zip

diff --git a/src/regress/lib/libssl/server/servertest.c b/src/regress/lib/libssl/server/servertest.c index 32578599e5..e2ee3bb5e5 100644 --- a/src/regress/lib/libssl/server/servertest.c +++ b/src/regress/lib/libssl/server/servertest.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: servertest.c,v 1.1 2017/03/05 14:15:53 jsing Exp $ */	1	/* $OpenBSD: servertest.c,v 1.2 2020/01/25 05:02:27 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2015, 2016, 2017 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2015, 2016, 2017 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -80,7 +80,8 @@ struct server_hello_test {
80	unsigned char *client_hello;	80	unsigned char *client_hello;
81	const size_t client_hello_len;	81	const size_t client_hello_len;
82	const SSL_METHOD (ssl_method)(void);	82	const SSL_METHOD (ssl_method)(void);
83	const long ssl_options;	83	const long ssl_clear_options;
		84	const long ssl_set_options;
84	};	85	};
85		86
86	static struct server_hello_test server_hello_tests[] = {	87	static struct server_hello_test server_hello_tests[] = {
@@ -89,14 +90,16 @@ static struct server_hello_test server_hello_tests[] = {
89	.client_hello = sslv2_client_hello_tls10,	90	.client_hello = sslv2_client_hello_tls10,
90	.client_hello_len = sizeof(sslv2_client_hello_tls10),	91	.client_hello_len = sizeof(sslv2_client_hello_tls10),
91	.ssl_method = TLS_server_method,	92	.ssl_method = TLS_server_method,
92	.ssl_options = 0,	93	.ssl_clear_options = SSL_OP_NO_TLSv1 \| SSL_OP_NO_TLSv1_1,
		94	.ssl_set_options = 0,
93	},	95	},
94	{	96	{
95	.desc = "TLSv1.2 in SSLv2 record",	97	.desc = "TLSv1.2 in SSLv2 record",
96	.client_hello = sslv2_client_hello_tls12,	98	.client_hello = sslv2_client_hello_tls12,
97	.client_hello_len = sizeof(sslv2_client_hello_tls12),	99	.client_hello_len = sizeof(sslv2_client_hello_tls12),
98	.ssl_method = TLS_server_method,	100	.ssl_method = TLS_server_method,
99	.ssl_options = 0,	101	.ssl_clear_options = SSL_OP_NO_TLSv1 \| SSL_OP_NO_TLSv1_1,
		102	.ssl_set_options = 0,
100	},	103	},
101	};	104	};
102		105
@@ -141,7 +144,9 @@ server_hello_test(int testno, struct server_hello_test *sht)
141		144
142	SSL_CTX_set_dh_auto(ssl_ctx, 1);	145	SSL_CTX_set_dh_auto(ssl_ctx, 1);
143	SSL_CTX_set_ecdh_auto(ssl_ctx, 1);	146	SSL_CTX_set_ecdh_auto(ssl_ctx, 1);
144	SSL_CTX_set_options(ssl_ctx, sht->ssl_options);	147
		148	SSL_CTX_clear_options(ssl_ctx, sht->ssl_clear_options);
		149	SSL_CTX_set_options(ssl_ctx, sht->ssl_set_options);
145		150
146	if ((ssl = SSL_new(ssl_ctx)) == NULL) {	151	if ((ssl = SSL_new(ssl_ctx)) == NULL) {
147	fprintf(stderr, "SSL_new() returned NULL\n");	152	fprintf(stderr, "SSL_new() returned NULL\n");