/*
* Inject a dummy record from the next epoch. In test 0, this should never
* get used because the message sequence number is too big. In test 1 we set
- * the record sequence number to be way off in the future. This should not
- * have an impact on the record replay protection because the record should
- * be dropped before it is marked as arrived
+ * the record sequence number to be way off in the future.
*/
c_to_s_mempacket = SSL_get_wbio(clientssl1);
c_to_s_mempacket = BIO_next(c_to_s_mempacket);
mempacket_test_inject(c_to_s_mempacket, (char *)certstatus,
sizeof(certstatus), 1, INJECT_PACKET_IGNORE_REC_SEQ);
- if (!TEST_true(create_ssl_connection(serverssl1, clientssl1,
- SSL_ERROR_NONE)))
+ /*
+ * Create the connection. We use "create_bare_ssl_connection" here so that
+ * we can force the connection to not do "SSL_read" once partly connected.
+ * We don't want to accidentally read the dummy records we injected because
+ * they will fail to decrypt.
+ */
+ if (!TEST_true(create_bare_ssl_connection(serverssl1, clientssl1,
+ SSL_ERROR_NONE, 0)))
goto end;
if (timer_cb_count == 0) {
#define CLI_TO_SRV_EPOCH_0_RECS 3
#define CLI_TO_SRV_EPOCH_1_RECS 1
#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
-# define SRV_TO_CLI_EPOCH_0_RECS 12
+# define SRV_TO_CLI_EPOCH_0_RECS 10
#else
/*
* In this case we have no ServerKeyExchange message, because we don't have
return testresult;
}
+OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n")
+
int setup_tests(void)
{
+ if (!test_skip_common_options()) {
+ TEST_error("Error parsing test options\n");
+ return 0;
+ }
+
if (!TEST_ptr(cert = test_get_argument(0))
|| !TEST_ptr(privkey = test_get_argument(1)))
return 0;