openssl-1_1/openssl-1_1-use-seclevel2-in-tests.patch

Index: openssl-1.1.1d/test/ssl_test.c
===================================================================
--- openssl-1.1.1d.orig/test/ssl_test.c
+++ openssl-1.1.1d/test/ssl_test.c
@@ -435,6 +440,7 @@ static int test_handshake(int idx)
 #endif
     if (test_ctx->method == SSL_TEST_METHOD_TLS) {
         server_ctx = SSL_CTX_new(TLS_server_method());
+        SSL_CTX_set_security_level(server_ctx, 1);
         if (!TEST_true(SSL_CTX_set_max_proto_version(server_ctx,
                                                      TLS_MAX_VERSION)))
             goto err;
@@ -443,21 +449,25 @@ static int test_handshake(int idx)
             SSL_TEST_SERVERNAME_CB_NONE) {
             if (!TEST_ptr(server2_ctx = SSL_CTX_new(TLS_server_method())))
                 goto err;
+            SSL_CTX_set_security_level(server2_ctx, 1);
             if (!TEST_true(SSL_CTX_set_max_proto_version(server2_ctx,
                                                          TLS_MAX_VERSION)))
                 goto err;
         }
         client_ctx = SSL_CTX_new(TLS_client_method());
+        SSL_CTX_set_security_level(client_ctx, 1);
         if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx,
                                                      TLS_MAX_VERSION)))
             goto err;
 
         if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {
             resume_server_ctx = SSL_CTX_new(TLS_server_method());
+            SSL_CTX_set_security_level(resume_server_ctx, 1);
             if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx,
                                                      TLS_MAX_VERSION)))
                 goto err;
             resume_client_ctx = SSL_CTX_new(TLS_client_method());
+            SSL_CTX_set_security_level(resume_client_ctx, 1);
             if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx,
                                                          TLS_MAX_VERSION)))
                 goto err;
Accepting request 865443 from home:pmonrealgonzalez:branches:security:tls - Disable test_srp subsection from 90-test_sslapi.t test - Use SECLEVEL 2 in 80-test_ssl_new.t - Add patches: * openssl-1_1-use-seclevel2-in-tests.patch * openssl-1_1-disable-test_srp-sslapi.patch - Allow SHA1 in SECLEVEL 2 in non-FIPS mode - Add openssl-1_1-seclevel.patch OBS-URL: https://build.opensuse.org/request/show/865443 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=82 2021-01-21 15:53:39 +01:00			`Index: openssl-1.1.1d/test/ssl_test.c`
			`===================================================================`
			`--- openssl-1.1.1d.orig/test/ssl_test.c`
			`+++ openssl-1.1.1d/test/ssl_test.c`
			`@@ -435,6 +440,7 @@ static int test_handshake(int idx)`
			`#endif`
			`if (test_ctx->method == SSL_TEST_METHOD_TLS) {`
			`server_ctx = SSL_CTX_new(TLS_server_method());`
			`+ SSL_CTX_set_security_level(server_ctx, 1);`
			`if (!TEST_true(SSL_CTX_set_max_proto_version(server_ctx,`
			`TLS_MAX_VERSION)))`
			`goto err;`
			`@@ -443,21 +449,25 @@ static int test_handshake(int idx)`
			`SSL_TEST_SERVERNAME_CB_NONE) {`
			`if (!TEST_ptr(server2_ctx = SSL_CTX_new(TLS_server_method())))`
			`goto err;`
			`+ SSL_CTX_set_security_level(server2_ctx, 1);`
			`if (!TEST_true(SSL_CTX_set_max_proto_version(server2_ctx,`
			`TLS_MAX_VERSION)))`
			`goto err;`
			`}`
			`client_ctx = SSL_CTX_new(TLS_client_method());`
			`+ SSL_CTX_set_security_level(client_ctx, 1);`
			`if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx,`
			`TLS_MAX_VERSION)))`
			`goto err;`

			`if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {`
			`resume_server_ctx = SSL_CTX_new(TLS_server_method());`
			`+ SSL_CTX_set_security_level(resume_server_ctx, 1);`
			`if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx,`
			`TLS_MAX_VERSION)))`
			`goto err;`
			`resume_client_ctx = SSL_CTX_new(TLS_client_method());`
			`+ SSL_CTX_set_security_level(resume_client_ctx, 1);`
			`if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx,`
			`TLS_MAX_VERSION)))`
			`goto err;`