diff options
| author | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2017-07-10 10:51:40 +0200 |
|---|---|---|
| committer | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2017-07-11 10:44:08 +0000 |
| commit | 3e3466d28c470057b755e70e37bb950da62a206e (patch) | |
| tree | 3dba67fa0e26d0092318035c80fb6841ea53bbf0 /tests | |
| parent | 8a8788f4df5811346f36613f0c12bfdc6f343e14 (diff) | |
tst_QSslSocket::protocolServerSide - fixes for OpenSSL 1.1
Several tests are not valid for 1.1 anymore:
1. SSL2 was removed, but there is no OPENSSL_NO_SSL2 and the 'protocolServerSide'
test is trying to use QSsl::SSLv2 and thus is failing.
2. We now use the generic TLS_server/client_method instead of version specific
methods we have in pre-1.1 back-end. So, for example, a client socket with
QSsl::TLS_V1_0 in its SSL configuration will be able to negotiate
TLS 1.2 if our server socket wants it, while with TLSv1_client_method
(OpenSSL < 1.1) our test was expecting SSL handshake to fail.
Change-Id: I18efd5921c79b189e4d9529be09299a361a8a81d
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp index 90838e8831..94377c2f20 100644 --- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp +++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp @@ -1170,6 +1170,19 @@ void tst_QSslSocket::protocolServerSide_data() QTest::addColumn<QSsl::SslProtocol>("clientProtocol"); QTest::addColumn<bool>("works"); +#if QT_CONFIG(opensslv11) +#if !defined(OPENSSL_NO_SSL2) + // OpenSSL 1.1 has removed SSL2 support. But there is no OPENSSL_NO_SSL2 macro ... +#define OPENSSL_NO_SSL2 +#endif + // A client using our OpenSSL1.1 backend will negotiate up from TLS 1.0 or 1.1 + // to TLS 1.2 if the server asks for it, where our older backend fails to compromise. + // So some tests that fail for the old pass with the new. + const bool willUseTLS12 = true; +#else + const bool willUseTLS12 = false; +#endif // opensslv11 + #if !defined(OPENSSL_NO_SSL2) && !defined(QT_SECURETRANSPORT) QTest::newRow("ssl2-ssl2") << QSsl::SslV2 << QSsl::SslV2 << false; // no idea why it does not work, but we don't care about SSL 2 #endif @@ -1262,7 +1275,8 @@ void tst_QSslSocket::protocolServerSide_data() #if !defined(OPENSSL_NO_SSL3) QTest::newRow("tls1.1orlater-ssl3") << QSsl::TlsV1_1OrLater << QSsl::SslV3 << false; #endif - QTest::newRow("tls1.1orlater-tls1.0") << QSsl::TlsV1_1OrLater << QSsl::TlsV1_0 << false; + + QTest::newRow("tls1.1orlater-tls1.0") << QSsl::TlsV1_1OrLater << QSsl::TlsV1_0 << willUseTLS12; QTest::newRow("tls1.1orlater-tls1.1") << QSsl::TlsV1_1OrLater << QSsl::TlsV1_1 << true; QTest::newRow("tls1.1orlater-tls1.2") << QSsl::TlsV1_1OrLater << QSsl::TlsV1_2 << true; @@ -1272,8 +1286,8 @@ void tst_QSslSocket::protocolServerSide_data() #if !defined(OPENSSL_NO_SSL3) QTest::newRow("tls1.2orlater-ssl3") << QSsl::TlsV1_2OrLater << QSsl::SslV3 << false; #endif - QTest::newRow("tls1.2orlater-tls1.0") << QSsl::TlsV1_2OrLater << QSsl::TlsV1_0 << false; - QTest::newRow("tls1.2orlater-tls1.1") << QSsl::TlsV1_2OrLater << QSsl::TlsV1_1 << false; + QTest::newRow("tls1.2orlater-tls1.0") << QSsl::TlsV1_2OrLater << QSsl::TlsV1_0 << willUseTLS12; + QTest::newRow("tls1.2orlater-tls1.1") << QSsl::TlsV1_2OrLater << QSsl::TlsV1_1 << willUseTLS12; QTest::newRow("tls1.2orlater-tls1.2") << QSsl::TlsV1_2OrLater << QSsl::TlsV1_2 << true; QTest::newRow("any-tls1.0") << QSsl::AnyProtocol << QSsl::TlsV1_0 << true; |