summaryrefslogtreecommitdiff
path: root/openssl-freefilesync/openssl-1.1.1-no-brainpool.patch
blob: 2ab6fc97ae6b241b0eebdb559e2da1dbb35879cc (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116

diff -up openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.in.no-brainpool openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.in
--- openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.in.no-brainpool	2019-02-26 15:15:30.000000000 +0100
+++ openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.in	2019-05-07 11:52:35.885597934 +0200
@@ -141,22 +141,23 @@ our @tests = (
     {
         name => "ECDSA with brainpool",
         server =>  {
-            "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
-            "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
-            "Groups" => "brainpoolP256r1",
+#            "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
+#            "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
+#            "Groups" => "brainpoolP256r1",
+            "CipherString" => "aNULL",
         },
         client => {
             #We don't restrict this to TLSv1.2, although use of brainpool
             #should force this anyway so that this should succeed
             "CipherString" => "aECDSA",
             "RequestCAFile" => test_pem("root-cert.pem"),
-            "Groups" => "brainpoolP256r1",
+#            "Groups" => "brainpoolP256r1",
         },
         test   => {
-            "ExpectedServerCertType" =>, "brainpoolP256r1",
-            "ExpectedServerSignType" =>, "EC",
+#            "ExpectedServerCertType" =>, "brainpoolP256r1",
+#            "ExpectedServerSignType" =>, "EC",
             # Note: certificate_authorities not sent for TLS < 1.3
-            "ExpectedServerCANames" =>, "empty",
+#            "ExpectedServerCANames" =>, "empty",
             "ExpectedResult" => "Success"
         },
     },
@@ -787,18 +788,19 @@ my @tests_tls_1_3 = (
     {
         name => "TLS 1.3 ECDSA with brainpool",
         server =>  {
-            "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
-            "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
-            "Groups" => "brainpoolP256r1",
+#            "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
+#            "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
+#            "Groups" => "brainpoolP256r1",
+             "CipherString" => "aNULL",
         },
         client => {
             "RequestCAFile" => test_pem("root-cert.pem"),
-            "Groups" => "brainpoolP256r1",
+#            "Groups" => "brainpoolP256r1",
             "MinProtocol" => "TLSv1.3",
             "MaxProtocol" => "TLSv1.3"
         },
         test   => {
-            "ExpectedResult" => "ServerFail"
+            "ExpectedResult" => "Success"
         },
     },
 );
diff -up openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.no-brainpool openssl-1.1.1b/test/ssl-tests/20-cert-select.conf
--- openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.no-brainpool	2019-02-26 15:15:30.000000000 +0100
+++ openssl-1.1.1b/test/ssl-tests/20-cert-select.conf	2019-05-07 12:15:12.762907496 +0200
@@ -233,23 +233,18 @@ server = 5-ECDSA with brainpool-server
 client = 5-ECDSA with brainpool-client
 
 [5-ECDSA with brainpool-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
-CipherString = DEFAULT
-Groups = brainpoolP256r1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = aNULL
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [5-ECDSA with brainpool-client]
 CipherString = aECDSA
-Groups = brainpoolP256r1
 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-5]
 ExpectedResult = Success
-ExpectedServerCANames = empty
-ExpectedServerCertType = brainpoolP256r1
-ExpectedServerSignType = EC
 
 
 # ===========================================================
@@ -1577,14 +1572,12 @@ server = 47-TLS 1.3 ECDSA with brainpool
 client = 47-TLS 1.3 ECDSA with brainpool-client
 
 [47-TLS 1.3 ECDSA with brainpool-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
-CipherString = DEFAULT
-Groups = brainpoolP256r1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = aNULL
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [47-TLS 1.3 ECDSA with brainpool-client]
 CipherString = DEFAULT
-Groups = brainpoolP256r1
 MaxProtocol = TLSv1.3
 MinProtocol = TLSv1.3
 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
@@ -1592,7 +1585,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/ro
 VerifyMode = Peer
 
 [test-47]
-ExpectedResult = ServerFail
+ExpectedResult = Success
 
 
 # ===========================================================
bgstack15