[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
Richard Levitte
levitte at openssl.org
Tue Mar 21 09:21:36 UTC 2017
The branch OpenSSL_1_1_0-stable has been updated
via 256315dee11b187bc0390d75082f0231c4263eac (commit)
from 249452df67f7a5e4b203d71837cc0e8a31d62c75 (commit)
- Log -----------------------------------------------------------------
commit 256315dee11b187bc0390d75082f0231c4263eac
Author: Richard Levitte <levitte at openssl.org>
Date: Wed Mar 15 02:40:55 2017 +0100
Rework how protocol specific ciphers in 80-test_ssl_old.t are picked out
The code to do this incorrectly assumed that the protocol version
could be used as a valid cipher suite for the 'openssl cipher'
command. While this is true in some cases, that isn't something to be
trusted. Replace that assumption with code that takes the full
'openssl ciphers' command output and parses it to find the ciphers we
look for.
Reviewed-by: Emilia Käsper <emilia at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2956)
(cherry picked from commit 9ea6d56d044a95459e563abdc85aed26149e6ee9)
-----------------------------------------------------------------------
Summary of changes:
test/recipes/80-test_ssl_old.t | 33 +++++++++++++++++----------------
1 file changed, 17 insertions(+), 16 deletions(-)
diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
index 77ba383..c4800d3 100644
--- a/test/recipes/80-test_ssl_old.t
+++ b/test/recipes/80-test_ssl_old.t
@@ -445,30 +445,31 @@ sub testssl {
}
my @protocols = ();
- # FIXME: I feel unsure about the following line, is that really just TLSv1.2, or is it all of the SSLv3/TLS protocols?
- push(@protocols, "TLSv1.2") unless $no_tls1_2;
- push(@protocols, "SSLv3") unless $no_ssl3;
- my $protocolciphersuitcount = 0;
- my %ciphersuites =
- map { my @c =
- map { split(/:/, $_) }
- run(app(["openssl", "ciphers", "${_}:$ciphers"]),
- capture => 1);
- map { s/\R//; } @c; # chomp @c;
- $protocolciphersuitcount += scalar @c;
- $_ => [ @c ] } @protocols;
+ # We only use the flags that ssltest_old understands
+ push @protocols, "-tls1_2" unless $no_tls1_2;
+ push @protocols, "-tls1" unless $no_tls1;
+ push @protocols, "-ssl3" unless $no_ssl3;
+ my $protocolciphersuitecount = 0;
+ my %ciphersuites = ();
+ foreach my $protocol (@protocols) {
+ $ciphersuites{$protocol} =
+ [ map { s|\R||; split(/:/, $_) }
+ run(app(["openssl", "ciphers", "-s", $protocol,
+ "ALL:$ciphers"]), capture => 1) ];
+ $protocolciphersuitecount += scalar @{$ciphersuites{$protocol}};
+ }
plan skip_all => "None of the ciphersuites to test are available in this OpenSSL build"
- if $protocolciphersuitcount + scalar(@protocols) == 0;
+ if $protocolciphersuitecount + scalar(keys %ciphersuites) == 0;
# The count of protocols is because in addition to the ciphersuits
# we got above, we're running a weak DH test for each protocol
- plan tests => $protocolciphersuitcount + scalar(@protocols);
+ plan tests => $protocolciphersuitecount + scalar(keys %ciphersuites);
- foreach my $protocol (@protocols) {
+ foreach my $protocol (sort keys %ciphersuites) {
note "Testing ciphersuites for $protocol";
foreach my $cipher (@{$ciphersuites{$protocol}}) {
- if ($protocol eq "SSLv3" && $cipher =~ /ECDH/ ) {
+ if ($protocol eq "-ssl3" && $cipher =~ /ECDH/ ) {
note "*****SKIPPING $protocol $cipher";
ok(1);
} else {
More information about the openssl-commits
mailing list