Fix "Renegotiation: openssl server, client-initiated" with OpenSSL 3 Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

commit: ed8cc46d4255c56cebca73b2256008279a21444d [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Fri Sep 06 13:52:14 2024 +0200
committer: Gilles Peskine <Gilles.Peskine@arm.com> Fri Sep 13 09:48:52 2024 +0200
tree: d1255d565389c8f9bdf739e2ed6607845e69814e
parent: 4012b5d4a32bee4d1467962916473c481aca6d8e [diff]
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index ab16fcd..095ab9d 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh

@@ -795,6 +795,14 @@
     fi
 }
 
+# OpenSSL 3 servers forbid client renegotiation by default.
+# Older versions always alow it.
+OPENSSL_S_SERVER_CLIENT_RENEGOTIATION=
+case $($OPENSSL s_server -help 2>&1) in
+    *-client_renegotiation*)
+        OPENSSL_S_SERVER_CLIENT_RENEGOTIATION=-client_renegotiation;;
+esac
+
 # skip next test if tls1_3 is not available
 requires_gnutls_tls1_3() {
     requires_gnutls_next
@@ -5550,7 +5558,7 @@
 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 run_test    "Renegotiation: openssl server, client-initiated" \
-            "$O_SRV -www -tls1_2" \
+            "$O_SRV -www $OPENSSL_S_SERVER_CLIENT_RENEGOTIATION -tls1_2" \
             "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \
             0 \
             -c "client hello, adding renegotiation extension" \
commit	ed8cc46d4255c56cebca73b2256008279a21444d	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Fri Sep 06 13:52:14 2024 +0200
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Fri Sep 13 09:48:52 2024 +0200
tree	d1255d565389c8f9bdf739e2ed6607845e69814e
parent	4012b5d4a32bee4d1467962916473c481aca6d8e [diff]