Attachment 737059 Details for Bug 1042674

[patch] change the security level to 0 when using openssl with anull ciphers in the testsuite

socat-openssl-1.1-tests.patch (text/plain), 3.05 KB, created by Vítězslav Čížek on 2017-08-17 13:27:38 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Vítězslav Čížek

Created: 2017-08-17 13:27:38 UTC

Size: 3.05 KB

patch

obsolete

>OpenSSL 1.1 introduces the concept of security levels, in attempt to prevent
>users from accidently setting insecure ciphers.
>aNULL ciphers are considered insecure and are only allowed in Security Level 0.
>The default Security Level is 1.
>Unfortunately a cipher string featuring @SECLEVEL=0 is not accepted in older
>OpenSSL versions, thus this patch should be applied to newer distributions only.
>
>Index: socat-1.7.3.2/test.sh
>===================================================================
>--- socat-1.7.3.2.orig/test.sh	2017-01-22 19:07:10.000000000 +0100
>+++ socat-1.7.3.2/test.sh	2017-08-17 12:36:50.809352091 +0200
>@@ -11227,8 +11227,8 @@ tf="$td/test$N.stdout"
> te="$td/test$N.stderr"
> tdiff="$td/test$N.diff"
> da="test$N $(date) $RANDOM"
>-CMD2="$TRACE $SOCAT $opts OPENSSL-LISTEN:$PORT,reuseaddr,$SOCAT_EGD,ciphers=aNULL,verify=0 pipe"
>-CMD="$TRACE $SOCAT $opts - openssl:$LOCALHOST:$PORT,ciphers=aNULL,verify=0,$SOCAT_EGD"
>+CMD2="$TRACE $SOCAT $opts OPENSSL-LISTEN:$PORT,reuseaddr,$SOCAT_EGD,ciphers=aNULL:@SECLEVEL=0,verify=0 pipe"
>+CMD="$TRACE $SOCAT $opts - openssl:$LOCALHOST:$PORT,ciphers=aNULL:@SECLEVEL=0,verify=0,$SOCAT_EGD"
> printf "test $F_n $TEST... " $N
> eval "$CMD2 2>\"${te}1\" &"
> pid=$!	# background process id
>@@ -11632,8 +11632,8 @@ tf1="$td/test$N.1.stdout"
> te1="$td/test$N.1.stderr"
> tdiff="$td/test$N.diff"
> da="test$N $(date) $RANDOM"
>-CMD0="$TRACE $SOCAT $opts OPENSSL-LISTEN:$PORT,reuseaddr,ciphers=aNULL,verify=0, PIPE"
>-CMD1="$TRACE $SOCAT $opts - OPENSSL-CONNECT:$LOCALHOST:$PORT,bind=$LOCALHOST,ciphers=aNULL,verify=0"
>+CMD0="$TRACE $SOCAT $opts OPENSSL-LISTEN:$PORT,reuseaddr,ciphers=aNULL:@SECLEVEL=0,verify=0, PIPE"
>+CMD1="$TRACE $SOCAT $opts - OPENSSL-CONNECT:$LOCALHOST:$PORT,bind=$LOCALHOST,ciphers=aNULL:@SECLEVEL=0,verify=0"
> printf "test $F_n $TEST... " $N
> $CMD0 >/dev/null 2>"$te0" &
> pid0=$!
>@@ -12191,8 +12191,8 @@ tf="$td/test$N.stdout"
> te="$td/test$N.stderr"
> tdiff="$td/test$N.diff"
> da="test$N $(date) $RANDOM"
>-CMD0="$SOCAT $opts OPENSSL-LISTEN:$PORT,reuseaddr,cipher=aNULL,verify=0 SYSTEM:cat"
>-CMD1="$SOCAT $opts - OPENSSL-CONNECT:$LOCALHOST:$PORT,cipher=aNULL,verify=0"
>+CMD0="$SOCAT $opts OPENSSL-LISTEN:$PORT,reuseaddr,cipher=aNULL:@SECLEVEL=0,verify=0 SYSTEM:cat"
>+CMD1="$SOCAT $opts - OPENSSL-CONNECT:$LOCALHOST:$PORT,cipher=aNULL:@SECLEVEL=0,verify=0"
> printf "test $F_n $TEST... " $N
> $CMD0 >/dev/null 2>"${te}0" &
> pid0=$!
>@@ -12302,8 +12302,8 @@ tf="$td/test$N.stdout"
> te="$td/test$N.stderr"
> tdiff="$td/test$N.diff"
> da="test$N $(date) $RANDOM"
>-CMD0="$SOCAT $opts OPENSSL-LISTEN:$PORT,reuseaddr,method=$method,cipher=aNULL,verify=0 PIPE"
>-CMD1="$SOCAT $opts - OPENSSL-CONNECT:$LOCALHOST:$PORT,method=$method,cipher=aNULL,verify=0"
>+CMD0="$SOCAT $opts OPENSSL-LISTEN:$PORT,reuseaddr,method=$method,cipher=aNULL:@SECLEVEL=0,verify=0 PIPE"
>+CMD1="$SOCAT $opts - OPENSSL-CONNECT:$LOCALHOST:$PORT,method=$method,cipher=aNULL:@SECLEVEL=0,verify=0"
> printf "test $F_n $TEST... " $N
> if [ "$method" = DTLS1 -a "$(echo -e "$OPENSSL_VERSION\n1.0.2" |sort -V |tail -n 1)" = "$OPENSSL_VERSION_GOOD" ]; then
>     $PRINTF "${YELLOW}might hang, skipping${NORMAL}\n"

Actions: View | Diff

Attachments on bug 1042674: 737059