From e3cea2a7b9f8b689dec559898435dff0df65a323 Mon Sep 17 00:00:00 2001 From: Timur Pocheptsov Date: Mon, 9 Apr 2018 15:46:21 +0200 Subject: QSslSocket (OpenSSL 1.1) - respect requested protocol version MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Properly handle single protocol TLS configurations. Previously, due to the use of generic (non version-specific) client/server method they worked as ranges of protocols instead. This also fixes a couple of previously broken tests. Task-number: QTBUG-67584 Change-Id: Ied23113a4fab6b407a34c953e3bd33eab153bb67 Reviewed-by: MÃ¥rten Nordheim Reviewed-by: Edward Welbourne --- tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) (limited to 'tests/auto/network') diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp index 1332b369e7..bb01116240 100644 --- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp +++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp @@ -1188,13 +1188,7 @@ void tst_QSslSocket::protocolServerSide_data() #if !defined(OPENSSL_NO_SSL2) // OpenSSL 1.1 has removed SSL2 support. But there is no OPENSSL_NO_SSL2 macro ... #define OPENSSL_NO_SSL2 -#endif - // A client using our OpenSSL1.1 backend will negotiate up from TLS 1.0 or 1.1 - // to TLS 1.2 if the server asks for it, where our older backend fails to compromise. - // So some tests that fail for the old pass with the new. - const bool willUseTLS12 = true; -#else - const bool willUseTLS12 = false; +#endif // OPENSSL_NO_SSL2 #endif // opensslv11 #if !defined(OPENSSL_NO_SSL2) && !defined(QT_SECURETRANSPORT) @@ -1290,7 +1284,7 @@ void tst_QSslSocket::protocolServerSide_data() QTest::newRow("tls1.1orlater-ssl3") << QSsl::TlsV1_1OrLater << QSsl::SslV3 << false; #endif - QTest::newRow("tls1.1orlater-tls1.0") << QSsl::TlsV1_1OrLater << QSsl::TlsV1_0 << willUseTLS12; + QTest::newRow("tls1.1orlater-tls1.0") << QSsl::TlsV1_1OrLater << QSsl::TlsV1_0 << false; QTest::newRow("tls1.1orlater-tls1.1") << QSsl::TlsV1_1OrLater << QSsl::TlsV1_1 << true; QTest::newRow("tls1.1orlater-tls1.2") << QSsl::TlsV1_1OrLater << QSsl::TlsV1_2 << true; @@ -1300,8 +1294,8 @@ void tst_QSslSocket::protocolServerSide_data() #if !defined(OPENSSL_NO_SSL3) QTest::newRow("tls1.2orlater-ssl3") << QSsl::TlsV1_2OrLater << QSsl::SslV3 << false; #endif - QTest::newRow("tls1.2orlater-tls1.0") << QSsl::TlsV1_2OrLater << QSsl::TlsV1_0 << willUseTLS12; - QTest::newRow("tls1.2orlater-tls1.1") << QSsl::TlsV1_2OrLater << QSsl::TlsV1_1 << willUseTLS12; + QTest::newRow("tls1.2orlater-tls1.0") << QSsl::TlsV1_2OrLater << QSsl::TlsV1_0 << false; + QTest::newRow("tls1.2orlater-tls1.1") << QSsl::TlsV1_2OrLater << QSsl::TlsV1_1 << false; QTest::newRow("tls1.2orlater-tls1.2") << QSsl::TlsV1_2OrLater << QSsl::TlsV1_2 << true; QTest::newRow("any-tls1.0") << QSsl::AnyProtocol << QSsl::TlsV1_0 << true; -- cgit v1.2.3