diff options
author | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2018-04-03 12:18:21 +0200 |
---|---|---|
committer | Mårten Nordheim <marten.nordheim@qt.io> | 2018-04-05 15:15:01 +0000 |
commit | e2694fa602e95a9043561e7dfb9f5956c08a5f14 (patch) | |
tree | 60f488323b9fbf45d5a8e358d46861b035ed8e70 | |
parent | 9c4295978eff1408fc3880000717508d738973ee (diff) |
tst_QSslSocket::signatureAlgorithm - fix for OpenSSL 1.1
The test creates client and server sockets with mismatching protocol versions,
trying different combinations, for example: 1) server (TLS 1.0) vs
client (TLS 1.2) or 2) server (TLS 1.2) vs client (TLS 1.1), etc.
Since TLS v < 1.2 does not support signature algorithms, they are ignored
and handshake is always successful. But our new OpenSSL 1.1 backend uses
generic TLS_client_method and TLS_server_method when creating SSL_CTX.
This means, both server and client will support TLS v. 1.2, they
will have no shared signature algorithms, thus handshake will fail
with an error string similar to this:
"tls1_set_server_sigalgs:no shared signature algorithms".
For OpenSSL 1.1 this test makes no sense.
Task-number: QTBUG-67456
Change-Id: Ibb2a12eea5e5c0ebaeee7d0719cc721ecf4763e6
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
-rw-r--r-- | tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp index 1332b369e7..11fe79a70c 100644 --- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp +++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp @@ -3974,7 +3974,12 @@ void tst_QSslSocket::signatureAlgorithm_data() << QSsl::AnyProtocol << QAbstractSocket::ConnectedState; - // signature algorithms do not match, but are ignored because the tls version is not v1.2 +#if !QT_CONFIG(opensslv11) + // Signature algorithms do not match, but are ignored because the tls version + // is not v1.2. Note, with OpenSSL 1.1 backend we use generic TLS_client_method + // and TLS_server_method, so both client and server sockets will enable + // protocol version 1.2 and thus handshake will fail (no shared signature + // algorithms). QTest::newRow("client_ignore_TlsV1_1") << QByteArrayList({rsaSha256}) << QSsl::TlsV1_1 @@ -3999,6 +4004,7 @@ void tst_QSslSocket::signatureAlgorithm_data() << QByteArrayList({rsaSha512}) << QSsl::TlsV1_0 << QAbstractSocket::ConnectedState; +#endif // opensslv11 } void tst_QSslSocket::signatureAlgorithm() |