Merge pull request #7153 from lpy4105/issue/1785/backport-ssl-test-script-fail
Backport 2.28: compat.sh: Skip static ECDH cases if unsupported in openssl
diff --git a/.travis.yml b/.travis.yml
index cdf74c7..eb01a44 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -55,8 +55,8 @@
# Exclude a few test cases that are failing mysteriously.
# https://github.com/Mbed-TLS/mbedtls/issues/6660
- tests/ssl-opt.sh -e 'Fallback SCSV:\ .*list'
- # Modern OpenSSL does not support fixed ECDH, null or ancient ciphers.
- - tests/compat.sh -p OpenSSL -e 'NULL\|ECDH-\|DES\|RC4'
+ # Modern OpenSSL does not support null or ancient ciphers.
+ - tests/compat.sh -p OpenSSL -e 'NULL\|DES\|RC4'
- tests/scripts/travis-log-failure.sh
# GnuTLS supports CAMELLIA but compat.sh doesn't properly enable it.
# Modern GnuTLS does not support DES.
diff --git a/tests/compat.sh b/tests/compat.sh
index f96c4e4..e7f9d49 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -861,6 +861,16 @@
esac
}
+# o_check_ciphersuite CIPHER_SUITE_NAME
+o_check_ciphersuite()
+{
+ if [ "${O_SUPPORT_ECDH}" = "NO" ]; then
+ case "$1" in
+ *ECDH-*) SKIP_NEXT="YES"
+ esac
+ fi
+}
+
setup_arguments()
{
O_MODE=""
@@ -947,6 +957,11 @@
;;
esac
+ case $($OPENSSL ciphers ALL) in
+ *ECDH-ECDSA*|*ECDH-RSA*) O_SUPPORT_ECDH="YES";;
+ *) O_SUPPORT_ECDH="NO";;
+ esac
+
if [ "X$VERIFY" = "XYES" ];
then
M_SERVER_ARGS="$M_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
@@ -1160,7 +1175,7 @@
if [ $EXIT -eq 0 ]; then
RESULT=0
else
- # If the cipher isn't supported...
+ # If it is NULL cipher ...
if grep 'Cipher is (NONE)' $CLI_OUT >/dev/null; then
RESULT=1
else
@@ -1373,6 +1388,7 @@
if [ "X" != "X$M_CIPHERS" ]; then
start_server "OpenSSL"
for i in $M_CIPHERS; do
+ o_check_ciphersuite "$i"
run_client mbedTLS $i
done
stop_server
@@ -1381,6 +1397,7 @@
if [ "X" != "X$O_CIPHERS" ]; then
start_server "mbedTLS"
for i in $O_CIPHERS; do
+ o_check_ciphersuite "$i"
run_client OpenSSL $i
done
stop_server