void-packages/srcpkgs/h2o/patches/tests-force-TLSv1.2-on-s_cl...

59 lines
2.5 KiB
Diff
Raw Normal View History

From 752caaf33bf5a752bf2926aa32a1f8851a023fbf Mon Sep 17 00:00:00 2001
From: Apollon Oikonomopoulos <apoikos@debian.org>
Date: Fri, 14 Sep 2018 16:44:34 +0300
Subject: [PATCH] Tests: force TLSv1.2 on s_client invocations
The tests are not ready (yet) to handle TLSv1.3 support in OpenSSL, so
make s_client use TLSv1.2 explicitly.
Note that we could pass -no_tls1_3 instead, but this would break with
older (pre-1.1.1) OpenSSL versions.
---
t/40memcached-session-resumption.t | 2 +-
t/40session-ticket.t | 2 +-
t/40ssl-cipher-suite.t | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/t/40memcached-session-resumption.t b/t/40memcached-session-resumption.t
index 129affbe..6774bece 100644
--- a/t/40memcached-session-resumption.t
+++ b/t/40memcached-session-resumption.t
@@ -47,7 +47,7 @@ hosts:
file.dir: @{[ DOC_ROOT ]}
EOT
my $lines = do {
- open my $fh, "-|", "openssl s_client -no_ticket $opts -connect 127.0.0.1:$server->{tls_port} 2>&1 < /dev/null"
+ open my $fh, "-|", "openssl s_client -tls1_2 -no_ticket $opts -connect 127.0.0.1:$server->{tls_port} 2>&1 < /dev/null"
or die "failed to open pipe:$!";
local $/;
<$fh>;
diff --git a/t/40session-ticket.t b/t/40session-ticket.t
index 2e5d5e4a..e712ef18 100644
--- a/t/40session-ticket.t
+++ b/t/40session-ticket.t
@@ -122,7 +122,7 @@ EOT
sub test {
my $lines = do {
my $cmd_opts = (-e "$tempdir/session" ? "-sess_in $tempdir/session" : "") . " -sess_out $tempdir/session";
- open my $fh, "-|", "openssl s_client $cmd_opts -connect 127.0.0.1:$server->{tls_port} 2>&1 < /dev/null"
+ open my $fh, "-|", "openssl s_client -tls1_2 $cmd_opts -connect 127.0.0.1:$server->{tls_port} 2>&1 < /dev/null"
or die "failed to open pipe:$!";
local $/;
<$fh>;
diff --git a/t/40ssl-cipher-suite.t b/t/40ssl-cipher-suite.t
index bda71842..71bdcf53 100644
--- a/t/40ssl-cipher-suite.t
+++ b/t/40ssl-cipher-suite.t
@@ -32,7 +32,7 @@ my ($guard, $pid) = spawn_server(
);
# connect to the server with AES256-SHA as the first choice, and check that AES128-SHA was selected
-my $log = `openssl s_client -cipher AES256-SHA:AES128-SHA -host 127.0.0.1 -port $port < /dev/null 2>&1`;
+my $log = `openssl s_client -tls1_2 -cipher AES256-SHA:AES128-SHA -host 127.0.0.1 -port $port < /dev/null 2>&1`;
like $log, qr/^\s*Cipher\s*:\s*AES128-SHA\s*$/m;
done_testing;
--
2.18.0