Fix no-ssl3-method in 1.0.2

Fixes #5322

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6510)

diff --git a/test/testssl b/test/testssl
index 21bc4d81400e90656b094f41e6ee4e1ac9495237..8bea40a4ce9c9f531dfaef8b011e4accc9ea8eab 100644 (file)
--- a/test/testssl
+++ b/test/testssl
@@ -172,14 +172,18 @@ for protocol in TLSv1.2 SSLv3; do
       test_cipher $cipher $protocol
     done
     echo "testing connection with weak DH, expecting failure"
-    if [ $protocol = "SSLv3" ] ; then
-      $ssltest -cipher EDH -dhe512 -ssl3
+    if [ $protocol = "SSLv3" ] && ../util/shlib_wrap.sh ../apps/openssl no-ssl3; then
+      echo "skipping weak DH test for disabled protocol"
     else
-      $ssltest -cipher EDH -dhe512
-    fi
-    if [ $? -eq 0 ]; then
-      echo "FAIL: connection with weak DH succeeded"
-      exit 1
+      if [ $protocol = "SSLv3" ] ; then
+        $ssltest -cipher EDH -dhe512 -ssl3
+      else
+        $ssltest -cipher EDH -dhe512
+      fi
+      if [ $? -eq 0 ]; then
+        echo "FAIL: connection with weak DH succeeded"
+        exit 1
+      fi
     fi
   fi
   if ../util/shlib_wrap.sh ../apps/openssl no-ec; then