Make tls_session_secret_cb work with CVE-2014-0224 fix.

[openssl.git] / ssl / ssltest.c

diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index bf09c6d82bc46680213b76ac5dbfb1039b866ebf..31a033b1a9aaee34b512085473cda6c04005ba1d 100644 (file)
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -576,8 +576,7 @@ static int custom_ext_0_cli_second_cb(SSL *s, unsigned short ext_type,
                                      unsigned short inlen, int *al,
                                      void *arg)
        {
-       custom_ext_error = 1; /* Shouldn't be called */
-       return 0;
+       return 1;
        }
 
 static int custom_ext_1_cli_first_cb(SSL *s, unsigned short ext_type,
@@ -596,8 +595,7 @@ static int custom_ext_1_cli_second_cb(SSL *s, unsigned short ext_type,
                                      unsigned short inlen, int *al,
                                      void *arg)
        {
-       custom_ext_error = 1; /* Shouldn't be called */
-       return 0;
+       return 1;
        }
 
 static int custom_ext_2_cli_first_cb(SSL *s, unsigned short ext_type,
@@ -654,8 +652,7 @@ static int custom_ext_0_srv_first_cb(SSL *s, unsigned short ext_type,
                                     unsigned short inlen, int *al,
                                     void *arg)
        {
-       custom_ext_error = 1;
-       return 0; /* Shouldn't be called */
+       return 1;
        }
 
 /* 'generate' callbacks are always called, even if the 'receive' callback isn't called */
@@ -1510,6 +1507,11 @@ bad:
                ERR_print_errors(bio_err);
                goto end;
                }
+       /* Since we will use low security ciphersuites and keys for
+        * testing set security level to zero.
+        */
+       SSL_CTX_set_security_level(c_ctx, 0);
+       SSL_CTX_set_security_level(s_ctx, 0);
 
        if (cipher != NULL)
                {