mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-24 12:25:40 +00:00
Exclude DTLS 1.2 only with older OpenSSL
compat.sh used to skip OpenSSL altogether for DTLS 1.2, because older versions of OpenSSL didn't support it. But these days it is supported. We don't want to use DTLS 1.2 with OpenSSL unconditionally, because we still use legacy versions of OpenSSL to test with legacy ciphers. So check whether the version we're using supports it.
This commit is contained in:
parent
97abe799eb
commit
6ad89c2a3a
|
@ -211,14 +211,13 @@ filter_ciphersuites()
|
||||||
G_CIPHERS=$( filter "$G_CIPHERS" )
|
G_CIPHERS=$( filter "$G_CIPHERS" )
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# OpenSSL 1.0.1h doesn't support DTLS 1.2
|
# OpenSSL <1.0.2 doesn't support DTLS 1.2. Check what OpenSSL
|
||||||
if [ `minor_ver "$MODE"` -ge 3 ] && is_dtls "$MODE"; then
|
# supports from the s_server help. (The s_client help isn't
|
||||||
|
# accurate as of 1.0.2g: it supports DTLS 1.2 but doesn't list it.
|
||||||
|
# But the s_server help seems to be accurate.)
|
||||||
|
if ! $OPENSSL_CMD s_server -help 2>&1 | grep -q "^ *-$MODE "; then
|
||||||
|
M_CIPHERS=""
|
||||||
O_CIPHERS=""
|
O_CIPHERS=""
|
||||||
case "$PEER" in
|
|
||||||
[Oo]pen*)
|
|
||||||
M_CIPHERS=""
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# For GnuTLS client -> mbed TLS server,
|
# For GnuTLS client -> mbed TLS server,
|
||||||
|
|
Loading…
Reference in a new issue