From b4d0aca018e8ac3be255ec5a443d4adeb7e8a51a Mon Sep 17 00:00:00 2001 From: Jacob Champion Date: Tue, 21 Jun 2022 14:58:48 -0500 Subject: [PATCH] test/ssl: fix invalid-hostname test for LibreSSL Unlike OpenSSL, LibreSSL won't accept an SNI with the nonsense host we set as part of this test. Since we're not testing SNI here, disable it. Per bug report by Nazir Bilal Yavuz. --- src/test/ssl/t/001_ssltests.pl | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/test/ssl/t/001_ssltests.pl b/src/test/ssl/t/001_ssltests.pl index c0b4a5739c..f94d608492 100644 --- a/src/test/ssl/t/001_ssltests.pl +++ b/src/test/ssl/t/001_ssltests.pl @@ -333,8 +333,11 @@ SKIP: qr/\Qserver certificate for "192.0.2.1" (and 1 other name) does not match host name "192.0.2.2"\E/ ); + # For this test we want to verify that the IP match correctly fails for a + # nonsensical "CIDR" hostname. But LibreSSL will independently choke on the + # invalid CIDR host if we try to use SNI, so disable sslsni for this test. $node->connect_fails( - "$common_connstr host=192.0.2.1/32", + "$common_connstr host=192.0.2.1/32 sslsni=0", "IPv4 host with CIDR mask does not match", expected_stderr => qr/\Qserver certificate for "192.0.2.1" (and 1 other name) does not match host name "192.0.2.1\/32"\E/ -- 2.25.1