From c2e2876e0e5f50d4851d818ca866829af2822ac2 Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Wed, 23 Mar 2022 14:14:19 +0100
Subject: [PATCH] compat.sh: Fix check for OpenSSL support

If OpenSSL does not support a mode (tls12 or
dtls12 or tls13) just skip the tests involving
OpenSSL.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 tests/compat.sh | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/tests/compat.sh b/tests/compat.sh
index 775d9231f..42b9cdb9f 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -227,15 +227,6 @@ filter_ciphersuites()
         G_CIPHERS=$( filter "$G_CIPHERS" )
     fi
 
-    # OpenSSL <1.0.2 doesn't support DTLS 1.2. Check what OpenSSL
-    # supports from the s_server help. (The s_client help isn't
-    # accurate as of 1.0.2g: it supports DTLS 1.2 but doesn't list it.
-    # But the s_server help seems to be accurate.)
-    if ! $OPENSSL_CMD s_server -help 2>&1 | grep -q "^ *-$O_MODE "; then
-        M_CIPHERS=""
-        O_CIPHERS=""
-    fi
-
     # For GnuTLS client -> mbed TLS server,
     # we need to force IPv4 by connecting to 127.0.0.1 but then auth fails
     if [ "X$VERIFY" = "XYES" ] && is_dtls "$MODE"; then
@@ -1332,6 +1323,15 @@ for VERIFY in $VERIFIES; do
                         continue;
                     fi
 
+                    # OpenSSL <1.0.2 doesn't support DTLS 1.2. Check if OpenSSL
+                    # supports $O_MODE from the s_server help. (The s_client
+                    # help isn't accurate as of 1.0.2g: it supports DTLS 1.2
+                    # but doesn't list it. But the s_server help seems to be
+                    # accurate.)
+                    if ! $OPENSSL_CMD s_server -help 2>&1 | grep -q "^ *-$O_MODE "; then
+                        continue;
+                    fi
+
                     reset_ciphersuites
                     add_common_ciphersuites
                     add_openssl_ciphersuites