diff options
author | Joel Sing <jsing@cvs.openbsd.org> | 2021-02-07 14:52:18 +0000 |
---|---|---|
committer | Joel Sing <jsing@cvs.openbsd.org> | 2021-02-07 14:52:18 +0000 |
commit | 76e260fd06defc4810e45bf52bef1b83cf61fea2 (patch) | |
tree | 21601f45d9fef5f70bca54764483e4ebc6cfed39 /regress/lib/libssl/dtls/dtlstest.c | |
parent | 6e89932db2770f23eed786339df944565edcf3fa (diff) |
Enable auto DHE and disable session tickets for some tests.
This allows us to drop the server messages that we intend on dropping.
Diffstat (limited to 'regress/lib/libssl/dtls/dtlstest.c')
-rw-r--r-- | regress/lib/libssl/dtls/dtlstest.c | 25 |
1 files changed, 13 insertions, 12 deletions
diff --git a/regress/lib/libssl/dtls/dtlstest.c b/regress/lib/libssl/dtls/dtlstest.c index 4274dee7f6b..7292ea1cf69 100644 --- a/regress/lib/libssl/dtls/dtlstest.c +++ b/regress/lib/libssl/dtls/dtlstest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dtlstest.c,v 1.6 2021/02/06 07:34:34 jsing Exp $ */ +/* $OpenBSD: dtlstest.c,v 1.7 2021/02/07 14:52:17 jsing Exp $ */ /* * Copyright (c) 2020 Joel Sing <jsing@openbsd.org> * @@ -344,6 +344,7 @@ dtls_server(int sock, long options, long mtu) SSL_CTX_set_cookie_generate_cb(ssl_ctx, dtls_cookie_generate); SSL_CTX_set_cookie_verify_cb(ssl_ctx, dtls_cookie_verify); + SSL_CTX_set_dh_auto(ssl_ctx, 2); SSL_CTX_set_options(ssl_ctx, options); SSL_CTX_set_read_ahead(ssl_ctx, 1); @@ -563,34 +564,34 @@ static const struct dtls_test dtls_tests[] = { }, { .desc = "DTLS with dropped ServerHello", - .ssl_options = 0, + .ssl_options = SSL_OP_NO_TICKET, .server_bbio_off = 1, .server_drops = { 1 }, }, { .desc = "DTLS with dropped server Certificate", - .ssl_options = 0, + .ssl_options = SSL_OP_NO_TICKET, .server_bbio_off = 1, .server_drops = { 2 }, }, { .desc = "DTLS with dropped ServerKeyExchange", - .ssl_options = 0, + .ssl_options = SSL_OP_NO_TICKET, .server_bbio_off = 1, .server_drops = { 3 }, }, -#if 0 - /* - * These three currently result in the server accept completing and the - * client looping on a timeout. Presumably the server should not - * complete until the client Finished is received... - */ { .desc = "DTLS with dropped ServerHelloDone", - .ssl_options = 0, + .ssl_options = SSL_OP_NO_TICKET, .server_bbio_off = 1, .server_drops = { 4 }, }, +#if 0 + /* + * These two result in the server accept completing and the + * client looping on a timeout. Presumably the server should not + * complete until the client Finished is received... + */ { .desc = "DTLS with dropped server CCS", .ssl_options = 0, @@ -611,7 +612,7 @@ static const struct dtls_test dtls_tests[] = { .client_drops = { 2 }, }, { - .desc = "DTLS with dropped Client CCS", + .desc = "DTLS with dropped client CCS", .ssl_options = 0, .client_bbio_off = 1, .client_drops = { 3 }, |