sslapitest: don't leak the SSL_CTX pair
authorBen Kaduk <kaduk@mit.edu>
Mon, 16 Mar 2020 18:02:14 +0000 (11:02 -0700)
committerMatt Caswell <matt@openssl.org>
Tue, 17 Mar 2020 09:54:38 +0000 (09:54 +0000)
We have no need for a new set of SSL_CTXs in test_ccs_change_cipher(), so
just keep using the original ones.  Also, fix a typo in a comment.

[extended tests]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11336)

test/sslapitest.c

index 642f676a450c5d22e482247ba91023b5eb328583..886ed9ad67ad91c84a9b6c6013236faccb64494d 100644 (file)
@@ -655,7 +655,7 @@ end:
  * Very focused test to exercise a single case in the server-side state
  * machine, when the ChangeCipherState message needs to actually change
  * from one cipher to a different cipher (i.e., not changing from null
- * encryption to reall encryption).
+ * encryption to real encryption).
  */
 static int test_ccs_change_cipher(void)
 {
@@ -710,12 +710,8 @@ static int test_ccs_change_cipher(void)
      * Now create a fresh connection and try to renegotiate a different
      * cipher on it.
      */
-    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
-                                       TLS_client_method(),
-                                       TLS1_VERSION, TLS1_2_VERSION,
-                                       &sctx, &cctx, cert, privkey))
-            || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
-                          NULL, NULL))
+    if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+                                      NULL, NULL))
             || !TEST_true(SSL_set_cipher_list(clientssl, "AES128-GCM-SHA256"))
             || !TEST_true(create_ssl_connection(serverssl, clientssl,
                                                 SSL_ERROR_NONE))