projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Limit the length of the encrypted premaster key.
[openssl.git]
/
test
/
sslapitest.c
diff --git
a/test/sslapitest.c
b/test/sslapitest.c
index ac065b281cd3a15ae222a163c87a95b1b8b8e8f2..1bd78789606bc2c1e89d28f64c0eb15441c511f4 100644
(file)
--- a/
test/sslapitest.c
+++ b/
test/sslapitest.c
@@
-198,6
+198,7
@@
static int test_keylog(void) {
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
+ int rc;
/* Clean up logging space */
memset(client_log_buffer, 0, LOG_BUFFER_SIZE + 1);
/* Clean up logging space */
memset(client_log_buffer, 0, LOG_BUFFER_SIZE + 1);
@@
-216,6
+217,13
@@
static int test_keylog(void) {
SSL_CTX_set_options(cctx, SSL_OP_NO_TLSv1_3);
SSL_CTX_set_options(sctx, SSL_OP_NO_TLSv1_3);
SSL_CTX_set_options(cctx, SSL_OP_NO_TLSv1_3);
SSL_CTX_set_options(sctx, SSL_OP_NO_TLSv1_3);
+ /* We also want to ensure that we use RSA-based key exchange. */
+ rc = SSL_CTX_set_cipher_list(cctx, "RSA");
+ if (rc == 0) {
+ printf("Unable to restrict to RSA key exchange.\n");
+ goto end;
+ }
+
if (SSL_CTX_get_keylog_callback(cctx)) {
printf("Unexpected initial value for client "
"SSL_CTX_get_keylog_callback()\n");
if (SSL_CTX_get_keylog_callback(cctx)) {
printf("Unexpected initial value for client "
"SSL_CTX_get_keylog_callback()\n");