e2609f60d1
This is not a full support. It only makes the tests passing. Especially it does not document TLSv1.3 support and it does not support explicit session resumption in TLSv1.3. To pass the tests with openssl-1.1.1 it requires patched perl-Net-SSLeay >= 1.85-7.fc29. But it also works with older openssl regardless of perl-Net-SSLeay. Thus I did not add a dependency on an explicit perl-Net-SSLeay release.
48 lines
1.3 KiB
Diff
48 lines
1.3 KiB
Diff
From 84a3bc6c273977bcd4b709e0d9a3d9fcdd58e36d Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
|
|
Date: Fri, 17 Aug 2018 14:46:33 +0200
|
|
Subject: [PATCH] Do two-way shutdown in t/sni_verify.t
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
OpenSSL 1.1.1-pre7 sigipipes TLSv1.3 server if client does not
|
|
shutdown TLS properly.
|
|
<https://github.com/openssl/openssl/issues/6904>
|
|
|
|
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
|
---
|
|
t/sni_verify.t | 10 ++++++++++
|
|
1 file changed, 10 insertions(+)
|
|
|
|
diff --git a/t/sni_verify.t b/t/sni_verify.t
|
|
index b3b299b..b5ac4bd 100644
|
|
--- a/t/sni_verify.t
|
|
+++ b/t/sni_verify.t
|
|
@@ -71,6 +71,13 @@ if ( $pid == 0 ) {
|
|
|
|
$client->verify_hostname($host,'http') or print "not ";
|
|
print "ok # client verify hostname in cert $host\n";
|
|
+
|
|
+ if ($client) {
|
|
+ # Shutdown TLS properly. Otherwise TLSv1.3 server will receive SIGPIPE
|
|
+ # in SSL_accept() and dies.
|
|
+ # <https://github.com/openssl/openssl/issues/6904>.
|
|
+ $client->close('SSL_fast_shutdown' => 0);
|
|
+ }
|
|
}
|
|
exit;
|
|
}
|
|
@@ -81,5 +88,8 @@ for my $host (@tests) {
|
|
my $name = $csock->get_servername;
|
|
print "not " if ! $name or $name ne $host;
|
|
print "ok # server got SNI name $host\n";
|
|
+ if ($csock) {
|
|
+ $csock->close('SSL_fast_shutdown' => 0);
|
|
+ }
|
|
}
|
|
wait;
|
|
--
|
|
2.14.4
|
|
|