diff options
author | Cory Benfield <lukasaoz@gmail.com> | 2017-01-25 19:42:16 +0000 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2017-01-25 21:54:35 +0100 |
commit | f0deb4d352774491919f1b1ba861014659651d66 (patch) | |
tree | 3c4bbeee1b1463d2e6465381623e5de660ae2b29 /test/sslapitest.c | |
parent | 4bb0b4381edd96bc357e43d8f9a1c55fb405f121 (diff) |
Limit the length of the encrypted premaster key.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2288)
Diffstat (limited to 'test/sslapitest.c')
-rw-r--r-- | test/sslapitest.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/test/sslapitest.c b/test/sslapitest.c index ac065b281c..1bd7878960 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -198,6 +198,7 @@ static int test_keylog(void) { SSL_CTX *cctx = NULL, *sctx = NULL; SSL *clientssl = NULL, *serverssl = NULL; int testresult = 0; + int rc; /* Clean up logging space */ memset(client_log_buffer, 0, LOG_BUFFER_SIZE + 1); @@ -216,6 +217,13 @@ static int test_keylog(void) { SSL_CTX_set_options(cctx, SSL_OP_NO_TLSv1_3); SSL_CTX_set_options(sctx, SSL_OP_NO_TLSv1_3); + /* We also want to ensure that we use RSA-based key exchange. */ + rc = SSL_CTX_set_cipher_list(cctx, "RSA"); + if (rc == 0) { + printf("Unable to restrict to RSA key exchange.\n"); + goto end; + } + if (SSL_CTX_get_keylog_callback(cctx)) { printf("Unexpected initial value for client " "SSL_CTX_get_keylog_callback()\n"); |