diff options
author | Daiki Ueno <dueno@redhat.com> | 2019-05-20 10:43:46 +0200 |
---|---|---|
committer | Daiki Ueno <dueno@redhat.com> | 2019-05-20 10:43:46 +0200 |
commit | d6524a1b352f7f2b84e77026ca8a912c1e8458a4 (patch) | |
tree | faadf172eb0a6577d24187c6de88029536b1851d | |
parent | e06a2eb99954afb552d64abd35456ca13926efaa (diff) | |
download | nss-hg-d6524a1b352f7f2b84e77026ca8a912c1e8458a4.tar.gz |
Bug 1552767, tests: skip TLS 1.3 tests under FIPS mode, r=rrelyea
-rwxr-xr-x | tests/ssl/ssl.sh | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh index 3c3d4206b..36cd0b55f 100755 --- a/tests/ssl/ssl.sh +++ b/tests/ssl/ssl.sh @@ -393,6 +393,15 @@ ssl_auth() echo "${testname}" | grep "TLS 1.3" > /dev/null TLS13=$? + # Currently TLS 1.3 tests are known to fail under FIPS mode, + # because HKDF is implemented using the PKCS #11 functions + # prohibited under FIPS mode. + if [ "${TLS13}" -eq 0 ] && \ + [ "$SERVER_MODE" = "fips" -o "$CLIENT_MODE" = "fips" ] ; then + echo "$SCRIPTNAME: skipping $testname (non-FIPS only)" + continue + fi + if [ "${CLIENT_MODE}" = "fips" -a "${CAUTH}" -eq 0 ] ; then echo "$SCRIPTNAME: skipping $testname (non-FIPS only)" elif [ "$ectype" = "SNI" -a "$NORM_EXT" = "Extended Test" ] ; then |