From 0e1e4045c469f03294e33c0344d882e71dbd0d07 Mon Sep 17 00:00:00 2001 From: Benjamin Kaduk Date: Wed, 5 Apr 2017 13:32:18 -0500 Subject: [PATCH] TLS 1.3 client sigalgs test no longer needs TLS 1.2 Per the TODO comment, we now have proper certificate selection for TLS 1.3 client certificates, so this test can move into its own block. (It cannot merge with the previous block, as it requires EC.) Verified that the test passes when configured with enable-tls1_3 no-tls1 no-tls1_1 no-tls1_2. Reviewed-by: Rich Salz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/3131) --- test/recipes/70-test_sslsigalgs.t | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/test/recipes/70-test_sslsigalgs.t b/test/recipes/70-test_sslsigalgs.t index dbd4870d17..832a4ba24d 100644 --- a/test/recipes/70-test_sslsigalgs.t +++ b/test/recipes/70-test_sslsigalgs.t @@ -92,20 +92,20 @@ SKIP: { } SKIP: { - skip "EC, TLSv1.3 or TLSv1.2 disabled", 2 - if disabled("tls1_2") || disabled("tls1_3") || disabled("ec"); - + skip "EC or TLSv1.3 disabled", 1 + if disabled("tls1_3") || disabled("ec"); #Test 7: Sending a valid sig algs list but not including a sig type that - # matches the certificate should fail in TLSv1.3. We need TLSv1.2 - # enabled for this test - otherwise the client will not attempt to - # connect due to no TLSv1.3 ciphers being available. - # TODO(TLS1.3): When proper TLSv1.3 certificate selection is working - # we can move this test into the section above + # matches the certificate should fail in TLSv1.3. $proxy->clear(); $proxy->clientflags("-sigalgs ECDSA+SHA256"); $proxy->filter(undef); $proxy->start(); ok(TLSProxy::Message->fail, "No matching TLSv1.3 sigalgs"); +} + +SKIP: { + skip "EC, TLSv1.3 or TLSv1.2 disabled", 1 + if disabled("tls1_2") || disabled("tls1_3") || disabled("ec"); #Test 8: Sending a full list of TLSv1.3 sig algs but negotiating TLSv1.2 # should succeed -- 2.34.1