From 339f42ec05d6bdb3a1b68cb621c612c72a5e571f Mon Sep 17 00:00:00 2001 From: tb <> Date: Sat, 27 Mar 2021 18:11:53 +0000 Subject: Enable test-sig-algs-renegotiation-resumption.py. This test covers various scenarios with renegotiation and session resumption. In particular it crashes the OpenSSL 1.1.1j server due to the sigalg NULL deref fixed this week. We need --sig-algs-drop-ok since we do not currently implement signature_algorithms_cert. --- src/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'src') diff --git a/src/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py b/src/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py index 9c2f28f293..0a1c6f9459 100644 --- a/src/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py +++ b/src/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py @@ -1,4 +1,4 @@ -# $OpenBSD: tlsfuzzer.py,v 1.25 2021/03/26 22:35:17 tb Exp $ +# $OpenBSD: tlsfuzzer.py,v 1.26 2021/03/27 18:11:53 tb Exp $ # # Copyright (c) 2020 Theo Buehler # @@ -376,6 +376,11 @@ tls12_tests = TestGroup("TLSv1.2 tests", [ tls13_args = ["--server-max-protocol", "TLSv1.3"], ), Test("test-fallback-scsv.py", tls13_args = ["--tls-1.3"] ), + + # Without --sig-algs-drop-ok, two tests fail since we do not currently + # implement the signature_algorithms_cert extension (although we MUST). + Test("test-sig-algs-renegotiation-resumption.py", ["--sig-algs-drop-ok"]), + Test("test-serverhello-random.py", args = tls12_exclude_legacy_protocols), ]) @@ -526,10 +531,6 @@ tls12_failing_tests = TestGroup("failing TLSv1.2 tests", [ # 'rsa_pss_pss_sha512 only' Test("test-sig-algs.py"), - # Without --sig-algs-drop-ok, two tests fail since we do not currently - # implement the signature_algorithms_cert extension (although we MUST). - Test("test-sig-algs-renegotiation-resumption.py", ["--sig-algs-drop-ok"]), - # 13 failures: # 'duplicated n non-rsa schemes' for n in 202 2342 8119 23741 32744 # 'empty list of signature methods' -- cgit v1.2.3-55-g6feb