[openssl-commits] [openssl] master update
Richard Levitte
levitte at openssl.org
Wed Jan 4 14:28:21 UTC 2017
The branch master has been updated
via aec23ecebdb8101d2b3b8420b54353b2aebc33fc (commit)
via 8f8c11d83f39197e373ae6cc75782f5cfc4467d7 (commit)
from 327d38d0ac1da6f6d7ad009260061630f4ec0c82 (commit)
- Log -----------------------------------------------------------------
commit aec23ecebdb8101d2b3b8420b54353b2aebc33fc
Author: Richard Levitte <levitte at openssl.org>
Date: Wed Jan 4 09:16:29 2017 +0100
Don't run OCSP tests when OCSP is disabled
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2173)
commit 8f8c11d83f39197e373ae6cc75782f5cfc4467d7
Author: Richard Levitte <levitte at openssl.org>
Date: Wed Jan 4 09:16:07 2017 +0100
Don't build OCSP stuff when OCSP is disabled
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2173)
-----------------------------------------------------------------------
Summary of changes:
ssl/statem/extensions.c | 4 ++
test/recipes/70-test_sslmessages.t | 94 +++++++++++++++++++++-----------------
test/sslapitest.c | 6 +++
3 files changed, 62 insertions(+), 42 deletions(-)
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index 2bb09c9..8ccb76f 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -20,9 +20,11 @@ static int final_ec_pt_formats(SSL *s, unsigned int context, int sent,
int *al);
#endif
static int init_session_ticket(SSL *s, unsigned int context);
+#ifndef OPENSSL_NO_OCSP
static int init_status_request(SSL *s, unsigned int context);
static int final_status_request(SSL *s, unsigned int context, int sent,
int *al);
+#endif
#ifndef OPENSSL_NO_NEXTPROTONEG
static int init_npn(SSL *s, unsigned int context);
#endif
@@ -777,6 +779,7 @@ static int init_session_ticket(SSL *s, unsigned int context)
return 1;
}
+#ifndef OPENSSL_NO_OCSP
static int init_status_request(SSL *s, unsigned int context)
{
if (s->server)
@@ -801,6 +804,7 @@ static int final_status_request(SSL *s, unsigned int context, int sent,
return 1;
}
+#endif
#ifndef OPENSSL_NO_NEXTPROTONEG
static int init_npn(SSL *s, unsigned int context)
diff --git a/test/recipes/70-test_sslmessages.t b/test/recipes/70-test_sslmessages.t
index 1fff99b..790b3ae 100755
--- a/test/recipes/70-test_sslmessages.t
+++ b/test/recipes/70-test_sslmessages.t
@@ -168,36 +168,41 @@ checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE,
"Resumption handshake test");
unlink $session;
-#Test 3: A status_request handshake (client request only)
-$proxy->clear();
-$proxy->clientflags("-no_tls1_3 -status");
-$proxy->start();
-checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
- checkhandshake::DEFAULT_EXTENSIONS
- | checkhandshake::STATUS_REQUEST_CLI_EXTENSION,
- "status_request handshake test (client)");
+SKIP: {
+ skip "No OCSP support in this OpenSSL build", 3
+ if disabled("ocsp");
-#Test 4: A status_request handshake (server support only)
-$proxy->clear();
-$proxy->clientflags("-no_tls1_3");
-$proxy->serverflags("-status_file "
- .srctop_file("test", "recipes", "ocsp-response.der"));
-$proxy->start();
-checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
- checkhandshake::DEFAULT_EXTENSIONS,
- "status_request handshake test (server)");
+ #Test 3: A status_request handshake (client request only)
+ $proxy->clear();
+ $proxy->clientflags("-no_tls1_3 -status");
+ $proxy->start();
+ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
+ checkhandshake::DEFAULT_EXTENSIONS
+ | checkhandshake::STATUS_REQUEST_CLI_EXTENSION,
+ "status_request handshake test (client)");
-#Test 5: A status_request handshake (client and server)
-$proxy->clear();
-$proxy->clientflags("-no_tls1_3 -status");
-$proxy->serverflags("-status_file "
- .srctop_file("test", "recipes", "ocsp-response.der"));
-$proxy->start();
-checkhandshake($proxy, checkhandshake::OCSP_HANDSHAKE,
- checkhandshake::DEFAULT_EXTENSIONS
- | checkhandshake::STATUS_REQUEST_CLI_EXTENSION
- | checkhandshake::STATUS_REQUEST_SRV_EXTENSION,
- "status_request handshake test");
+ #Test 4: A status_request handshake (server support only)
+ $proxy->clear();
+ $proxy->clientflags("-no_tls1_3");
+ $proxy->serverflags("-status_file "
+ .srctop_file("test", "recipes", "ocsp-response.der"));
+ $proxy->start();
+ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
+ checkhandshake::DEFAULT_EXTENSIONS,
+ "status_request handshake test (server)");
+
+ #Test 5: A status_request handshake (client and server)
+ $proxy->clear();
+ $proxy->clientflags("-no_tls1_3 -status");
+ $proxy->serverflags("-status_file "
+ .srctop_file("test", "recipes", "ocsp-response.der"));
+ $proxy->start();
+ checkhandshake($proxy, checkhandshake::OCSP_HANDSHAKE,
+ checkhandshake::DEFAULT_EXTENSIONS
+ | checkhandshake::STATUS_REQUEST_CLI_EXTENSION
+ | checkhandshake::STATUS_REQUEST_SRV_EXTENSION,
+ "status_request handshake test");
+}
#Test 6: A client auth handshake
$proxy->clear();
@@ -276,8 +281,8 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
"ALPN handshake test");
SKIP: {
- skip "No CT and/or EC support in this OpenSSL build", 1
- if disabled("ct") || disabled("ec");
+ skip "No CT, EC or OCSP support in this OpenSSL build", 1
+ if disabled("ct") || disabled("ec") || disabled("ocsp");
#Test 14: SCT handshake (client request only)
$proxy->clear();
@@ -294,20 +299,25 @@ SKIP: {
"SCT handshake test (client)");
}
-#Test 15: SCT handshake (server support only)
-$proxy->clear();
-#Note: -ct also sends status_request
-$proxy->clientflags("-no_tls1_3");
-$proxy->serverflags("-status_file "
- .srctop_file("test", "recipes", "ocsp-response.der"));
-$proxy->start();
-checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
- checkhandshake::DEFAULT_EXTENSIONS,
- "SCT handshake test (server)");
+SKIP: {
+ skip "No OCSP support in this OpenSSL build", 1
+ if disabled("ocsp");
+
+ #Test 15: SCT handshake (server support only)
+ $proxy->clear();
+ #Note: -ct also sends status_request
+ $proxy->clientflags("-no_tls1_3");
+ $proxy->serverflags("-status_file "
+ .srctop_file("test", "recipes", "ocsp-response.der"));
+ $proxy->start();
+ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
+ checkhandshake::DEFAULT_EXTENSIONS,
+ "SCT handshake test (server)");
+}
SKIP: {
- skip "No CT and/or EC support in this OpenSSL build", 1
- if disabled("ct") || disabled("ec");
+ skip "No CT, EC or OCSP support in this OpenSSL build", 1
+ if disabled("ct") || disabled("ec") || disabled("ocsp");
#Test 16: SCT handshake (client and server)
#There is no built-in server side support for this so we are actually also
diff --git a/test/sslapitest.c b/test/sslapitest.c
index d20aec8..9e3326d 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -23,12 +23,14 @@
static char *cert = NULL;
static char *privkey = NULL;
+#ifndef OPENSSL_NO_OCSP
static const unsigned char orespder[] = "Dummy OCSP Response";
static int ocsp_server_called = 0;
static int ocsp_client_called = 0;
static int cdummyarg = 1;
static X509 *ocspcert = NULL;
+#endif
#define NUM_EXTRA_CERTS 40
@@ -145,6 +147,7 @@ static int test_large_message_dtls(void)
}
#endif
+#ifndef OPENSSL_NO_OCSP
static int ocsp_server_cb(SSL *s, void *arg)
{
int *argi = (int *)arg;
@@ -378,6 +381,7 @@ static int test_tlsext_status_type(void)
return testresult;
}
+#endif
typedef struct ssl_session_test_fixture {
const char *test_case_name;
@@ -1022,7 +1026,9 @@ int test_main(int argc, char *argv[])
#ifndef OPENSSL_NO_DTLS
ADD_TEST(test_large_message_dtls);
#endif
+#ifndef OPENSSL_NO_OCSP
ADD_TEST(test_tlsext_status_type);
+#endif
ADD_TEST(test_session_with_only_int_cache);
ADD_TEST(test_session_with_only_ext_cache);
ADD_TEST(test_session_with_both_cache);
More information about the openssl-commits
mailing list