Enable test-sig-algs-renegotiation-resumption.py.

This test covers various scenarios with renegotiation and session
resumption. In particular it crashes the OpenSSL 1.1.1j server due
to the sigalg NULL deref fixed this week. We need --sig-algs-drop-ok
since we do not currently implement signature_algorithms_cert.

diff --git a/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py b/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py
index 9c2f28f..0a1c6f9 100644 (file)
--- a/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py
+++ b/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py
@@ -1,4 +1,4 @@
-#   $OpenBSD: tlsfuzzer.py,v 1.25 2021/03/26 22:35:17 tb Exp $
+#   $OpenBSD: tlsfuzzer.py,v 1.26 2021/03/27 18:11:53 tb Exp $
 #
 # Copyright (c) 2020 Theo Buehler <tb@openbsd.org>
 #
@@ -376,6 +376,11 @@ tls12_tests = TestGroup("TLSv1.2 tests", [
         tls13_args = ["--server-max-protocol", "TLSv1.3"],
     ),
     Test("test-fallback-scsv.py", tls13_args = ["--tls-1.3"] ),
+
+    # Without --sig-algs-drop-ok, two tests fail since we do not currently
+    # implement the signature_algorithms_cert extension (although we MUST).
+    Test("test-sig-algs-renegotiation-resumption.py", ["--sig-algs-drop-ok"]),
+
     Test("test-serverhello-random.py", args = tls12_exclude_legacy_protocols),
 ])
 
@@ -526,10 +531,6 @@ tls12_failing_tests = TestGroup("failing TLSv1.2 tests", [
     #   'rsa_pss_pss_sha512 only'
     Test("test-sig-algs.py"),
 
-    # Without --sig-algs-drop-ok, two tests fail since we do not currently
-    # implement the signature_algorithms_cert extension (although we MUST).
-    Test("test-sig-algs-renegotiation-resumption.py", ["--sig-algs-drop-ok"]),
-
     # 13 failures:
     #   'duplicated n non-rsa schemes' for n in 202 2342 8119 23741 32744
     #   'empty list of signature methods'