Compatibiliy with older OpenSSL and GnuTLS

GnuTLS 3.4.x doesn't allow repeated `-p PORT` arguments. OpenSSL 1.0.2 has different logs. For TLS 1.2 test cases, use a line that is present in logs from OpenSSL 1.0.2g, 3.3.0 and presumably all versions in between. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-03-14 07:20:52 +00:00 · 2024-09-04 23:33:36 +02:00 · 2024-09-04 23:33:36 +02:00 · 8d64fe1c56
commit 8d64fe1c56
parent 33aa202339
2 changed files with 10 additions and 7 deletions
--- a/tests/opt-testcases/sample.sh
+++ b/tests/opt-testcases/sample.sh
@ -11,7 +11,7 @@ run_test    "Sample: ssl_client1, openssl server, TLS 1.2" \
            "$O_SRV -tls1_2" \
            "$PROGRAMS_DIR/ssl_client1" \
            0 \
-            -c "New, TLSv1.2, Cipher is" \
+            -c "Protocol.*TLSv1.2" \
            -S "ERROR" \
            -C "error"

@ -56,7 +56,6 @@ run_test    "Sample: dtls_client, openssl server, DTLS 1.2" \
            "$PROGRAMS_DIR/dtls_client" \
            0 \
            -s "Echo this" \
-            -s "DONE" \
            -c "Echo this" \
            -c "[1-9][0-9]* bytes written" \
            -c "[1-9][0-9]* bytes read" \
@ -84,7 +83,7 @@ run_test    "Sample: ssl_server, openssl client, TLS 1.2" \
            "$O_CLI -tls1_2" \
            0 \
            -s "Successful connection using: TLS-" \
-            -c "New, TLSv1.2, Cipher is" \
+            -c "Protocol.*TLSv1.2" \
            -S "error" \
            -C "ERROR"

@ -130,7 +129,7 @@ run_test    "Sample: ssl_fork_server, openssl client, TLS 1.2" \
            "$O_CLI -tls1_2" \
            0 \
            -s "Successful connection using: TLS-" \
-            -c "New, TLSv1.2, Cipher is" \
+            -c "Protocol.*TLSv1.2" \
            -S "error" \
            -C "ERROR"

@ -176,7 +175,7 @@ run_test    "Sample: ssl_pthread_server, openssl client, TLS 1.2" \
            "$O_CLI -tls1_2" \
            0 \
            -s "Successful connection using: TLS-" \
-            -c "New, TLSv1.2, Cipher is" \
+            -c "Protocol.*TLSv1.2" \
            -S "error" \
            -C "ERROR"

@ -223,7 +222,7 @@ run_test    "Sample: dtls_server, openssl client, DTLS 1.2" \
            0 \
            -s "[1-9][0-9]* bytes read" \
            -s "[1-9][0-9]* bytes written" \
-            -c "New, TLSv1.2, Cipher is" \
+            -c "Protocol.*TLSv1.2" \
            -S "error" \
            -C "ERROR"

--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@ -1447,7 +1447,11 @@ analyze_test_commands() {
    # GnuTLS, override its port specification.
    if [ "$THIS_SRV_PORT" != "$SRV_PORT" ]; then
        case "$SRV_CMD" in
-            "$G_SRV"*|"$G_NEXT_SRV"*) SRV_CMD="$SRV_CMD -p $THIS_SRV_PORT";;
+            "$G_SRV"*|"$G_NEXT_SRV"*)
+                SRV_CMD=$(
+                    printf %s "$SRV_CMD " |
+                    sed -e "s/ -p $SRV_PORT / -p $THIS_SRV_PORT /"
+                );;
            "$O_SRV"*|"$O_NEXT_SRV"*) SRV_CMD="$SRV_CMD -accept $THIS_SRV_PORT";;
        esac
    fi