From fe40c679d22b330a0fb9b35d9236666d9b364306 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Mon, 3 Jun 2019 20:25:56 +0300 Subject: [PATCH] tests: Fix EAP-FAST protocol testing with older OpenSSL library versions Looks like the previous fix for a newer OpenSSL versions broke functionality with older versions that did not seem to like @SECLEVEL=0 in the cipher list. Make that addition conditional on OpenSSL version to work with both versions. Fixes: e87e6f609bb1 ("tests: Fix EAP-FAST protocol testing with newer OpenSSL and pyOpenSSL") Signed-off-by: Jouni Malinen --- tests/hwsim/test_eap_proto.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tests/hwsim/test_eap_proto.py b/tests/hwsim/test_eap_proto.py index db30594eb..7aeaf968c 100644 --- a/tests/hwsim/test_eap_proto.py +++ b/tests/hwsim/test_eap_proto.py @@ -10110,7 +10110,10 @@ def run_eap_fast_phase2(dev, test_payload, test_failure=True): ctx['sslctx'] = OpenSSL.SSL.Context(OpenSSL.SSL.TLSv1_METHOD) ctx['sslctx'].set_info_callback(ssl_info_callback) ctx['sslctx'].load_tmp_dh("auth_serv/dh.conf") - ctx['sslctx'].set_cipher_list("ADH-AES128-SHA:@SECLEVEL=0") + if OpenSSL.SSL.OPENSSL_VERSION_NUMBER >= 0x10100000: + ctx['sslctx'].set_cipher_list("ADH-AES128-SHA:@SECLEVEL=0") + else: + ctx['sslctx'].set_cipher_list("ADH-AES128-SHA") ctx['conn'] = OpenSSL.SSL.Connection(ctx['sslctx'], None) ctx['conn'].set_accept_state() log_conn_state(ctx['conn'])