From 9e43e9fa3a43f81fd376eb8b88a06cd9f14792be Mon Sep 17 00:00:00 2001 From: Timur Pocheptsov Date: Mon, 21 Aug 2023 15:20:36 +0200 Subject: [PATCH] tst_QSslSocket: skip tests requiring TLS v 1.0 downgrade MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If OpenSSL version is 3.1.1 or above - this version moved the protocol under security level 0, but the default one is 1. Fixes: QTBUG-116166 Change-Id: Iaabb2cf33e2a9f280d6167233ee16080dee808b0 Reviewed-by: MÃ¥rten Nordheim (cherry picked from commit 6d6d22b65d9a0cc8664cc9e051e66a80db132b6e) Reviewed-by: Qt Cherry-pick Bot --- .../network/ssl/qsslsocket/tst_qsslsocket.cpp | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp index 00cf01b2033..b95466fac1f 100644 --- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp +++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp @@ -293,6 +293,7 @@ private: QSslSocket *socket; QList storedExpectedSslErrors; bool isTestingOpenSsl = false; + bool isSecurityLevel0Required = false; bool opensslResolved = false; bool isTestingSecureTransport = false; bool isTestingSchannel = false; @@ -412,6 +413,9 @@ void tst_QSslSocket::initTestCase() flukeCertificateError = QSslError::SelfSignedCertificate; #if QT_CONFIG(openssl) opensslResolved = qt_auto_test_resolve_OpenSSL_symbols(); + // This is where OpenSSL moved several protocols under + // non-default (0) security level (the default is 1). + isSecurityLevel0Required = OPENSSL_VERSION_NUMBER >= 0x30100010; #else opensslResolved = false; // Not 'unused variable' anymore. #endif @@ -810,6 +814,10 @@ void tst_QSslSocket::simpleConnect() if (!QSslSocket::supportsSsl()) return; + // Starting from OpenSSL v 3.1.1 deprecated protocol versions (we want to use when connecting) are not available by default. + if (isSecurityLevel0Required) + QSKIP("Testing with OpenSSL backend, but security level 0 is required for TLS v1.1 or earlier"); + QFETCH_GLOBAL(bool, setProxy); if (setProxy) return; @@ -871,6 +879,10 @@ void tst_QSslSocket::simpleConnectWithIgnore() if (!QSslSocket::supportsSsl()) return; + // Starting from OpenSSL v 3.1.1 deprecated protocol versions (we want to use when connecting) are not available by default. + if (isSecurityLevel0Required) + QSKIP("Testing with OpenSSL backend, but security level 0 is required for TLS v1.1 or earlier"); + QFETCH_GLOBAL(bool, setProxy); if (setProxy) return; @@ -915,6 +927,10 @@ void tst_QSslSocket::simpleConnectWithIgnore() void tst_QSslSocket::sslErrors_data() { + // Starting from OpenSSL v 3.1.1 deprecated protocol versions (we want to use in 'sslErrors' test) are not available by default. + if (isSecurityLevel0Required) + QSKIP("Testing with OpenSSL backend, but security level 0 is required for TLS v1.1 or earlier"); + QTest::addColumn("host"); QTest::addColumn("port"); @@ -1967,6 +1983,10 @@ void tst_QSslSocket::waitForConnectedEncryptedReadyRead() if (!QSslSocket::supportsSsl()) return; + // Starting from OpenSSL v 3.1.1 deprecated protocol versions (we want to use here) are not available by default. + if (isSecurityLevel0Required) + QSKIP("Testing with OpenSSL backend, but security level 0 is required for TLS v1.1 or earlier"); + QSslSocketPtr socket = newSocket(); this->socket = socket.data(); @@ -3113,6 +3133,10 @@ void tst_QSslSocket::encryptWithoutConnecting() void tst_QSslSocket::resume_data() { + // Starting from OpenSSL v 3.1.1 deprecated protocol versions (we want to use in 'resume' test) are not available by default. + if (isSecurityLevel0Required) + QSKIP("Testing with OpenSSL backend, but security level 0 is required for TLS v1.1 or earlier"); + QTest::addColumn("ignoreErrorsAfterPause"); QTest::addColumn >("errorsToIgnore"); QTest::addColumn("expectSuccess");