compat.sh: Fix check for OpenSSL support

If OpenSSL does not support a mode (tls12 or dtls12 or tls13) just skip the tests involving OpenSSL. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-10-18 20:11:20 +00:00 · 2022-03-23 14:14:19 +01:00 · 2022-03-23 14:14:19 +01:00 · c2e2876e0e
parent 01e3c37f7b
commit c2e2876e0e
1 changed files with 9 additions and 9 deletions
--- a/tests/compat.sh
+++ b/tests/compat.sh
@ -227,15 +227,6 @@ filter_ciphersuites()
        G_CIPHERS=$( filter "$G_CIPHERS" )
    fi

-    # OpenSSL <1.0.2 doesn't support DTLS 1.2. Check what OpenSSL
-    # supports from the s_server help. (The s_client help isn't
-    # accurate as of 1.0.2g: it supports DTLS 1.2 but doesn't list it.
-    # But the s_server help seems to be accurate.)
-    if ! $OPENSSL_CMD s_server -help 2>&1 | grep -q "^ *-$O_MODE "; then
-        M_CIPHERS=""
-        O_CIPHERS=""
-    fi
-
    # For GnuTLS client -> mbed TLS server,
    # we need to force IPv4 by connecting to 127.0.0.1 but then auth fails
    if [ "X$VERIFY" = "XYES" ] && is_dtls "$MODE"; then
@ -1332,6 +1323,15 @@ for VERIFY in $VERIFIES; do
                        continue;
                    fi

+                    # OpenSSL <1.0.2 doesn't support DTLS 1.2. Check if OpenSSL
+                    # supports $O_MODE from the s_server help. (The s_client
+                    # help isn't accurate as of 1.0.2g: it supports DTLS 1.2
+                    # but doesn't list it. But the s_server help seems to be
+                    # accurate.)
+                    if ! $OPENSSL_CMD s_server -help 2>&1 | grep -q "^ *-$O_MODE "; then
+                        continue;
+                    fi
+
                    reset_ciphersuites
                    add_common_ciphersuites
                    add_openssl_ciphersuites