From: Matt Caswell Date: Mon, 4 Sep 2017 07:45:12 +0000 (+0100) Subject: Don't use ciphersuites for inflating the ClientHello in clienthellotest X-Git-Tag: OpenSSL_1_1_1-pre1~689 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=1d2491e20e1400def31eb1d1daea5583bfc7ea38;p=oweals%2Fopenssl.git Don't use ciphersuites for inflating the ClientHello in clienthellotest clienthellotest tries to fill out the size of the ClientHello by adding extra ciphersuites in order to test the padding extension. This is unreliable because they are very dependent on configuration options. If we add too much data the test will fail! We were already also adding some dummy ALPN protocols to pad out the size, and it turns out that this is sufficient just in itself, so drop the extra ciphersuites. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/4331) --- diff --git a/test/clienthellotest.c b/test/clienthellotest.c index fbac8ea274..ee2d0ba274 100644 --- a/test/clienthellotest.c +++ b/test/clienthellotest.c @@ -90,16 +90,14 @@ static int test_client_hello(int currtest) case TEST_PADDING_NOT_NEEDED: SSL_CTX_set_options(ctx, SSL_OP_TLSEXT_PADDING); /* - * Add lots of ciphersuites so that the ClientHello is at least + * Add some dummy ALPN protocols so that the ClientHello is at least * F5_WORKAROUND_MIN_MSG_LEN bytes long - meaning padding will be - * needed. Also add some dummy ALPN protocols in case we still don't - * have enough. + * needed. */ if (currtest == TEST_ADD_PADDING - && (!TEST_true(SSL_CTX_set_cipher_list(ctx, "ALL")) - || !TEST_false(SSL_CTX_set_alpn_protos(ctx, - (unsigned char *)alpn_prots, - sizeof(alpn_prots) - 1)))) + && (!TEST_false(SSL_CTX_set_alpn_protos(ctx, + (unsigned char *)alpn_prots, + sizeof(alpn_prots) - 1)))) goto end; break;