[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Wed May 9 22:27:23 UTC 2018
The branch master has been updated
via a01b9cd5a76ea45e083dbf2ca002ca44ce3f525f (commit)
via 60155b9ae1bcf8490a193b2c1cf8ae57f8746321 (commit)
from 7f35627c7943c213f7f8555d13b83288cccd5fc9 (commit)
- Log -----------------------------------------------------------------
commit a01b9cd5a76ea45e083dbf2ca002ca44ce3f525f
Author: Matt Caswell <matt at openssl.org>
Date: Wed May 9 12:05:39 2018 +0100
Fix no-cms
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6205)
commit 60155b9ae1bcf8490a193b2c1cf8ae57f8746321
Author: Matt Caswell <matt at openssl.org>
Date: Wed May 9 11:49:02 2018 +0100
Fix no-tls1_2, no-tls1_2-method, no-chacha and no-poly1305
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6205)
-----------------------------------------------------------------------
Summary of changes:
test/build.info | 11 +++++++----
test/sslapitest.c | 15 ++++++++++++++-
2 files changed, 21 insertions(+), 5 deletions(-)
diff --git a/test/build.info b/test/build.info
index 535c5aa..c3a0904 100644
--- a/test/build.info
+++ b/test/build.info
@@ -51,7 +51,7 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
recordlentest drbgtest drbg_cavs_test sslbuffertest \
time_offset_test pemtest ssl_cert_table_internal_test ciphername_test \
servername_test ocspapitest rsa_mp_test fatalerrtest tls13ccstest \
- sysdefaulttest cmsapitest
+ sysdefaulttest
SOURCE[versions]=versions.c
INCLUDE[versions]=../include
@@ -373,9 +373,12 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
INCLUDE[servername_test]=../include
DEPEND[servername_test]=../libcrypto ../libssl libtestutil.a
- SOURCE[cmsapitest]=cmsapitest.c
- INCLUDE[cmsapitest]=../include
- DEPEND[cmsapitest]=../libcrypto libtestutil.a
+ IF[{- !$disabled{cms} -}]
+ PROGRAMS_NO_INST=cmsapitest
+ SOURCE[cmsapitest]=cmsapitest.c
+ INCLUDE[cmsapitest]=../include
+ DEPEND[cmsapitest]=../libcrypto libtestutil.a
+ ENDIF
IF[{- !$disabled{psk} -}]
PROGRAMS_NO_INST=dtls_mtu_test
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 0aac80b..0a3d515 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -4460,6 +4460,11 @@ static struct {
const char *srvrtls13ciphers;
const char *shared;
} shared_ciphers_data[] = {
+/*
+ * We can't establish a connection (even in TLSv1.1) with these ciphersuites if
+ * TLSv1.3 is enabled but TLSv1.2 is disabled.
+ */
+#if defined(OPENSSL_NO_TLS1_3) || !defined(OPENSSL_NO_TLS1_2)
{
TLS1_2_VERSION,
"AES128-SHA:AES256-SHA",
@@ -4484,7 +4489,13 @@ static struct {
NULL,
"AES128-SHA"
},
-#ifndef OPENSSL_NO_TLS1_3
+#endif
+/*
+ * This test combines TLSv1.3 and TLSv1.2 ciphersuites so they must both be
+ * enabled.
+ */
+#if !defined(OPENSSL_NO_TLS1_3) && !defined(OPENSSL_NO_TLS1_2) \
+ && !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
{
TLS1_3_VERSION,
"AES128-SHA:AES256-SHA",
@@ -4494,6 +4505,8 @@ static struct {
"TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:"
"TLS_AES_128_GCM_SHA256:AES256-SHA"
},
+#endif
+#ifndef OPENSSL_NO_TLS1_3
{
TLS1_3_VERSION,
"AES128-SHA",
More information about the openssl-commits
mailing list