mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-28 19:21:08 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix "Renegotiation: openssl server, client-initiated" with OpenSSL 3

Browse Source 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2024-09-06 13:52:14 +02:00
parent a45ba05e35
commit 56ee69de5b
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
tests/ssl-opt.sh
View File

@ -795,6 +795,14 @@ requires_openssl_tls1_3() {
fi fi
} }
# OpenSSL 3 servers forbid client renegotiation by default.
# Older versions always alow it.
OPENSSL_S_SERVER_CLIENT_RENEGOTIATION=
case $($OPENSSL s_server -help 2>&1) in
*-client_renegotiation*)
OPENSSL_S_SERVER_CLIENT_RENEGOTIATION=-client_renegotiation;;
esac
# skip next test if tls1_3 is not available # skip next test if tls1_3 is not available
requires_gnutls_tls1_3() { requires_gnutls_tls1_3() {
requires_gnutls_next requires_gnutls_next
@ -5550,7 +5558,7 @@ run_test "Renegotiation: nbio, server-initiated" \
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: openssl server, client-initiated" \ run_test "Renegotiation: openssl server, client-initiated" \
"$O_SRV -www -tls1_2" \ "$O_SRV -www $OPENSSL_S_SERVER_CLIENT_RENEGOTIATION -tls1_2" \
"$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \
0 \ 0 \
-c "client hello, adding renegotiation extension" \ -c "client hello, adding renegotiation extension" \