commit 8d64fe1c5631da29affc2ceac55fb2a164e2a957
author Gilles Peskine <Gilles.Peskine@arm.com> Wed Sep 04 23:33:36 2024 +0200
committer Gilles Peskine <Gilles.Peskine@arm.com> Wed Sep 25 17:52:48 2024 +0200
tree 0d3e5e822190df18721ae49b233213af45f5f226
parent 33aa202339681b8dddbbb1502ee565e84e2efdee

Compatibiliy with older OpenSSL and GnuTLS

GnuTLS 3.4.x doesn't allow repeated `-p PORT` arguments.

OpenSSL 1.0.2 has different logs. For TLS 1.2 test cases, use a line that
is present in logs from OpenSSL 1.0.2g, 3.3.0 and presumably all versions
in between.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

tests/opt-testcases/sample.sh

diff --git a/tests/opt-testcases/sample.sh b/tests/opt-testcases/sample.sh
index 7a73cd6..c85cd5b 100644
--- a/tests/opt-testcases/sample.sh
+++ b/tests/opt-testcases/sample.sh
@@ -11,7 +11,7 @@
             "$O_SRV -tls1_2" \
             "$PROGRAMS_DIR/ssl_client1" \
             0 \
-            -c "New, TLSv1.2, Cipher is" \
+            -c "Protocol.*TLSv1.2" \
             -S "ERROR" \
             -C "error"
 
@@ -56,7 +56,6 @@
             "$PROGRAMS_DIR/dtls_client" \
             0 \
             -s "Echo this" \
-            -s "DONE" \
             -c "Echo this" \
             -c "[1-9][0-9]* bytes written" \
             -c "[1-9][0-9]* bytes read" \
@@ -84,7 +83,7 @@
             "$O_CLI -tls1_2" \
             0 \
             -s "Successful connection using: TLS-" \
-            -c "New, TLSv1.2, Cipher is" \
+            -c "Protocol.*TLSv1.2" \
             -S "error" \
             -C "ERROR"
 
@@ -130,7 +129,7 @@
             "$O_CLI -tls1_2" \
             0 \
             -s "Successful connection using: TLS-" \
-            -c "New, TLSv1.2, Cipher is" \
+            -c "Protocol.*TLSv1.2" \
             -S "error" \
             -C "ERROR"
 
@@ -176,7 +175,7 @@
             "$O_CLI -tls1_2" \
             0 \
             -s "Successful connection using: TLS-" \
-            -c "New, TLSv1.2, Cipher is" \
+            -c "Protocol.*TLSv1.2" \
             -S "error" \
             -C "ERROR"
 
@@ -223,7 +222,7 @@
             0 \
             -s "[1-9][0-9]* bytes read" \
             -s "[1-9][0-9]* bytes written" \
-            -c "New, TLSv1.2, Cipher is" \
+            -c "Protocol.*TLSv1.2" \
             -S "error" \
             -C "ERROR"
 

tests/ssl-opt.sh

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index b32c63c..84d61fe 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1447,7 +1447,11 @@
     # GnuTLS, override its port specification.
     if [ "$THIS_SRV_PORT" != "$SRV_PORT" ]; then
         case "$SRV_CMD" in
-            "$G_SRV"*|"$G_NEXT_SRV"*) SRV_CMD="$SRV_CMD -p $THIS_SRV_PORT";;
+            "$G_SRV"*|"$G_NEXT_SRV"*)
+                SRV_CMD=$(
+                    printf %s "$SRV_CMD " |
+                    sed -e "s/ -p $SRV_PORT / -p $THIS_SRV_PORT /"
+                );;
             "$O_SRV"*|"$O_NEXT_SRV"*) SRV_CMD="$SRV_CMD -accept $THIS_SRV_PORT";;
         esac
     fi