Fix the no-nextprotoneg option

[openssl.git] / test / recipes / 80-test_ssl_old.t

diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
index 855e7c66f4f4e51f3e2d505b54eba72d14109ccb..67564e797094394580f47df81cb019c86cf02b67 100644 (file)
--- a/test/recipes/80-test_ssl_old.t
+++ b/test/recipes/80-test_ssl_old.t
@@ -568,6 +568,8 @@ sub testssl {
       SKIP: {
          skip "TLSv1.0 is not supported by this OpenSSL build", 7
              if $no_tls1;
       SKIP: {
          skip "TLSv1.0 is not supported by this OpenSSL build", 7
              if $no_tls1;

+         skip "Next Protocol Negotiation is not supported by this OpenSSL build", 7
+             if disabled("nextprotoneg");

 
          ok(run(test([@ssltest, "-bio_pair", "-tls1", "-npn_client"])));
          ok(run(test([@ssltest, "-bio_pair", "-tls1", "-npn_server"])));
 
          ok(run(test([@ssltest, "-bio_pair", "-tls1", "-npn_client"])));
          ok(run(test([@ssltest, "-bio_pair", "-tls1", "-npn_server"])));


@@ -811,20 +813,21 @@ sub testssl {
        plan tests => 3;
 
       SKIP: {
        plan tests => 3;
 
       SKIP: {

-         skip "Certificate Transparency is not supported by this OpenSSL build", 3
-             if $no_ct;
-         skip "TLSv1.0 is not supported by this OpenSSL build", 3
-             if $no_tls1;
-
-    $ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
-         ok(run(test([@ssltest, "-bio_pair", "-tls1", "-noct"])));
-         ok(run(test([@ssltest, "-bio_pair", "-tls1", "-requestct"])));
-         # No SCTs provided, so this should fail.
-         ok(run(test([@ssltest, "-bio_pair", "-tls1", "-requirect",
-                      "-should_negotiate", "fail-client"])));
-       }
+        skip "Certificate Transparency is not supported by this OpenSSL build", 3
+            if $no_ct;
+        skip "TLSv1.0 is not supported by this OpenSSL build", 3
+            if $no_tls1;
+
+        $ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
+        my @ca = qw(-CAfile certCA.ss);
+        ok(run(test([@ssltest, @ca, "-bio_pair", "-tls1", "-noct"])));
+        # No SCTs provided, so this should fail.
+        ok(run(test([@ssltest, @ca, "-bio_pair", "-tls1", "-ct",
+                     "-should_negotiate", "fail-client"])));
+        # No SCTs provided, unverified chains still succeed.
+        ok(run(test([@ssltest, "-bio_pair", "-tls1", "-ct"])));
+        }

     };
     };

-

 }
 
 sub testsslproxy {
 }
 
 sub testsslproxy {