[openssl] OpenSSL_1_1_1-stable update

Matt Caswell matt at openssl.org
Tue Mar 17 10:05:53 UTC 2020 

The branch OpenSSL_1_1_1-stable has been updated
       via  19599138463e910a9ee4cfa122e941752491ffc3 (commit)
      from  2f0dab7e59cc50c89b6d54962b81cf96c30fe725 (commit)


- Log -----------------------------------------------------------------
commit 19599138463e910a9ee4cfa122e941752491ffc3
Author: Ben Kaduk <kaduk at mit.edu>
Date:   Mon Mar 16 11:02:14 2020 -0700

    sslapitest: don't leak the SSL_CTX pair
    
    We have no need for a new set of SSL_CTXs in test_ccs_change_cipher(), so
    just keep using the original ones.  Also, fix a typo in a comment.
    
    [extended tests]
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/11336)
    
    (cherry picked from commit b3e6d666e351d45e93d29fe3813245b92a0f5815)

-----------------------------------------------------------------------

Summary of changes:
 test/sslapitest.c | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/test/sslapitest.c b/test/sslapitest.c
index f109563325..21773aa934 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -596,7 +596,7 @@ end:
  * Very focused test to exercise a single case in the server-side state
  * machine, when the ChangeCipherState message needs to actually change
  * from one cipher to a different cipher (i.e., not changing from null
- * encryption to reall encryption).
+ * encryption to real encryption).
  */
 static int test_ccs_change_cipher(void)
 {
@@ -651,12 +651,8 @@ static int test_ccs_change_cipher(void)
      * Now create a fresh connection and try to renegotiate a different
      * cipher on it.
      */
-    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
-                                       TLS_client_method(),
-                                       TLS1_VERSION, TLS1_2_VERSION,
-                                       &sctx, &cctx, cert, privkey))
-            || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
-                          NULL, NULL))
+    if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+                                      NULL, NULL))
             || !TEST_true(SSL_set_cipher_list(clientssl, "AES128-GCM-SHA256"))
             || !TEST_true(create_ssl_connection(serverssl, clientssl,
                                                 SSL_ERROR_NONE))

More information about the openssl-commits mailing list