From 1e693fc723a8309b243b74c5baa7b7f0682d52f7 Mon Sep 17 00:00:00 2001

Message-Id: <1e693fc723a8309b243b74c5baa7b7f0682d52f7@dist-git>

From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>

Date: Wed, 18 Jul 2018 19:21:06 +0100

Subject: [PATCH] tests: fix TLS handshake failure with TLS 1.3

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

When gnutls negotiates TLS 1.3 instead of 1.2, the order of messages

sent by the handshake changes. This exposed a logic bug in the test

suite which caused us to wait for the server to see handshake

completion, but not wait for the client to see completion. The result

was the client didn't receive the certificate for verification and the

test failed.

This is exposed in Fedora 29 rawhide which has just enabled TLS 1.3 in

its GNUTLS builds.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

(cherry picked from commit cf92b90e3537631d5235a564f917a7a0fadac3e1)

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>

---

 tests/virnettlssessiontest.c | 2 +-

 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/virnettlssessiontest.c b/tests/virnettlssessiontest.c

index 7e85607181..375cc1bb02 100644

--- a/tests/virnettlssessiontest.c

+++ b/tests/virnettlssessiontest.c

@@ -180,7 +180,7 @@ static int testTLSSessionInit(const void *opaque)

             if (rv == VIR_NET_TLS_HANDSHAKE_COMPLETE)

                 clientShake = true;

         }

-    } while (!clientShake && !serverShake);

+    } while (!clientShake || !serverShake);

     /* Finally make sure the server validation does what

-- 

2.18.0