From dc340428ac10233432dc6048c972197163eb13e7 Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" Date: Tue, 24 Jul 2018 17:17:43 +0100 Subject: [PATCH 4/4] tests: fix TLS handshake failure with TLS 1.3 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RH-Author: Daniel P. Berrange Message-id: <20180724171743.10146-2-berrange@redhat.com> Patchwork-id: 81490 O-Subject: [qemu-kvm RHEL8/virt212 PATCH 1/1] tests: fix TLS handshake failure with TLS 1.3 Bugzilla: 1602403 RH-Acked-by: Dr. David Alan Gilbert RH-Acked-by: Laszlo Ersek RH-Acked-by: Danilo de Paula When gnutls negotiates TLS 1.3 instead of 1.2, the order of messages sent by the handshake changes. This exposed a logic bug in the test suite which caused us to wait for the server to see handshake completion, but not wait for the client to see completion. The result was the client didn't receive the certificate for verification and the test failed. This is exposed in Fedora 29 rawhide which has just enabled TLS 1.3 in its GNUTLS builds. Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrangé (cherry picked from commit db0a8c70f25fe497c4b786d8edac063daa744c0d) Conflicts: tests/test-crypto-tlssession.c - no PSK tests in 2.12 Signed-off-by: Danilo C. L. de Paula --- tests/test-crypto-tlssession.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test-crypto-tlssession.c b/tests/test-crypto-tlssession.c index 82f21c2..4416a85 100644 --- a/tests/test-crypto-tlssession.c +++ b/tests/test-crypto-tlssession.c @@ -227,7 +227,7 @@ static void test_crypto_tls_session(const void *opaque) clientShake = true; } } - } while (!clientShake && !serverShake); + } while (!clientShake || !serverShake); /* Finally make sure the server validation does what -- 1.8.3.1