From e6fd7d57ca871ed9cd2d0bec49344380526b95db Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 13 Sep 2024 18:15:13 +0200 Subject: [PATCH] Use OPENSSL_NEXT for a test case that uses IPv6 when available dtls_client connects to "localhost", which is usually IPv6 on modern systems. On our CI, $OPENSSL is OpenSSL 1.0.2g which doesn't support IPv6. Pitching dtls_client against $OPENSSL works on the CI at the moment, but only because the CI runs in Docker with default network settings which has IPv6 disabled. This would stop working if we changed the CI's Docker setup, and the test case is likely to fail on a developer machine. So switch the test case to using $OPENSSL_NEXT (which is a version of OpenSSL that has IPv6 support). Signed-off-by: Gilles Peskine --- tests/opt-testcases/sample.sh | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/tests/opt-testcases/sample.sh b/tests/opt-testcases/sample.sh index bd800054fd..8b2bc995a3 100644 --- a/tests/opt-testcases/sample.sh +++ b/tests/opt-testcases/sample.sh @@ -78,10 +78,20 @@ run_test "Sample: dtls_client, ssl_server2" \ -c "[1-9][0-9]* bytes written" \ -C "error" +# The dtls_client program connects to localhost. This test case fails on +# systems where the name "localhost" resolves to an IPv6 address, but +# the IPv6 connection is not possible. Possible reasons include: +# * OpenSSL is too old (IPv6 support was added in 1.1.0). +# * OpenSSL was built without IPv6 support. +# * A firewall blocks IPv6. +# +# To facilitate working with this test case, have it run with $OPENSSL_NEXT +# which is at least 1.1.1a. At the time it was introduced, this test case +# passed with OpenSSL 1.0.2g on an environment where IPv6 is disabled. requires_protocol_version dtls12 run_test "Sample: dtls_client, openssl server, DTLS 1.2" \ -P 4433 \ - "$O_SRV -dtls1_2" \ + "$O_NEXT_SRV -dtls1_2" \ "$PROGRAMS_DIR/dtls_client" \ 0 \ -s "Echo this" \