commit 837f821bc22eef6e9c7d223d4f6c69fac6cf9e88
author Simon Butcher <simon.butcher@arm.com> Mon Oct 22 14:22:56 2018 +0100
committer Simon Butcher <simon.butcher@arm.com> Mon Oct 22 14:22:56 2018 +0100
tree 647cf92c73ba4654288244a9ae3cd58995f06bb2
parent c028afba53cc67f4a4fa4989a3c4b28632e877df
parent 82986c10151db8da37b63165d62b9c55a15f9c6c

Merge remote-tracking branch 'public/pr/1990' into development

tests/ssl-opt.sh

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index ac3580a..a1f0e5b 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -6440,13 +6440,11 @@
             0 \
             -s "fragmenting handshake message"
 
-## Interop test with OpenSSL might triger a bug in recent versions (that
-## probably won't be fixed before 1.1.1X), so we use an old version that
-## doesn't have this bug, but unfortunately it doesn't have support for DTLS
-## 1.2 either, so the DTLS 1.2 tests are commented for now.
+## Interop test with OpenSSL might trigger a bug in recent versions (including
+## all versions installed on the CI machines), reported here:
 ## Bug report: https://github.com/openssl/openssl/issues/6902
-## They should be re-enabled (and the DTLS 1.0 switched back to a non-legacy
-## version of OpenSSL once a fixed version of OpenSSL is available)
+## They should be re-enabled once a fixed version of OpenSSL is available
+## (this should happen in some 1.1.1_ release according to the ticket).
 skip_next_test
 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
@@ -6464,7 +6462,7 @@
             -c "fragmenting handshake message" \
             -C "error"
 
-requires_openssl_legacy
+skip_next_test
 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
 requires_config_enabled MBEDTLS_ECDSA_C
@@ -6472,7 +6470,7 @@
 client_needs_more_time 4
 run_test    "DTLS fragmenting: 3d, openssl server, DTLS 1.0" \
             -p "$P_PXY drop=8 delay=8 duplicate=8" \
-            "$O_LEGACY_SRV -dtls1 -verify 10" \
+            "$O_SRV -dtls1 -verify 10" \
             "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
              crt_file=data_files/server8_int-ca2.crt \
              key_file=data_files/server8.key \
@@ -6481,25 +6479,25 @@
             -c "fragmenting handshake message" \
             -C "error"
 
-## see comment on the previous-previous test
-## requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-## requires_config_enabled MBEDTLS_RSA_C
-## requires_config_enabled MBEDTLS_ECDSA_C
-## requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-## client_needs_more_time 4
-## run_test    "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \
-##             -p "$P_PXY drop=8 delay=8 duplicate=8" \
-##             "$P_SRV dtls=1 debug_level=2 \
-##              crt_file=data_files/server7_int-ca.crt \
-##              key_file=data_files/server7.key \
-##              hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
-##             "$O_CLI -dtls1_2" \
-##             0 \
-##             -s "fragmenting handshake message"
+skip_next_test
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+client_needs_more_time 4
+run_test    "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \
+            -p "$P_PXY drop=8 delay=8 duplicate=8" \
+            "$P_SRV dtls=1 debug_level=2 \
+             crt_file=data_files/server7_int-ca.crt \
+             key_file=data_files/server7.key \
+             hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
+            "$O_CLI -dtls1_2" \
+            0 \
+            -s "fragmenting handshake message"
 
 # -nbio is added to prevent s_client from blocking in case of duplicated
 # messages at the end of the handshake
-requires_openssl_legacy
+skip_next_test
 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
 requires_config_enabled MBEDTLS_ECDSA_C
@@ -6511,7 +6509,7 @@
              crt_file=data_files/server7_int-ca.crt \
              key_file=data_files/server7.key \
              hs_timeout=250-60000 mtu=512 force_version=dtls1" \
-            "$O_LEGACY_CLI -nbio -dtls1" \
+            "$O_CLI -nbio -dtls1" \
             0 \
             -s "fragmenting handshake message"
 
@@ -6946,6 +6944,12 @@
             -s "Extra-header:" \
             -c "HTTP/1.0 200 OK"
 
+## Interop tests with OpenSSL might trigger a bug in recent versions (including
+## all versions installed on the CI machines), reported here:
+## Bug report: https://github.com/openssl/openssl/issues/6902
+## They should be re-enabled once a fixed version of OpenSSL is available
+## (this should happen in some 1.1.1_ release according to the ticket).
+skip_next_test
 client_needs_more_time 6
 not_with_valgrind # risk of non-mbedtls peer timing out
 run_test    "DTLS proxy: 3d, openssl server" \
@@ -6955,6 +6959,7 @@
             0 \
             -c "HTTP/1.0 200 OK"
 
+skip_next_test # see above
 client_needs_more_time 8
 not_with_valgrind # risk of non-mbedtls peer timing out
 run_test    "DTLS proxy: 3d, openssl server, fragmentation" \
@@ -6964,6 +6969,7 @@
             0 \
             -c "HTTP/1.0 200 OK"
 
+skip_next_test # see above
 client_needs_more_time 8
 not_with_valgrind # risk of non-mbedtls peer timing out
 run_test    "DTLS proxy: 3d, openssl server, fragmentation, nbio" \