sslapitest: don't leak the SSL_CTX pair
authorBen Kaduk <kaduk@mit.edu>
Mon, 16 Mar 2020 18:02:14 +0000 (11:02 -0700)
committerMatt Caswell <matt@openssl.org>
Tue, 17 Mar 2020 10:00:35 +0000 (10:00 +0000)
We have no need for a new set of SSL_CTXs in test_ccs_change_cipher(), so
just keep using the original ones.  Also, fix a typo in a comment.

[extended tests]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11336)

(cherry picked from commit b3e6d666e351d45e93d29fe3813245b92a0f5815)

test/sslapitest.c

index f109563325cfc7379665afd197f25b2495a8ce31..21773aa934604a9c9d6415660df4d73e7bc77a5d 100644 (file)
@@ -596,7 +596,7 @@ end:
  * Very focused test to exercise a single case in the server-side state
  * machine, when the ChangeCipherState message needs to actually change
  * from one cipher to a different cipher (i.e., not changing from null
- * encryption to reall encryption).
+ * encryption to real encryption).
  */
 static int test_ccs_change_cipher(void)
 {
@@ -651,12 +651,8 @@ static int test_ccs_change_cipher(void)
      * Now create a fresh connection and try to renegotiate a different
      * cipher on it.
      */
-    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
-                                       TLS_client_method(),
-                                       TLS1_VERSION, TLS1_2_VERSION,
-                                       &sctx, &cctx, cert, privkey))
-            || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
-                          NULL, NULL))
+    if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+                                      NULL, NULL))
             || !TEST_true(SSL_set_cipher_list(clientssl, "AES128-GCM-SHA256"))
             || !TEST_true(create_ssl_connection(serverssl, clientssl,
                                                 SSL_ERROR_NONE))