[tor-bugs] #20460 [Core Tor/Tor]: tortls test failures with recent LibreSSL (OpenBSD -current)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Nov 5 08:00:48 UTC 2016
#20460: tortls test failures with recent LibreSSL (OpenBSD -current)
------------------------------+----------------------------------------
Reporter: rubiate | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.3.0.x-final
Component: Core Tor/Tor | Version: Tor: 0.3.0.0-alpha-dev
Severity: Normal | Resolution:
Keywords: libressl openbsd | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
------------------------------+----------------------------------------
Comment (by rubiate):
Replying to [comment:3 nickm]:
> I think the right fix is to have the tests say "ECDHE" instead; they
were probably supposed to in the first place.
Sure, that makes them pass. I wasn't sure what the ->id refers to or if
they need to be changed, guess not?
{{{
diff --git a/src/test/test_tortls.c b/src/test/test_tortls.c
index 44961c8..e2fee81 100644
--- a/src/test/test_tortls.c
+++ b/src/test/test_tortls.c
@@ -834,9 +834,9 @@ test_tortls_classify_client_ciphers(void *ignored)
sk_SSL_CIPHER_zero(ciphers);
- one = get_cipher_by_name("ECDH-RSA-AES256-GCM-SHA384");
+ one = get_cipher_by_name("ECDHE-RSA-AES256-GCM-SHA384");
one->id = 0x00ff;
- two = get_cipher_by_name("ECDH-RSA-AES128-GCM-SHA256");
+ two = get_cipher_by_name("ECDHE-RSA-AES128-GCM-SHA256");
two->id = 0x0000;
sk_SSL_CIPHER_push(ciphers, one);
tls->client_cipher_list_type = 0;
@@ -906,7 +906,7 @@ test_tortls_client_is_using_v2_ciphers(void *ignored)
tt_int_op(ret, OP_EQ, 0);
ciphers = sk_SSL_CIPHER_new_null();
- SSL_CIPHER *one = get_cipher_by_name("ECDH-RSA-AES256-GCM-SHA384");
+ SSL_CIPHER *one = get_cipher_by_name("ECDHE-RSA-AES256-GCM-SHA384");
one->id = 0x00ff;
sk_SSL_CIPHER_push(ciphers, one);
sess->ciphers = ciphers;
@@ -1551,7 +1551,7 @@ test_tortls_session_secret_cb(void *ignored)
tor_tls_session_secret_cb(tls->ssl, NULL, NULL, NULL, NULL, NULL);
tt_assert(!tls->ssl->tls_session_secret_cb);
- one = get_cipher_by_name("ECDH-RSA-AES256-GCM-SHA384");
+ one = get_cipher_by_name("ECDHE-RSA-AES256-GCM-SHA384");
one->id = 0x00ff;
ciphers = sk_SSL_CIPHER_new_null();
sk_SSL_CIPHER_push(ciphers, one);
}}}
Does this need a changes file? If so...
{{{
diff --git a/changes/20460 b/changes/20460
new file mode 100644
index 0000000..d51ec3a
--- /dev/null
+++ b/changes/20460
@@ -0,0 +1,4 @@
+ o Minor bugfixes (testing)
+ - Use ECDHE ciphers instead of ECDH in tortls tests. LibreSSL has
+ removed the ECDH ciphers which caused the tests to fail on
+ platforms which use it. Closes ticket 20460.
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20460#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list