From c332d19048735e32e2754685fa3c8654ca068b78 Mon Sep 17 00:00:00 2001

From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>

Date: Tue, 21 Aug 2018 12:32:39 +0200

Subject: [PATCH] Exclude TLSv1.3 from t/session_ticket.t

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

The test fails with OpenSSL 1.1.1 because SSL_get1_session() is not

reliable with TLSv1.3. A proper resumption support would need

migration to SSL_CTX_sess_set_new_cb() API.

This patch also performs full SSL_shutdown in the test becasue

SSL_get1_session() manual documents that a connection must be properly

SSL_shutdowned, otherwise the session will be removed from the

(internal) session cache.

Signed-off-by: Petr Písař <ppisar@redhat.com>

---

 t/session_ticket.t | 9 +++++++--

 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/t/session_ticket.t b/t/session_ticket.t

index bff6a86..69cbc96 100644

--- a/t/session_ticket.t

+++ b/t/session_ticket.t

@@ -69,7 +69,7 @@ my $client = sub {

     diag("connect to $i: ".

 	($cl ? "success reuse=$reuse" : "error: $!,$SSL_ERROR"));

     is($reuse,$expect_reuse,$desc);

-    close($cl);

+    $cl->close('SSL_fast_shutdown' => 0);

 };

@@ -123,6 +123,11 @@ sub _server {

 	    SSL_verify_mode => SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,

 	    SSL_ticket_keycb => $get_ticket_key,

 	    SSL_session_id_context => 'foobar',

+	    SSL_version => 'SSLv23:!TLSv1_3', # TLSv1.3 sends session tickes after

+		# a handshake, this SSL_get1_session() is not reliable anymore.

+		# Exclude TLSv1.3 from tests. Proper TLSv1.3 session resumption

+		# will need SSL_CTX_sess_set_new_cb().

+		# <https://www.openssl.org/blog/blog/2017/05/04/tlsv1.3/>

 	) or die "failed to create SSL context: $SSL_ERROR";

     }

@@ -158,7 +163,7 @@ sub _server {

 		print "rotate secrets\n";

 		push @secrets, shift(@secrets);

 	    }

-	    close($cl);

+	    $cl->close('SSL_fast_shutdown' => 0);

 	    alarm(0);

 	    last;

 	}

-- 

2.14.4