Enable auto DHE and disable session tickets for some tests.

This allows us to drop the server messages that we intend on dropping.
author: jsing <> 2021-02-07 14:52:17 +0000
committer: jsing <> 2021-02-07 14:52:17 +0000
commit: 5a642e2e581776f13874ce5444f9f27501465e56 (patch)
tree: 060afa21749de4eb225e7fced9e8f41ea9993357 /src/regress/lib
parent: 5d448d2a409a6e63d9f2092effe4d82d0c0ed012 (diff)
download: openbsd-5a642e2e581776f13874ce5444f9f27501465e56.tar.gz
openbsd-5a642e2e581776f13874ce5444f9f27501465e56.tar.bz2
openbsd-5a642e2e581776f13874ce5444f9f27501465e56.zip
1 files changed, 13 insertions, 12 deletions
diff --git a/src/regress/lib/libssl/dtls/dtlstest.c b/src/regress/lib/libssl/dtls/dtlstest.c
index 4274dee7f6..7292ea1cf6 100644
--- a/src/regress/lib/libssl/dtls/dtlstest.c
+++ b/src/regress/lib/libssl/dtls/dtlstest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dtlstest.c,v 1.6 2021/02/06 07:34:34 jsing Exp $ */
+/* $OpenBSD: dtlstest.c,v 1.7 2021/02/07 14:52:17 jsing Exp $ */
 /*
 * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
 *
@@ -344,6 +344,7 @@ dtls_server(int sock, long options, long mtu)
        SSL_CTX_set_cookie_generate_cb(ssl_ctx, dtls_cookie_generate);
        SSL_CTX_set_cookie_verify_cb(ssl_ctx, dtls_cookie_verify);
+        SSL_CTX_set_dh_auto(ssl_ctx, 2);
        SSL_CTX_set_options(ssl_ctx, options);
        SSL_CTX_set_read_ahead(ssl_ctx, 1);
@@ -563,34 +564,34 @@ static const struct dtls_test dtls_tests[] = {
        },
        {
                .desc = "DTLS with dropped ServerHello",
-                .ssl_options = 0,
+                .ssl_options = SSL_OP_NO_TICKET,
                .server_bbio_off = 1,
                .server_drops = { 1 },
        },
        {
                .desc = "DTLS with dropped server Certificate",
-                .ssl_options = 0,
+                .ssl_options = SSL_OP_NO_TICKET,
                .server_bbio_off = 1,
                .server_drops = { 2 },
        },
        {
                .desc = "DTLS with dropped ServerKeyExchange",
-                .ssl_options = 0,
+                .ssl_options = SSL_OP_NO_TICKET,
                .server_bbio_off = 1,
                .server_drops = { 3 },
        },
-#if 0
-        /*
-         * These three currently result in the server accept completing and the
-         * client looping on a timeout. Presumably the server should not
-         * complete until the client Finished is received...
-         */
        {
                .desc = "DTLS with dropped ServerHelloDone",
-                .ssl_options = 0,
+                .ssl_options = SSL_OP_NO_TICKET,
                .server_bbio_off = 1,
                .server_drops = { 4 },
        },
+#if 0
+        /*
+         * These two result in the server accept completing and the
+         * client looping on a timeout. Presumably the server should not
+         * complete until the client Finished is received...
+         */
        {
                .desc = "DTLS with dropped server CCS",
                .ssl_options = 0,
@@ -611,7 +612,7 @@ static const struct dtls_test dtls_tests[] = {
                .client_drops = { 2 },
        },
        {
-                .desc = "DTLS with dropped Client CCS",
+                .desc = "DTLS with dropped client CCS",
                .ssl_options = 0,
                .client_bbio_off = 1,
                .client_drops = { 3 },
author	jsing <>	2021-02-07 14:52:17 +0000
committer	jsing <>	2021-02-07 14:52:17 +0000
commit	5a642e2e581776f13874ce5444f9f27501465e56 (patch)
tree	060afa21749de4eb225e7fced9e8f41ea9993357 /src/regress/lib
parent	5d448d2a409a6e63d9f2092effe4d82d0c0ed012 (diff)
download	openbsd-5a642e2e581776f13874ce5444f9f27501465e56.tar.gz openbsd-5a642e2e581776f13874ce5444f9f27501465e56.tar.bz2 openbsd-5a642e2e581776f13874ce5444f9f27501465e56.zip