Fix renegotiation test to work around openssl 1.0.1 bug

There's a bug in openssl 1.0.1 where TLS1.1 and TLS1.2 can't
renegotiate with themselves.  When testing renegotiation with OpenSSL
>=1.0.1 and <1.0.1d, disable those protocols.

1 files changed, 23 insertions, 4 deletions

diff --git a/test/regress_ssl.c b/test/regress_ssl.c
index 580c2919..1be32036 100644
--- a/test/regress_ssl.c
+++ b/test/regress_ssl.c
@@ -129,6 +129,7 @@ end:
 	return NULL;
 }
 
+static int disable_tls_11_and_12 = 0;
 static SSL_CTX *the_ssl_ctx = NULL;
 
 static SSL_CTX *
@@ -136,7 +137,18 @@ get_ssl_ctx(void)
 {
 	if (the_ssl_ctx)
 		return the_ssl_ctx;
-	return (the_ssl_ctx = SSL_CTX_new(SSLv23_method()));
+	the_ssl_ctx = SSL_CTX_new(SSLv23_method());
+	if (!the_ssl_ctx)
+		return NULL;
+	if (disable_tls_11_and_12) {
+#ifdef SSL_OP_NO_TLSv1_2
+		SSL_CTX_set_options(the_ssl_ctx, SSL_OP_NO_TLSv1_2);
+#endif
+#ifdef SSL_OP_NO_TLSv1_1
+		SSL_CTX_set_options(the_ssl_ctx, SSL_OP_NO_TLSv1_1);
+#endif
+	}
+	return the_ssl_ctx;
 }
 
 static void
@@ -280,6 +292,16 @@ regress_bufferevent_openssl(void *arg)
 
 	init_ssl();
 
+	if (strstr((char*)data->setup_data, "renegotiate")) {
+		if (SSLeay() >= 0x10001000 &&
+		    SSLeay() <  0x1000104f) {
+			/* 1.0.1 up to 1.0.1c has a bug where TLS1.1 and 1.2
+			 * can't renegotiate with themselves. Disable. */
+			disable_tls_11_and_12 = 1;
+		}
+		renegotiate_at = 600;
+	}
+
 	ssl1 = SSL_new(get_ssl_ctx());
 	ssl2 = SSL_new(get_ssl_ctx());
 
@@ -289,9 +311,6 @@ regress_bufferevent_openssl(void *arg)
 	if (! start_open)
 		flags |= BEV_OPT_CLOSE_ON_FREE;
 
-	if (strstr((char*)data->setup_data, "renegotiate"))
-		renegotiate_at = 600;
-
 	if (!filter) {
 		tt_assert(strstr((char*)data->setup_data, "socketpair"));
 		fd_pair = data->pair;