From: Matt Caswell <matt@openssl.org>
Date: Thu, 12 Jan 2017 09:48:38 +0000 (+0000)
Subject: Fix no-dh builds
X-Git-Tag: OpenSSL_1_1_1-pre1~2684
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=928933f92fa214fb8b4f9bbcd242ad2c3d16d46f;p=oweals%2Fopenssl.git

Fix no-dh builds

One of the new tests uses a DH based ciphersuite. That test should be
disabled if DH is disabled.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2217)
---

diff --git a/test/recipes/70-test_sslsignature.t b/test/recipes/70-test_sslsignature.t
index 732e17eb6f..7892823406 100755
--- a/test/recipes/70-test_sslsignature.t
+++ b/test/recipes/70-test_sslsignature.t
@@ -93,14 +93,19 @@ SKIP: {
     $proxy->start();
     ok(TLSProxy::Message->fail, "Corrupt <=TLSv1.2 CertVerify");
 
-    #Test 4: Corrupting a ServerKeyExchange signature in <=TLSv1.2 should fail
-    $proxy->clear();
-    $testtype = CORRUPT_TLS1_2_SERVER_KEY_EXCHANGE;
-    $proxy->clientflags("-no_tls1_3");
-    $proxy->cipherc('DHE-RSA-AES128-SHA');
-    $proxy->ciphers('DHE-RSA-AES128-SHA');
-    $proxy->start();
-    ok(TLSProxy::Message->fail, "Corrupt <=TLSv1.2 ServerKeyExchange");
+    SKIP: {
+        skip "DH disabled", 1 if disabled("dh");
+
+        #Test 4: Corrupting a ServerKeyExchange signature in <=TLSv1.2 should
+        #fail
+        $proxy->clear();
+        $testtype = CORRUPT_TLS1_2_SERVER_KEY_EXCHANGE;
+        $proxy->clientflags("-no_tls1_3");
+        $proxy->cipherc('DHE-RSA-AES128-SHA');
+        $proxy->ciphers('DHE-RSA-AES128-SHA');
+        $proxy->start();
+        ok(TLSProxy::Message->fail, "Corrupt <=TLSv1.2 ServerKeyExchange");
+    }
 }
 
 sub signature_filter