[openssl] master update
Matt Caswell
matt at openssl.org
Mon Mar 30 13:45:38 UTC 2020
The branch master has been updated
via 743d9c16deee09bdd336a96170eb3e117508db1b (commit)
via e737adb42a641a33ee73031639c989dfb1283926 (commit)
from 20c98cd45399423f760dbd75d8912769c6b7b10e (commit)
- Log -----------------------------------------------------------------
commit 743d9c16deee09bdd336a96170eb3e117508db1b
Author: Matt Caswell <matt at openssl.org>
Date: Thu Mar 26 11:29:42 2020 +0000
Describe the "want" parameter in int create_bare_ssl_connection()
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
Reviewed-by: Ben Kaduk <kaduk at mit.edu>
(Merged from https://github.com/openssl/openssl/pull/11406)
commit e737adb42a641a33ee73031639c989dfb1283926
Author: Matt Caswell <matt at openssl.org>
Date: Fri Mar 20 11:58:34 2020 +0000
Display errors if a test TLS connection fails
If a connection fails it is useful during debugging to have any errors
that are on the OpenSSL error stack at the time of the failure.
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
Reviewed-by: Ben Kaduk <kaduk at mit.edu>
(Merged from https://github.com/openssl/openssl/pull/11406)
-----------------------------------------------------------------------
Summary of changes:
test/ssltestlib.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/test/ssltestlib.c b/test/ssltestlib.c
index 66d4e9b3a0..e579ceff92 100644
--- a/test/ssltestlib.c
+++ b/test/ssltestlib.c
@@ -915,11 +915,14 @@ int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl,
}
/*
- * Create an SSL connection, but does not ready any post-handshake
+ * Create an SSL connection, but does not read any post-handshake
* NewSessionTicket messages.
* If |read| is set and we're using DTLS then we will attempt to SSL_read on
* the connection once we've completed one half of it, to ensure any retransmits
* get triggered.
+ * We stop the connection attempt (and return a failure value) if either peer
+ * has SSL_get_error() return the value in the |want| parameter. The connection
+ * attempt could be restarted by a subsequent call to this function.
*/
int create_bare_ssl_connection(SSL *serverssl, SSL *clientssl, int want,
int read)
@@ -938,6 +941,8 @@ int create_bare_ssl_connection(SSL *serverssl, SSL *clientssl, int want,
if (!clienterr && retc <= 0 && err != SSL_ERROR_WANT_READ) {
TEST_info("SSL_connect() failed %d, %d", retc, err);
+ if (want != SSL_ERROR_SSL)
+ TEST_openssl_errors();
clienterr = 1;
}
if (want != SSL_ERROR_NONE && err == want)
@@ -954,6 +959,8 @@ int create_bare_ssl_connection(SSL *serverssl, SSL *clientssl, int want,
&& err != SSL_ERROR_WANT_READ
&& err != SSL_ERROR_WANT_X509_LOOKUP) {
TEST_info("SSL_accept() failed %d, %d", rets, err);
+ if (want != SSL_ERROR_SSL)
+ TEST_openssl_errors();
servererr = 1;
}
if (want != SSL_ERROR_NONE && err == want)
More information about the openssl-commits
mailing list