Fix "Renegotiation: openssl server, client-initiated" with OpenSSL 3

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-03-14 07:20:52 +00:00 · 2024-09-06 13:52:14 +02:00 · 2024-09-06 13:52:14 +02:00 · ed8cc46d42
commit ed8cc46d42
parent 4012b5d4a3
1 changed files with 9 additions and 1 deletions
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@ -795,6 +795,14 @@ requires_openssl_tls1_3() {
    fi
 }

+# OpenSSL 3 servers forbid client renegotiation by default.
+# Older versions always alow it.
+OPENSSL_S_SERVER_CLIENT_RENEGOTIATION=
+case $($OPENSSL s_server -help 2>&1) in
+    *-client_renegotiation*)
+        OPENSSL_S_SERVER_CLIENT_RENEGOTIATION=-client_renegotiation;;
+esac
+
 # skip next test if tls1_3 is not available
 requires_gnutls_tls1_3() {
    requires_gnutls_next
@ -5550,7 +5558,7 @@ run_test    "Renegotiation: nbio, server-initiated" \
 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 run_test    "Renegotiation: openssl server, client-initiated" \
-            "$O_SRV -www -tls1_2" \
+            "$O_SRV -www $OPENSSL_S_SERVER_CLIENT_RENEGOTIATION -tls1_2" \
            "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \
            0 \
            -c "client hello, adding renegotiation extension" \