diff options
author | Todd Short <tshort@akamai.com> | 2015-12-21 15:19:29 -0500 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2017-11-30 07:13:08 +1000 |
commit | e1c7871de80029b81824df4d59edc6de5293835f (patch) | |
tree | 8b5e34751cbc70493dbbb36cddaf7f85cd943ccd /test/ssl_test_ctx.c | |
parent | 92b1b9a8871530f26ef7df972111297ffa721be2 (diff) | |
download | openssl-e1c7871de80029b81824df4d59edc6de5293835f.tar.gz |
Use ChaCha only if prioritized by clnt
IFF the client has ChaCha first, and server cipher priority is used,
and the new SSL_OP_PRIORITIZE_CHACHA_FOR_MOBILE option is used,
then reprioritize ChaCha above everything else. This way, A matching
ChaCha cipher will be selected if there is a match. If no ChaCha ciphers
match, then the other ciphers are used.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4436)
Diffstat (limited to 'test/ssl_test_ctx.c')
-rw-r--r-- | test/ssl_test_ctx.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/test/ssl_test_ctx.c b/test/ssl_test_ctx.c index 62417ac2c1..71445c5e24 100644 --- a/test/ssl_test_ctx.c +++ b/test/ssl_test_ctx.c @@ -615,6 +615,10 @@ __owur static int parse_expected_client_ca_names(SSL_TEST_CTX *test_ctx, return parse_expected_ca_names(&test_ctx->expected_client_ca_names, value); } +/* ExpectedCipher */ + +IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_cipher) + /* Known test options and their corresponding parse methods. */ /* Top-level options. */ @@ -650,6 +654,7 @@ static const ssl_test_ctx_option ssl_test_ctx_options[] = { { "ExpectedClientSignType", &parse_expected_client_sign_type }, { "ExpectedClientCANames", &parse_expected_client_ca_names }, { "UseSCTP", &parse_test_use_sctp }, + { "ExpectedCipher", &parse_test_expected_cipher }, }; /* Nested client options. */ @@ -728,6 +733,7 @@ void SSL_TEST_CTX_free(SSL_TEST_CTX *ctx) OPENSSL_free(ctx->expected_alpn_protocol); sk_X509_NAME_pop_free(ctx->expected_server_ca_names, X509_NAME_free); sk_X509_NAME_pop_free(ctx->expected_client_ca_names, X509_NAME_free); + OPENSSL_free(ctx->expected_cipher); OPENSSL_free(ctx); } |