Fix renegotiation test to work around openssl 1.0.1 bug

There's a bug in openssl 1.0.1 where TLS1.1 and TLS1.2 can't renegotiate with themselves. When testing renegotiation with OpenSSL >=1.0.1 and <1.0.1d, disable those protocols.
2025-01-09 00:56:20 +08:00 · 2012-11-15 11:42:14 -05:00 · 2012-11-15 11:42:14 -05:00 · c2f30863e2
commit c2f30863e2
parent 62bd2c44f1
1 changed files with 23 additions and 4 deletions
--- a/test/regress_ssl.c
+++ b/test/regress_ssl.c
@ -129,6 +129,7 @@ end:
 	return NULL;
 }

+static int disable_tls_11_and_12 = 0;
 static SSL_CTX *the_ssl_ctx = NULL;

 static SSL_CTX *
@ -136,7 +137,18 @@ get_ssl_ctx(void)
 {
 	if (the_ssl_ctx)
 		return the_ssl_ctx;
-	return (the_ssl_ctx = SSL_CTX_new(SSLv23_method()));
+	the_ssl_ctx = SSL_CTX_new(SSLv23_method());
+	if (!the_ssl_ctx)
+		return NULL;
+	if (disable_tls_11_and_12) {
+#ifdef SSL_OP_NO_TLSv1_2
+		SSL_CTX_set_options(the_ssl_ctx, SSL_OP_NO_TLSv1_2);
+#endif
+#ifdef SSL_OP_NO_TLSv1_1
+		SSL_CTX_set_options(the_ssl_ctx, SSL_OP_NO_TLSv1_1);
+#endif
+	}
+	return the_ssl_ctx;
 }

 static void
@ -280,6 +292,16 @@ regress_bufferevent_openssl(void *arg)

 	init_ssl();

+	if (strstr((char*)data->setup_data, "renegotiate")) {
+		if (SSLeay() >= 0x10001000 &&
+		    SSLeay() <  0x1000104f) {
+			/* 1.0.1 up to 1.0.1c has a bug where TLS1.1 and 1.2
+			 * can't renegotiate with themselves. Disable. */
+			disable_tls_11_and_12 = 1;
+		}
+		renegotiate_at = 600;
+	}
+
 	ssl1 = SSL_new(get_ssl_ctx());
 	ssl2 = SSL_new(get_ssl_ctx());

@ -289,9 +311,6 @@ regress_bufferevent_openssl(void *arg)
 	if (! start_open)
 		flags |= BEV_OPT_CLOSE_ON_FREE;

-	if (strstr((char*)data->setup_data, "renegotiate"))
-		renegotiate_at = 600;
-
 	if (!filter) {
 		tt_assert(strstr((char*)data->setup_data, "socketpair"));
 		fd_pair = data->pair;