Re-enable TLSv1.3 session resumption related tests in sslapitest

[openssl.git] / test / sslapitest.c

diff --git a/test/sslapitest.c b/test/sslapitest.c
index ac065b281cd3a15ae222a163c87a95b1b8b8e8f2..d76357ade98b74dce5d3305ae5f966f5b040a158 100644 (file)
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -198,6 +198,7 @@ static int test_keylog(void) {
     SSL_CTX *cctx = NULL, *sctx = NULL;
     SSL *clientssl = NULL, *serverssl = NULL;
     int testresult = 0;
+    int rc;
 
     /* Clean up logging space */
     memset(client_log_buffer, 0, LOG_BUFFER_SIZE + 1);
@@ -216,6 +217,13 @@ static int test_keylog(void) {
     SSL_CTX_set_options(cctx, SSL_OP_NO_TLSv1_3);
     SSL_CTX_set_options(sctx, SSL_OP_NO_TLSv1_3);
 
+    /* We also want to ensure that we use RSA-based key exchange. */
+    rc = SSL_CTX_set_cipher_list(cctx, "RSA");
+    if (rc == 0) {
+        printf("Unable to restrict to RSA key exchange.\n");
+        goto end;
+    }
+
     if (SSL_CTX_get_keylog_callback(cctx)) {
         printf("Unexpected initial value for client "
                "SSL_CTX_get_keylog_callback()\n");
@@ -781,12 +789,6 @@ static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix)
     SSL_CTX_set_min_proto_version(cctx, TLS1_2_VERSION);
 #endif
 
-    /*
-     * TODO(TLS1.3): Test temporarily disabled for TLS1.3 until we've
-     * implemented session resumption.
-     */
-    SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION);
-
     /* Set up session cache */
     if (fix.use_ext_cache) {
         SSL_CTX_sess_set_new_cb(cctx, new_session_cb);