2 * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include "ssltestlib.h"
12 #include "internal/nelem.h"
14 static char *cert1 = NULL;
15 static char *privkey1 = NULL;
16 static char *cert2 = NULL;
17 static char *privkey2 = NULL;
24 /* Server doesn't have a cert with appropriate sig algs - should fail */
26 /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
27 {"GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 0},
28 /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
29 {"GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 1},
30 /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
31 {"GOST2001-GOST89-GOST89", TLS1_2_VERSION, 0},
34 /* Test that we never negotiate TLSv1.3 if using GOST */
35 static int test_tls13(int idx)
37 SSL_CTX *cctx = NULL, *sctx = NULL;
38 SSL *clientssl = NULL, *serverssl = NULL;
41 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
46 ciphers[idx].certnum == 0 ? cert1
48 ciphers[idx].certnum == 0 ? privkey1
52 if (!TEST_true(SSL_CTX_set_cipher_list(cctx, ciphers[idx].cipher))
53 || !TEST_true(SSL_CTX_set_cipher_list(sctx, ciphers[idx].cipher))
54 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
58 if (ciphers[idx].expected_prot == 0) {
59 if (!TEST_false(create_ssl_connection(serverssl, clientssl,
63 if (!TEST_true(create_ssl_connection(serverssl, clientssl,
65 || !TEST_int_eq(SSL_version(clientssl),
66 ciphers[idx].expected_prot))
81 OPT_TEST_DECLARE_USAGE("certfile1 privkeyfile1 certfile2 privkeyfile2\n")
85 if (!TEST_ptr(cert1 = test_get_argument(0))
86 || !TEST_ptr(privkey1 = test_get_argument(1))
87 || !TEST_ptr(cert2 = test_get_argument(2))
88 || !TEST_ptr(privkey2 = test_get_argument(3)))
91 ADD_ALL_TESTS(test_tls13, OSSL_NELEM(ciphers));