Commit db0a8c70 authored Jul 18, 2018 by Daniel P. Berrangé

tests: fix TLS handshake failure with TLS 1.3



When gnutls negotiates TLS 1.3 instead of 1.2, the order of messages
sent by the handshake changes. This exposed a logic bug in the test
suite which caused us to wait for the server to see handshake
completion, but not wait for the client to see completion. The result
was the client didn't receive the certificate for verification and the
test failed.

This is exposed in Fedora 29 rawhide which has just enabled TLS 1.3 in
its GNUTLS builds.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

parent 68db1318

tests/test-crypto-tlssession.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -151,7 +151,7 @@ static void test_crypto_tls_session_psk(void)
		clientShake = true;
		}
		}
		} while (!clientShake && !serverShake);
		} while (!clientShake \|\| !serverShake);


		/* Finally make sure the server & client validation is successful. */
		@@ -341,7 +341,7 @@ static void test_crypto_tls_session_x509(const void *opaque)
		clientShake = true;
		}
		}
		} while (!clientShake && !serverShake);
		} while (!clientShake \|\| !serverShake);


		/* Finally make sure the server validation does what