From e2694fa602e95a9043561e7dfb9f5956c08a5f14 Mon Sep 17 00:00:00 2001 From: Timur Pocheptsov Date: Tue, 3 Apr 2018 12:18:21 +0200 Subject: tst_QSslSocket::signatureAlgorithm - fix for OpenSSL 1.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The test creates client and server sockets with mismatching protocol versions, trying different combinations, for example: 1) server (TLS 1.0) vs client (TLS 1.2) or 2) server (TLS 1.2) vs client (TLS 1.1), etc. Since TLS v < 1.2 does not support signature algorithms, they are ignored and handshake is always successful. But our new OpenSSL 1.1 backend uses generic TLS_client_method and TLS_server_method when creating SSL_CTX. This means, both server and client will support TLS v. 1.2, they will have no shared signature algorithms, thus handshake will fail with an error string similar to this: "tls1_set_server_sigalgs:no shared signature algorithms". For OpenSSL 1.1 this test makes no sense. Task-number: QTBUG-67456 Change-Id: Ibb2a12eea5e5c0ebaeee7d0719cc721ecf4763e6 Reviewed-by: MÃ¥rten Nordheim Reviewed-by: Edward Welbourne --- tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'tests/auto/network/ssl') diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp index 1332b369e7..11fe79a70c 100644 --- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp +++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp @@ -3974,7 +3974,12 @@ void tst_QSslSocket::signatureAlgorithm_data() << QSsl::AnyProtocol << QAbstractSocket::ConnectedState; - // signature algorithms do not match, but are ignored because the tls version is not v1.2 +#if !QT_CONFIG(opensslv11) + // Signature algorithms do not match, but are ignored because the tls version + // is not v1.2. Note, with OpenSSL 1.1 backend we use generic TLS_client_method + // and TLS_server_method, so both client and server sockets will enable + // protocol version 1.2 and thus handshake will fail (no shared signature + // algorithms). QTest::newRow("client_ignore_TlsV1_1") << QByteArrayList({rsaSha256}) << QSsl::TlsV1_1 @@ -3999,6 +4004,7 @@ void tst_QSslSocket::signatureAlgorithm_data() << QByteArrayList({rsaSha512}) << QSsl::TlsV1_0 << QAbstractSocket::ConnectedState; +#endif // opensslv11 } void tst_QSslSocket::signatureAlgorithm() -- cgit v1.2.3