diff options
| author | Jose <jose@zeroc.com> | 2019-01-15 12:00:51 +0100 |
|---|---|---|
| committer | Jose <jose@zeroc.com> | 2019-01-15 12:00:51 +0100 |
| commit | 8249fd248844bc45ff5088f12268b09bf4a8a851 (patch) | |
| tree | 6812f2d95e1773a91f61a80b75d282d0c23c213b /cpp/test/IceSSL/configuration | |
| parent | Revert "Enable tracing for allTests.py to investigate iOS failures" (diff) | |
| download | ice-8249fd248844bc45ff5088f12268b09bf4a8a851.tar.bz2 ice-8249fd248844bc45ff5088f12268b09bf4a8a851.tar.xz ice-8249fd248844bc45ff5088f12268b09bf4a8a851.zip | |
IceSSL TLSv1.3 preliminary support
Diffstat (limited to 'cpp/test/IceSSL/configuration')
| -rw-r--r-- | cpp/test/IceSSL/configuration/AllTests.cpp | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/cpp/test/IceSSL/configuration/AllTests.cpp b/cpp/test/IceSSL/configuration/AllTests.cpp index 349fa08425b..d0ee7e2c9de 100644 --- a/cpp/test/IceSSL/configuration/AllTests.cpp +++ b/cpp/test/IceSSL/configuration/AllTests.cpp @@ -2121,6 +2121,10 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) } // + // Skip the test if OpenSSL was build without SSL3 support + // +#if !defined(OPENSSL_NO_SSL3_METHOD) + // // This should fail because the client only accept SSLv3 and the server // use the default protocol set that disables SSLv3 // @@ -2157,6 +2161,7 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) fact->destroyServer(server); comm->destroy(); } +#endif // // SSLv3 is now disabled by default with some SSL implementations. @@ -2601,6 +2606,13 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) #ifndef ICE_OS_UWP cout << "testing ciphers... " << flush; { + + // + // With OpenSSL 1.1.1 the initialization will success because TLS 1.3 + // ciphersuites are still enabled. They are not affected by IceSSL.Ciphers + // properties + // +# if !(defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x1010100fL) InitializationData initData; initData.properties = createClientProps(defaultProps, p12, "c_rsa_ca1", "cacert1"); initData.properties->setProperty("IceSSL.Ciphers", "UNKNOWN"); @@ -2612,6 +2624,7 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) catch(const Ice::PluginInitializationException&) { } +# endif } # ifndef ICE_USE_SCHANNEL { @@ -2623,6 +2636,13 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) initData.properties = createClientProps(defaultProps, p12); # ifdef ICE_USE_OPENSSL initData.properties->setProperty("IceSSL.Ciphers", anonCiphers); +# if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x1010100fL + // + // With OpenSSL 1.1 disable tls1.3 so that client and server negotiate + // an anon cipher + // + initData.properties->setProperty("IceSSL.Protocols", "tls1_2,tls1_1"); +# endif # else initData.properties->setProperty("IceSSL.Ciphers", "(DH_anon*)"); # endif @@ -2929,6 +2949,13 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) // initData.properties = createClientProps(defaultProps, p12); initData.properties->setProperty("IceSSL.Ciphers", "ADH"); +#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x1010100fL + // + // With OpenSSL 1.1 disable tls1.3 so that client and server negotiate + // an anon cipher + // + initData.properties->setProperty("IceSSL.Protocols", "tls1_2,tls1_1"); +#endif comm = initialize(initData); fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); test(fact); |