From dab3dacd45d0d9045dae1070a74d8a65e0428e7f Mon Sep 17 00:00:00 2001 From: tb Date: Sat, 27 Mar 2021 18:11:53 +0000 Subject: [PATCH] Enable test-sig-algs-renegotiation-resumption.py. This test covers various scenarios with renegotiation and session resumption. In particular it crashes the OpenSSL 1.1.1j server due to the sigalg NULL deref fixed this week. We need --sig-algs-drop-ok since we do not currently implement signature_algorithms_cert. --- regress/lib/libssl/tlsfuzzer/tlsfuzzer.py | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py b/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py index 9c2f28f2934..0a1c6f9459e 100644 --- a/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py +++ b/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py @@ -1,4 +1,4 @@ -# $OpenBSD: tlsfuzzer.py,v 1.25 2021/03/26 22:35:17 tb Exp $ +# $OpenBSD: tlsfuzzer.py,v 1.26 2021/03/27 18:11:53 tb Exp $ # # Copyright (c) 2020 Theo Buehler # @@ -376,6 +376,11 @@ tls12_tests = TestGroup("TLSv1.2 tests", [ tls13_args = ["--server-max-protocol", "TLSv1.3"], ), Test("test-fallback-scsv.py", tls13_args = ["--tls-1.3"] ), + + # Without --sig-algs-drop-ok, two tests fail since we do not currently + # implement the signature_algorithms_cert extension (although we MUST). + Test("test-sig-algs-renegotiation-resumption.py", ["--sig-algs-drop-ok"]), + Test("test-serverhello-random.py", args = tls12_exclude_legacy_protocols), ]) @@ -526,10 +531,6 @@ tls12_failing_tests = TestGroup("failing TLSv1.2 tests", [ # 'rsa_pss_pss_sha512 only' Test("test-sig-algs.py"), - # Without --sig-algs-drop-ok, two tests fail since we do not currently - # implement the signature_algorithms_cert extension (although we MUST). - Test("test-sig-algs-renegotiation-resumption.py", ["--sig-algs-drop-ok"]), - # 13 failures: # 'duplicated n non-rsa schemes' for n in 202 2342 8119 23741 32744 # 'empty list of signature methods' -- 2.20.1