diff options
author | Rich Salz <rsalz@akamai.com> | 2021-05-06 12:56:35 -0400 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2021-05-17 10:53:30 +0200 |
commit | 55373bfd419ca010a15aac18c88c94827e2f3a92 (patch) | |
tree | 803860f6eae08da5688ae7c4b68e195e52851a23 /test/helpers | |
parent | d7970dd963134534340ad00fa62cb1180daf5cb0 (diff) |
Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION
Add -client_renegotiation flag support. The -client_renegotiation flag is
equivalent to SSL_OP_ALLOW_CLIENT_RENEGOTIATION. Add support to the app,
the config code, and the documentation.
Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION to the SSL tests. We don't need to
always enable it, but there are so many tests so this is the easiest thing
to do.
Add a test where client tries to renegotiate and it fails as expected. Add
a test where server tries to renegotiate and it succeeds. The second test
is supported by a new flag, -immediate_renegotiation, which is ignored on
the client.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15184)
Diffstat (limited to 'test/helpers')
-rw-r--r-- | test/helpers/ssltestlib.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/test/helpers/ssltestlib.c b/test/helpers/ssltestlib.c index 693084e739..daa0416be6 100644 --- a/test/helpers/ssltestlib.c +++ b/test/helpers/ssltestlib.c @@ -695,7 +695,9 @@ int create_ssl_ctx_pair(OSSL_LIB_CTX *libctx, const SSL_METHOD *sm, if (sctx != NULL) { if (*sctx != NULL) serverctx = *sctx; - else if (!TEST_ptr(serverctx = SSL_CTX_new_ex(libctx, NULL, sm))) + else if (!TEST_ptr(serverctx = SSL_CTX_new_ex(libctx, NULL, sm)) + || !TEST_true(SSL_CTX_set_options(serverctx, + SSL_OP_ALLOW_CLIENT_RENEGOTIATION))) goto err; } |