The tests suite available in test/external/ssl-options was originally
written for security fixes made in the v0.10 branch. In this branch, the
client's default ciphers list is compatible with SSLv2.
After merging this change from v0.10 to v0.12, this tests suite was
broken because commits 5d2aef17ee and
f4c8020d10 make SSL/TLS clients use a
default ciphers list that is not compatible with the SSLv2 protocol.
This change fixes two issues:
1) The cipher list that was setup for a given test was not passed
properly to the client.
2) When either or both of clients/servers were using SSLv2, tests were
expected to succeed when at least the server end was using SSLv2
compatible ciphers. Now, tests are expected to succeed only if
SSLv2 compatible ciphers are used on both ends.
Fixes#9020
Add a test that goes through the whole matrix of:
- command line options (--enable-ssl*)
- secureOptions
- secureProtocols
and makes sure that compatible test setups actually work as expected.
The test works by spawning two processes for each test case: one client
and one server. The test passes if a SSL/TLS connection from the client
to the server is successful and the test case was supposed to pass, or
if the connection couldn't be established and the test case was supposed
to fail.
The test is currently located in the directory 'test/external' because
it has external dependencies.
Julien Gilli