tests: Fix EAP-FAST protocol testing with older OpenSSL library versions
Looks like the previous fix for a newer OpenSSL versions broke
functionality with older versions that did not seem to like @SECLEVEL=0
in the cipher list. Make that addition conditional on OpenSSL version to
work with both versions.
Fixes: e87e6f609b
("tests: Fix EAP-FAST protocol testing with newer OpenSSL and pyOpenSSL")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
236f132c54
commit
fe40c679d2
1 changed files with 4 additions and 1 deletions
|
@ -10110,7 +10110,10 @@ def run_eap_fast_phase2(dev, test_payload, test_failure=True):
|
||||||
ctx['sslctx'] = OpenSSL.SSL.Context(OpenSSL.SSL.TLSv1_METHOD)
|
ctx['sslctx'] = OpenSSL.SSL.Context(OpenSSL.SSL.TLSv1_METHOD)
|
||||||
ctx['sslctx'].set_info_callback(ssl_info_callback)
|
ctx['sslctx'].set_info_callback(ssl_info_callback)
|
||||||
ctx['sslctx'].load_tmp_dh("auth_serv/dh.conf")
|
ctx['sslctx'].load_tmp_dh("auth_serv/dh.conf")
|
||||||
|
if OpenSSL.SSL.OPENSSL_VERSION_NUMBER >= 0x10100000:
|
||||||
ctx['sslctx'].set_cipher_list("ADH-AES128-SHA:@SECLEVEL=0")
|
ctx['sslctx'].set_cipher_list("ADH-AES128-SHA:@SECLEVEL=0")
|
||||||
|
else:
|
||||||
|
ctx['sslctx'].set_cipher_list("ADH-AES128-SHA")
|
||||||
ctx['conn'] = OpenSSL.SSL.Connection(ctx['sslctx'], None)
|
ctx['conn'] = OpenSSL.SSL.Connection(ctx['sslctx'], None)
|
||||||
ctx['conn'].set_accept_state()
|
ctx['conn'].set_accept_state()
|
||||||
log_conn_state(ctx['conn'])
|
log_conn_state(ctx['conn'])
|
||||||
|
|
Loading…
Reference in a new issue