summaryrefslogtreecommitdiff
path: root/regress/lib/libssl/dtls/dtlstest.c
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2021-02-07 14:52:18 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2021-02-07 14:52:18 +0000
commit76e260fd06defc4810e45bf52bef1b83cf61fea2 (patch)
tree21601f45d9fef5f70bca54764483e4ebc6cfed39 /regress/lib/libssl/dtls/dtlstest.c
parent6e89932db2770f23eed786339df944565edcf3fa (diff)
Enable auto DHE and disable session tickets for some tests.
This allows us to drop the server messages that we intend on dropping.
Diffstat (limited to 'regress/lib/libssl/dtls/dtlstest.c')
-rw-r--r--regress/lib/libssl/dtls/dtlstest.c25
1 files changed, 13 insertions, 12 deletions
diff --git a/regress/lib/libssl/dtls/dtlstest.c b/regress/lib/libssl/dtls/dtlstest.c
index 4274dee7f6b..7292ea1cf69 100644
--- a/regress/lib/libssl/dtls/dtlstest.c
+++ b/regress/lib/libssl/dtls/dtlstest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dtlstest.c,v 1.6 2021/02/06 07:34:34 jsing Exp $ */
+/* $OpenBSD: dtlstest.c,v 1.7 2021/02/07 14:52:17 jsing Exp $ */
/*
* Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
*
@@ -344,6 +344,7 @@ dtls_server(int sock, long options, long mtu)
SSL_CTX_set_cookie_generate_cb(ssl_ctx, dtls_cookie_generate);
SSL_CTX_set_cookie_verify_cb(ssl_ctx, dtls_cookie_verify);
+ SSL_CTX_set_dh_auto(ssl_ctx, 2);
SSL_CTX_set_options(ssl_ctx, options);
SSL_CTX_set_read_ahead(ssl_ctx, 1);
@@ -563,34 +564,34 @@ static const struct dtls_test dtls_tests[] = {
},
{
.desc = "DTLS with dropped ServerHello",
- .ssl_options = 0,
+ .ssl_options = SSL_OP_NO_TICKET,
.server_bbio_off = 1,
.server_drops = { 1 },
},
{
.desc = "DTLS with dropped server Certificate",
- .ssl_options = 0,
+ .ssl_options = SSL_OP_NO_TICKET,
.server_bbio_off = 1,
.server_drops = { 2 },
},
{
.desc = "DTLS with dropped ServerKeyExchange",
- .ssl_options = 0,
+ .ssl_options = SSL_OP_NO_TICKET,
.server_bbio_off = 1,
.server_drops = { 3 },
},
-#if 0
- /*
- * These three currently result in the server accept completing and the
- * client looping on a timeout. Presumably the server should not
- * complete until the client Finished is received...
- */
{
.desc = "DTLS with dropped ServerHelloDone",
- .ssl_options = 0,
+ .ssl_options = SSL_OP_NO_TICKET,
.server_bbio_off = 1,
.server_drops = { 4 },
},
+#if 0
+ /*
+ * These two result in the server accept completing and the
+ * client looping on a timeout. Presumably the server should not
+ * complete until the client Finished is received...
+ */
{
.desc = "DTLS with dropped server CCS",
.ssl_options = 0,
@@ -611,7 +612,7 @@ static const struct dtls_test dtls_tests[] = {
.client_drops = { 2 },
},
{
- .desc = "DTLS with dropped Client CCS",
+ .desc = "DTLS with dropped client CCS",
.ssl_options = 0,
.client_bbio_off = 1,
.client_drops = { 3 },