test: add test for auto DH security level meets the minimum
authorPauli <pauli@openssl.org>
Fri, 18 Jun 2021 03:17:42 +0000 (13:17 +1000)
committerPauli <pauli@openssl.org>
Sat, 19 Jun 2021 05:49:46 +0000 (15:49 +1000)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15818)

test/recipes/80-test_ssl_old.t

index 59f364d..b71bc01 100644 (file)
@@ -520,10 +520,10 @@ sub testssl {
     subtest 'RSA/(EC)DHE/PSK tests' => sub {
        ######################################################################
 
-       plan tests => 5;
+       plan tests => 6;
 
       SKIP: {
-         skip "TLSv1.0 is not supported by this OpenSSL build", 5
+         skip "TLSv1.0 is not supported by this OpenSSL build", 6
              if $no_tls1 || $provider eq "fips";
 
        SKIP: {
@@ -549,7 +549,7 @@ sub testssl {
          }
 
        SKIP: {
-           skip "skipping PSK tests", 2
+           skip "skipping PSK tests", 3
                if ($no_psk);
 
            ok(run(test([@ssltest, "-tls1", "-cipher", "PSK", "-psk", "abc123"])),
@@ -557,6 +557,9 @@ sub testssl {
 
            ok(run(test([@ssltest, "-bio_pair", "-tls1", "-cipher", "PSK", "-psk", "abc123"])),
               'test tls1 with PSK via BIO pair');
+
+            ok(run(test(['ssl_old_test', '-psk', '0102030405', '-cipher', '@SECLEVEL=2:DHE-PSK-AES128-CCM'])),
+               'test auto DH meets security strength');
          }
        }