ae23c9
From dc340428ac10233432dc6048c972197163eb13e7 Mon Sep 17 00:00:00 2001
ae23c9
From: "Daniel P. Berrange" <berrange@redhat.com>
ae23c9
Date: Tue, 24 Jul 2018 17:17:43 +0100
ae23c9
Subject: [PATCH 4/4] tests: fix TLS handshake failure with TLS 1.3
ae23c9
MIME-Version: 1.0
ae23c9
Content-Type: text/plain; charset=UTF-8
ae23c9
Content-Transfer-Encoding: 8bit
ae23c9
ae23c9
RH-Author: Daniel P. Berrange <berrange@redhat.com>
ae23c9
Message-id: <20180724171743.10146-2-berrange@redhat.com>
ae23c9
Patchwork-id: 81490
ae23c9
O-Subject: [qemu-kvm RHEL8/virt212 PATCH 1/1] tests: fix TLS handshake failure with TLS 1.3
ae23c9
Bugzilla: 1602403
ae23c9
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
ae23c9
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
ae23c9
RH-Acked-by: Danilo de Paula <ddepaula@redhat.com>
ae23c9
ae23c9
When gnutls negotiates TLS 1.3 instead of 1.2, the order of messages
ae23c9
sent by the handshake changes. This exposed a logic bug in the test
ae23c9
suite which caused us to wait for the server to see handshake
ae23c9
completion, but not wait for the client to see completion. The result
ae23c9
was the client didn't receive the certificate for verification and the
ae23c9
test failed.
ae23c9
ae23c9
This is exposed in Fedora 29 rawhide which has just enabled TLS 1.3 in
ae23c9
its GNUTLS builds.
ae23c9
ae23c9
Reviewed-by: Eric Blake <eblake@redhat.com>
ae23c9
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
ae23c9
(cherry picked from commit db0a8c70f25fe497c4b786d8edac063daa744c0d)
ae23c9
ae23c9
 Conflicts:
ae23c9
	tests/test-crypto-tlssession.c - no PSK tests in 2.12
ae23c9
ae23c9
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
ae23c9
---
ae23c9
 tests/test-crypto-tlssession.c | 2 +-
ae23c9
 1 file changed, 1 insertion(+), 1 deletion(-)
ae23c9
ae23c9
diff --git a/tests/test-crypto-tlssession.c b/tests/test-crypto-tlssession.c
ae23c9
index 82f21c2..4416a85 100644
ae23c9
--- a/tests/test-crypto-tlssession.c
ae23c9
+++ b/tests/test-crypto-tlssession.c
ae23c9
@@ -227,7 +227,7 @@ static void test_crypto_tls_session(const void *opaque)
ae23c9
                 clientShake = true;
ae23c9
             }
ae23c9
         }
ae23c9
-    } while (!clientShake && !serverShake);
ae23c9
+    } while (!clientShake || !serverShake);
ae23c9
 
ae23c9
 
ae23c9
     /* Finally make sure the server validation does what
ae23c9
-- 
ae23c9
1.8.3.1
ae23c9