56 lines
2.0 KiB
Diff
56 lines
2.0 KiB
Diff
From dc340428ac10233432dc6048c972197163eb13e7 Mon Sep 17 00:00:00 2001
|
|
From: "Daniel P. Berrange" <berrange@redhat.com>
|
|
Date: Tue, 24 Jul 2018 17:17:43 +0100
|
|
Subject: [PATCH 4/4] tests: fix TLS handshake failure with TLS 1.3
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
RH-Author: Daniel P. Berrange <berrange@redhat.com>
|
|
Message-id: <20180724171743.10146-2-berrange@redhat.com>
|
|
Patchwork-id: 81490
|
|
O-Subject: [qemu-kvm RHEL8/virt212 PATCH 1/1] tests: fix TLS handshake failure with TLS 1.3
|
|
Bugzilla: 1602403
|
|
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
|
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
|
RH-Acked-by: Danilo de Paula <ddepaula@redhat.com>
|
|
|
|
When gnutls negotiates TLS 1.3 instead of 1.2, the order of messages
|
|
sent by the handshake changes. This exposed a logic bug in the test
|
|
suite which caused us to wait for the server to see handshake
|
|
completion, but not wait for the client to see completion. The result
|
|
was the client didn't receive the certificate for verification and the
|
|
test failed.
|
|
|
|
This is exposed in Fedora 29 rawhide which has just enabled TLS 1.3 in
|
|
its GNUTLS builds.
|
|
|
|
Reviewed-by: Eric Blake <eblake@redhat.com>
|
|
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
|
(cherry picked from commit db0a8c70f25fe497c4b786d8edac063daa744c0d)
|
|
|
|
Conflicts:
|
|
tests/test-crypto-tlssession.c - no PSK tests in 2.12
|
|
|
|
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
|
---
|
|
tests/test-crypto-tlssession.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/tests/test-crypto-tlssession.c b/tests/test-crypto-tlssession.c
|
|
index 82f21c2..4416a85 100644
|
|
--- a/tests/test-crypto-tlssession.c
|
|
+++ b/tests/test-crypto-tlssession.c
|
|
@@ -227,7 +227,7 @@ static void test_crypto_tls_session(const void *opaque)
|
|
clientShake = true;
|
|
}
|
|
}
|
|
- } while (!clientShake && !serverShake);
|
|
+ } while (!clientShake || !serverShake);
|
|
|
|
|
|
/* Finally make sure the server validation does what
|
|
--
|
|
1.8.3.1
|
|
|