diff options
Diffstat (limited to 'test/helpers')
-rw-r--r-- | test/helpers/ssltestlib.c | 49 |
1 files changed, 32 insertions, 17 deletions
diff --git a/test/helpers/ssltestlib.c b/test/helpers/ssltestlib.c index 2366c3db4d..e339d7972c 100644 --- a/test/helpers/ssltestlib.c +++ b/test/helpers/ssltestlib.c @@ -685,18 +685,19 @@ static int always_retry_puts(BIO *bio, const char *str) } int create_ssl_ctx_pair(OSSL_LIB_CTX *libctx, const SSL_METHOD *sm, -const SSL_METHOD *cm, - int min_proto_version, int max_proto_version, - SSL_CTX **sctx, SSL_CTX **cctx, char *certfile, - char *privkeyfile) + const SSL_METHOD *cm, int min_proto_version, + int max_proto_version, SSL_CTX **sctx, SSL_CTX **cctx, + char *certfile, char *privkeyfile) { SSL_CTX *serverctx = NULL; SSL_CTX *clientctx = NULL; - if (*sctx != NULL) - serverctx = *sctx; - else if (!TEST_ptr(serverctx = SSL_CTX_new_ex(libctx, NULL, sm))) - goto err; + if (sctx != NULL) { + if (*sctx != NULL) + serverctx = *sctx; + else if (!TEST_ptr(serverctx = SSL_CTX_new_ex(libctx, NULL, sm))) + goto err; + } if (cctx != NULL) { if (*cctx != NULL) @@ -705,12 +706,25 @@ const SSL_METHOD *cm, goto err; } - if ((min_proto_version > 0 - && !TEST_true(SSL_CTX_set_min_proto_version(serverctx, - min_proto_version))) - || (max_proto_version > 0 - && !TEST_true(SSL_CTX_set_max_proto_version(serverctx, - max_proto_version)))) +#if !defined(OPENSSL_NO_TLS1_3) \ + && defined(OPENSSL_NO_EC) \ + && defined(OPENSSL_NO_DH) + /* + * There are no usable built-in TLSv1.3 groups if ec and dh are both + * disabled + */ + if (max_proto_version == 0 + && (sm == TLS_server_method() || cm == TLS_client_method())) + max_proto_version = TLS1_2_VERSION; +#endif + + if (serverctx != NULL + && ((min_proto_version > 0 + && !TEST_true(SSL_CTX_set_min_proto_version(serverctx, + min_proto_version))) + || (max_proto_version > 0 + && !TEST_true(SSL_CTX_set_max_proto_version(serverctx, + max_proto_version))))) goto err; if (clientctx != NULL && ((min_proto_version > 0 @@ -721,7 +735,7 @@ const SSL_METHOD *cm, max_proto_version))))) goto err; - if (certfile != NULL && privkeyfile != NULL) { + if (serverctx != NULL && certfile != NULL && privkeyfile != NULL) { if (!TEST_int_eq(SSL_CTX_use_certificate_file(serverctx, certfile, SSL_FILETYPE_PEM), 1) || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(serverctx, @@ -731,13 +745,14 @@ const SSL_METHOD *cm, goto err; } - *sctx = serverctx; + if (sctx != NULL) + *sctx = serverctx; if (cctx != NULL) *cctx = clientctx; return 1; err: - if (*sctx == NULL) + if (sctx != NULL && *sctx == NULL) SSL_CTX_free(serverctx); if (cctx != NULL && *cctx == NULL) SSL_CTX_free(clientctx); |