Fix clienthellotest with TLSv1.3

If TLSv1.3 is enabled and combined with other options that extend the size of the ClientHello, then the clienthello test can sometimes fail because the ClientHello has grown too large. Part of the purpose of the test is to check that the padding extension works properly. This requires the ClientHello size to be kept within certain bounds. By restricting the number of ciphersuites sent we can reduce the size of the ClientHello. Reviewed-by: N Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5266)

Fix clienthellotest with TLSv1.3
If TLSv1.3 is enabled and combined with other options that extend the size of the ClientHello, then the clienthello test can sometimes fail because the ClientHello has grown too large. Part of the purpose of the test is to check that the padding extension works properly. This requires the ClientHello size to be kept within certain bounds. By restricting the number of ciphersuites sent we can reduce the size of the ClientHello. Reviewed-by: N Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5266)
0f41dc0e · Matt Caswell · f518cef4 · 0f41dc0e
隐藏空白更改
内联并排

Showing with 9 addition and 0 deletion

test/clienthellotest.c test/clienthellotest.c +9 -0

未找到文件。
--- a/test/clienthellotest.c
+++ b/test/clienthellotest.c
@@ -87,6 +87,15 @@ static int test_client_hello(int currtest)
        break;

    case TEST_ADD_PADDING_AND_PSK:
+        /*
+         * In this case we're doing TLSv1.3 and we're sending a PSK so the
+         * ClientHello is already going to be quite long. To avoid getting one
+         * that is too long for this test we use a restricted ciphersuite list
+         */
+        if (!TEST_true(SSL_CTX_set_cipher_list(ctx,
+                                               "TLS13-AES-128-GCM-SHA256")))
+            goto end;
+         /* Fall through */
    case TEST_ADD_PADDING:
    case TEST_PADDING_NOT_NEEDED:
        SSL_CTX_set_options(ctx, SSL_OP_TLSEXT_PADDING);