From: Matt Caswell <matt@openssl.org>
Date: Mon, 18 Jun 2018 12:00:40 +0000 (+0100)
Subject: Fix no-ssl3-method in 1.0.2
X-Git-Tag: OpenSSL_1_0_2p~35
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=8fbbbdd5fcfeca62d339d1db11887da2a298ee8e;p=oweals%2Fopenssl.git

Fix no-ssl3-method in 1.0.2

Fixes #5322

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6510)
---

diff --git a/test/testssl b/test/testssl
index 21bc4d8140..8bea40a4ce 100644
--- a/test/testssl
+++ b/test/testssl
@@ -172,14 +172,18 @@ for protocol in TLSv1.2 SSLv3; do
       test_cipher $cipher $protocol
     done
     echo "testing connection with weak DH, expecting failure"
-    if [ $protocol = "SSLv3" ] ; then
-      $ssltest -cipher EDH -dhe512 -ssl3
+    if [ $protocol = "SSLv3" ] && ../util/shlib_wrap.sh ../apps/openssl no-ssl3; then
+      echo "skipping weak DH test for disabled protocol"
     else
-      $ssltest -cipher EDH -dhe512
-    fi
-    if [ $? -eq 0 ]; then
-      echo "FAIL: connection with weak DH succeeded"
-      exit 1
+      if [ $protocol = "SSLv3" ] ; then
+        $ssltest -cipher EDH -dhe512 -ssl3
+      else
+        $ssltest -cipher EDH -dhe512
+      fi
+      if [ $? -eq 0 ]; then
+        echo "FAIL: connection with weak DH succeeded"
+        exit 1
+      fi
     fi
   fi
   if ../util/shlib_wrap.sh ../apps/openssl no-ec; then