compat.sh: Fix check for OpenSSL support

If OpenSSL does not support a mode (tls12 or
dtls12 or tls13) just skip the tests involving
OpenSSL.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2022-03-23 14:14:19 +01:00
parent 01e3c37f7b
commit c2e2876e0e

View file

@ -227,15 +227,6 @@ filter_ciphersuites()
G_CIPHERS=$( filter "$G_CIPHERS" )
fi
# OpenSSL <1.0.2 doesn't support DTLS 1.2. Check what OpenSSL
# supports from the s_server help. (The s_client help isn't
# accurate as of 1.0.2g: it supports DTLS 1.2 but doesn't list it.
# But the s_server help seems to be accurate.)
if ! $OPENSSL_CMD s_server -help 2>&1 | grep -q "^ *-$O_MODE "; then
M_CIPHERS=""
O_CIPHERS=""
fi
# For GnuTLS client -> mbed TLS server,
# we need to force IPv4 by connecting to 127.0.0.1 but then auth fails
if [ "X$VERIFY" = "XYES" ] && is_dtls "$MODE"; then
@ -1332,6 +1323,15 @@ for VERIFY in $VERIFIES; do
continue;
fi
# OpenSSL <1.0.2 doesn't support DTLS 1.2. Check if OpenSSL
# supports $O_MODE from the s_server help. (The s_client
# help isn't accurate as of 1.0.2g: it supports DTLS 1.2
# but doesn't list it. But the s_server help seems to be
# accurate.)
if ! $OPENSSL_CMD s_server -help 2>&1 | grep -q "^ *-$O_MODE "; then
continue;
fi
reset_ciphersuites
add_common_ciphersuites
add_openssl_ciphersuites