[openssl-commits] [openssl] master update

Richard Levitte levitte at openssl.org
Wed Jan 4 14:28:21 UTC 2017


The branch master has been updated
       via  aec23ecebdb8101d2b3b8420b54353b2aebc33fc (commit)
       via  8f8c11d83f39197e373ae6cc75782f5cfc4467d7 (commit)
      from  327d38d0ac1da6f6d7ad009260061630f4ec0c82 (commit)


- Log -----------------------------------------------------------------
commit aec23ecebdb8101d2b3b8420b54353b2aebc33fc
Author: Richard Levitte <levitte at openssl.org>
Date:   Wed Jan 4 09:16:29 2017 +0100

    Don't run OCSP tests when OCSP is disabled
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/2173)

commit 8f8c11d83f39197e373ae6cc75782f5cfc4467d7
Author: Richard Levitte <levitte at openssl.org>
Date:   Wed Jan 4 09:16:07 2017 +0100

    Don't build OCSP stuff when OCSP is disabled
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/2173)

-----------------------------------------------------------------------

Summary of changes:
 ssl/statem/extensions.c            |  4 ++
 test/recipes/70-test_sslmessages.t | 94 +++++++++++++++++++++-----------------
 test/sslapitest.c                  |  6 +++
 3 files changed, 62 insertions(+), 42 deletions(-)

diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index 2bb09c9..8ccb76f 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -20,9 +20,11 @@ static int final_ec_pt_formats(SSL *s, unsigned int context, int sent,
                                        int *al);
 #endif
 static int init_session_ticket(SSL *s, unsigned int context);
+#ifndef OPENSSL_NO_OCSP
 static int init_status_request(SSL *s, unsigned int context);
 static int final_status_request(SSL *s, unsigned int context, int sent,
                                         int *al);
+#endif
 #ifndef OPENSSL_NO_NEXTPROTONEG
 static int init_npn(SSL *s, unsigned int context);
 #endif
@@ -777,6 +779,7 @@ static int init_session_ticket(SSL *s, unsigned int context)
     return 1;
 }
 
+#ifndef OPENSSL_NO_OCSP
 static int init_status_request(SSL *s, unsigned int context)
 {
     if (s->server)
@@ -801,6 +804,7 @@ static int final_status_request(SSL *s, unsigned int context, int sent,
 
     return 1;
 }
+#endif
 
 #ifndef OPENSSL_NO_NEXTPROTONEG
 static int init_npn(SSL *s, unsigned int context)
diff --git a/test/recipes/70-test_sslmessages.t b/test/recipes/70-test_sslmessages.t
index 1fff99b..790b3ae 100755
--- a/test/recipes/70-test_sslmessages.t
+++ b/test/recipes/70-test_sslmessages.t
@@ -168,36 +168,41 @@ checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE,
                "Resumption handshake test");
 unlink $session;
 
-#Test 3: A status_request handshake (client request only)
-$proxy->clear();
-$proxy->clientflags("-no_tls1_3 -status");
-$proxy->start();
-checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
-               checkhandshake::DEFAULT_EXTENSIONS
-               | checkhandshake::STATUS_REQUEST_CLI_EXTENSION,
-               "status_request handshake test (client)");
+SKIP: {
+    skip "No OCSP support in this OpenSSL build", 3
+        if disabled("ocsp");
 
-#Test 4: A status_request handshake (server support only)
-$proxy->clear();
-$proxy->clientflags("-no_tls1_3");
-$proxy->serverflags("-status_file "
-                    .srctop_file("test", "recipes", "ocsp-response.der"));
-$proxy->start();
-checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
-               checkhandshake::DEFAULT_EXTENSIONS,
-               "status_request handshake test (server)");
+    #Test 3: A status_request handshake (client request only)
+    $proxy->clear();
+    $proxy->clientflags("-no_tls1_3 -status");
+    $proxy->start();
+    checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
+                   checkhandshake::DEFAULT_EXTENSIONS
+                   | checkhandshake::STATUS_REQUEST_CLI_EXTENSION,
+                   "status_request handshake test (client)");
 
-#Test 5: A status_request handshake (client and server)
-$proxy->clear();
-$proxy->clientflags("-no_tls1_3 -status");
-$proxy->serverflags("-status_file "
-                    .srctop_file("test", "recipes", "ocsp-response.der"));
-$proxy->start();
-checkhandshake($proxy, checkhandshake::OCSP_HANDSHAKE,
-               checkhandshake::DEFAULT_EXTENSIONS
-               | checkhandshake::STATUS_REQUEST_CLI_EXTENSION
-               | checkhandshake::STATUS_REQUEST_SRV_EXTENSION,
-               "status_request handshake test");
+    #Test 4: A status_request handshake (server support only)
+    $proxy->clear();
+    $proxy->clientflags("-no_tls1_3");
+    $proxy->serverflags("-status_file "
+                        .srctop_file("test", "recipes", "ocsp-response.der"));
+    $proxy->start();
+    checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
+                   checkhandshake::DEFAULT_EXTENSIONS,
+                   "status_request handshake test (server)");
+
+    #Test 5: A status_request handshake (client and server)
+    $proxy->clear();
+    $proxy->clientflags("-no_tls1_3 -status");
+    $proxy->serverflags("-status_file "
+                        .srctop_file("test", "recipes", "ocsp-response.der"));
+    $proxy->start();
+    checkhandshake($proxy, checkhandshake::OCSP_HANDSHAKE,
+                   checkhandshake::DEFAULT_EXTENSIONS
+                   | checkhandshake::STATUS_REQUEST_CLI_EXTENSION
+                   | checkhandshake::STATUS_REQUEST_SRV_EXTENSION,
+                   "status_request handshake test");
+}
 
 #Test 6: A client auth handshake
 $proxy->clear();
@@ -276,8 +281,8 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
                "ALPN handshake test");
 
 SKIP: {
-    skip "No CT and/or EC support in this OpenSSL build", 1
-        if disabled("ct") || disabled("ec");
+    skip "No CT, EC or OCSP support in this OpenSSL build", 1
+        if disabled("ct") || disabled("ec") || disabled("ocsp");
 
     #Test 14: SCT handshake (client request only)
     $proxy->clear();
@@ -294,20 +299,25 @@ SKIP: {
                    "SCT handshake test (client)");
 }
 
-#Test 15: SCT handshake (server support only)
-$proxy->clear();
-#Note: -ct also sends status_request
-$proxy->clientflags("-no_tls1_3");
-$proxy->serverflags("-status_file "
-                    .srctop_file("test", "recipes", "ocsp-response.der"));
-$proxy->start();
-checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
-               checkhandshake::DEFAULT_EXTENSIONS,
-               "SCT handshake test (server)");
+SKIP: {
+    skip "No OCSP support in this OpenSSL build", 1
+        if disabled("ocsp");
+
+    #Test 15: SCT handshake (server support only)
+    $proxy->clear();
+    #Note: -ct also sends status_request
+    $proxy->clientflags("-no_tls1_3");
+    $proxy->serverflags("-status_file "
+                        .srctop_file("test", "recipes", "ocsp-response.der"));
+    $proxy->start();
+    checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
+                   checkhandshake::DEFAULT_EXTENSIONS,
+                   "SCT handshake test (server)");
+}
 
 SKIP: {
-    skip "No CT and/or EC support in this OpenSSL build", 1
-        if disabled("ct") || disabled("ec");
+    skip "No CT, EC or OCSP support in this OpenSSL build", 1
+        if disabled("ct") || disabled("ec") || disabled("ocsp");
 
     #Test 16: SCT handshake (client and server)
     #There is no built-in server side support for this so we are actually also
diff --git a/test/sslapitest.c b/test/sslapitest.c
index d20aec8..9e3326d 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -23,12 +23,14 @@
 static char *cert = NULL;
 static char *privkey = NULL;
 
+#ifndef OPENSSL_NO_OCSP
 static const unsigned char orespder[] = "Dummy OCSP Response";
 static int ocsp_server_called = 0;
 static int ocsp_client_called = 0;
 
 static int cdummyarg = 1;
 static X509 *ocspcert = NULL;
+#endif
 
 #define NUM_EXTRA_CERTS 40
 
@@ -145,6 +147,7 @@ static int test_large_message_dtls(void)
 }
 #endif
 
+#ifndef OPENSSL_NO_OCSP
 static int ocsp_server_cb(SSL *s, void *arg)
 {
     int *argi = (int *)arg;
@@ -378,6 +381,7 @@ static int test_tlsext_status_type(void)
 
     return testresult;
 }
+#endif
 
 typedef struct ssl_session_test_fixture {
     const char *test_case_name;
@@ -1022,7 +1026,9 @@ int test_main(int argc, char *argv[])
 #ifndef OPENSSL_NO_DTLS
     ADD_TEST(test_large_message_dtls);
 #endif
+#ifndef OPENSSL_NO_OCSP
     ADD_TEST(test_tlsext_status_type);
+#endif
     ADD_TEST(test_session_with_only_int_cache);
     ADD_TEST(test_session_with_only_ext_cache);
     ADD_TEST(test_session_with_both_cache);


More information about the openssl-commits mailing list