diff options
author | Sam Roberts <rsam@ca.ibm.com> | 2018-11-26 13:58:52 -0800 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-02-14 13:54:56 +0000 |
commit | 3c83c5ba4f6502c708b7a5f55c98a10e312668da (patch) | |
tree | ca6386b1af5c76a460a3489ce7504d6747568b00 /test/cipherlist_test.c | |
parent | f11ffa505f8a9345145a26a05bf77b012b6941bd (diff) |
Ignore cipher suites when setting cipher list
set_cipher_list() sets TLSv1.2 (and below) ciphers, and its success or
failure should not depend on whether set_ciphersuites() has been used to
setup TLSv1.3 ciphers.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7759)
Diffstat (limited to 'test/cipherlist_test.c')
-rw-r--r-- | test/cipherlist_test.c | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/test/cipherlist_test.c b/test/cipherlist_test.c index 89ef1b1546..b950411c38 100644 --- a/test/cipherlist_test.c +++ b/test/cipherlist_test.c @@ -215,9 +215,44 @@ static int test_default_cipherlist_explicit(void) return result; } +/* SSL_CTX_set_cipher_list() should fail if it clears all TLSv1.2 ciphers. */ +static int test_default_cipherlist_clear(void) +{ + SETUP_CIPHERLIST_TEST_FIXTURE(); + SSL *s = NULL; + + if (fixture == NULL) + return 0; + + if (!TEST_int_eq(SSL_CTX_set_cipher_list(fixture->server, "no-such"), 0)) + goto end; + + if (!TEST_int_eq(ERR_GET_REASON(ERR_get_error()), SSL_R_NO_CIPHER_MATCH)) + goto end; + + s = SSL_new(fixture->client); + + if (!TEST_ptr(s)) + goto end; + + if (!TEST_int_eq(SSL_set_cipher_list(s, "no-such"), 0)) + goto end; + + if (!TEST_int_eq(ERR_GET_REASON(ERR_get_error()), + SSL_R_NO_CIPHER_MATCH)) + goto end; + + result = 1; +end: + SSL_free(s); + tear_down(fixture); + return result; +} + int setup_tests(void) { ADD_TEST(test_default_cipherlist_implicit); ADD_TEST(test_default_cipherlist_explicit); + ADD_TEST(test_default_cipherlist_clear); return 1; } |