Raise an error on syscall failure in tls_retry_write_records

[openssl.git] / test / recipes / 70-test_sslversions.t

diff --git a/test/recipes/70-test_sslversions.t b/test/recipes/70-test_sslversions.t
index 6044a05954fb7fa8996e8c595580d91f70a9a275..66b5606db5a21a1a9e136ee7bbdaf6f03b1ae4fb 100644 (file)
--- a/test/recipes/70-test_sslversions.t
+++ b/test/recipes/70-test_sslversions.t
@@ -1,7 +1,7 @@
 #! /usr/bin/env perl
-# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
 #
-# Licensed under the OpenSSL license (the "License").  You may not use
+# Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
 # in the file LICENSE in the source distribution or at
 # https://www.openssl.org/source/license.html
@@ -18,7 +18,8 @@ use constant {
     NO_EXTENSION => 3,
     EMPTY_EXTENSION => 4,
     TLS1_1_AND_1_0_ONLY => 5,
-    WITH_TLS1_4 => 6
+    WITH_TLS1_4 => 6,
+    BAD_LEGACY_VERSION => 7
 };
 
 my $testtype;
@@ -27,7 +28,7 @@ my $test_name = "test_sslversions";
 setup($test_name);
 
 plan skip_all => "TLSProxy isn't usable on $^O"
-    if $^O =~ /^(VMS|MSWin32)$/;
+    if $^O =~ /^(VMS)$/;
 
 plan skip_all => "$test_name needs the dynamic engine feature enabled"
     if disabled("engine") || disabled("dynamic-engine");
@@ -36,9 +37,10 @@ plan skip_all => "$test_name needs the sock feature enabled"
     if disabled("sock");
 
 plan skip_all => "$test_name needs TLS1.3, TLS1.2 and TLS1.1 enabled"
-    if disabled("tls1_3") || disabled("tls1_2") || disabled("tls1_1");
-
-$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
+    if disabled("tls1_3")
+       || (disabled("ec") && disabled("dh"))
+       || disabled("tls1_2")
+       || disabled("tls1_1");
 
 my $proxy = TLSProxy::Proxy->new(
     undef,
@@ -48,14 +50,14 @@ my $proxy = TLSProxy::Proxy->new(
 );
 
 #We're just testing various negative and unusual scenarios here. ssltest with
-#02-protocol-version.conf should check all the various combinations of normal
+#02-protocol-version.cnf should check all the various combinations of normal
 #version neg
 
 #Test 1: An empty supported_versions extension should not succeed
 $testtype = EMPTY_EXTENSION;
 $proxy->filter(\&modify_supported_versions_filter);
 $proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
-plan tests => 7;
+plan tests => 8;
 ok(TLSProxy::Message->fail(), "Empty supported versions");
 
 #Test 2: supported_versions extension with no recognised versions should not
@@ -94,6 +96,8 @@ ok(TLSProxy::Message->success()
 #Test 6: no TLSv1.3 or TLSv1.2 version in supported versions extension, but
 #TLSv1.1 and TLSv1.0 are present. Should just use TLSv1.1 and succeed
 $proxy->clear();
+$proxy->clientflags("-cipher DEFAULT:\@SECLEVEL=0");
+$proxy->ciphers("AES128-SHA:\@SECLEVEL=0");
 $testtype = TLS1_1_AND_1_0_ONLY;
 $proxy->start();
 $record = pop @{$proxy->record_list};
@@ -111,6 +115,12 @@ ok(TLSProxy::Message->success()
    && TLSProxy::Proxy->is_tls13(),
    "TLS1.4 in supported versions extension");
 
+#Test 8: Set the legacy version to SSLv3 with supported versions. Should fail
+$proxy->clear();
+$testtype = BAD_LEGACY_VERSION;
+$proxy->start();
+ok(TLSProxy::Message->fail(), "Legacy version is SSLv3 with supported versions");
+
 sub modify_supported_versions_filter
 {
     my $proxy = shift;
@@ -164,14 +174,15 @@ sub modify_supported_versions_filter
             } elsif ($testtype == EMPTY_EXTENSION) {
                 $message->set_extension(
                     TLSProxy::Message::EXT_SUPPORTED_VERSIONS, "");
-            } else {
+            } elsif ($testtype == NO_EXTENSION) {
                 $message->delete_extension(
                     TLSProxy::Message::EXT_SUPPORTED_VERSIONS);
+            } else {
+                # BAD_LEGACY_VERSION
+                $message->client_version(TLSProxy::Record::VERS_SSL_3_0);
             }
 
             $message->repack();
         }
     }
 }
-
-