From: Benjamin Kaduk Date: Wed, 5 Apr 2017 18:32:18 +0000 (-0500) Subject: TLS 1.3 client sigalgs test no longer needs TLS 1.2 X-Git-Tag: OpenSSL_1_1_1-pre1~1333 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=0e1e4045c469f03294e33c0344d882e71dbd0d07;p=oweals%2Fopenssl.git TLS 1.3 client sigalgs test no longer needs TLS 1.2 Per the TODO comment, we now have proper certificate selection for TLS 1.3 client certificates, so this test can move into its own block. (It cannot merge with the previous block, as it requires EC.) Verified that the test passes when configured with enable-tls1_3 no-tls1 no-tls1_1 no-tls1_2. Reviewed-by: Rich Salz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/3131) --- diff --git a/test/recipes/70-test_sslsigalgs.t b/test/recipes/70-test_sslsigalgs.t index dbd4870d17..832a4ba24d 100644 --- a/test/recipes/70-test_sslsigalgs.t +++ b/test/recipes/70-test_sslsigalgs.t @@ -92,20 +92,20 @@ SKIP: { } SKIP: { - skip "EC, TLSv1.3 or TLSv1.2 disabled", 2 - if disabled("tls1_2") || disabled("tls1_3") || disabled("ec"); - + skip "EC or TLSv1.3 disabled", 1 + if disabled("tls1_3") || disabled("ec"); #Test 7: Sending a valid sig algs list but not including a sig type that - # matches the certificate should fail in TLSv1.3. We need TLSv1.2 - # enabled for this test - otherwise the client will not attempt to - # connect due to no TLSv1.3 ciphers being available. - # TODO(TLS1.3): When proper TLSv1.3 certificate selection is working - # we can move this test into the section above + # matches the certificate should fail in TLSv1.3. $proxy->clear(); $proxy->clientflags("-sigalgs ECDSA+SHA256"); $proxy->filter(undef); $proxy->start(); ok(TLSProxy::Message->fail, "No matching TLSv1.3 sigalgs"); +} + +SKIP: { + skip "EC, TLSv1.3 or TLSv1.2 disabled", 1 + if disabled("tls1_2") || disabled("tls1_3") || disabled("ec"); #Test 8: Sending a full list of TLSv1.3 sig algs but negotiating TLSv1.2 # should succeed