From 75fe387d4b7dd458b79fc22d593095cd84ca8ea4 Mon Sep 17 00:00:00 2001 From: Phil Pennock Date: Thu, 17 May 2012 17:24:36 -0400 Subject: fix tls_cipher memory lifetime. Some tests had not been updated for the new cert because they were missing an X= log-line. Updated those tests now. --- test/runtest | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'test/runtest') diff --git a/test/runtest b/test/runtest index 9bcace082..6418d8d3f 100755 --- a/test/runtest +++ b/test/runtest @@ -484,6 +484,7 @@ RESET_AFTER_EXTRA_LINE_READ: # So far, have seen: # TLSv1:AES256-SHA:256 # TLSv1.2:AES256-GCM-SHA384:256 + # TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128 # We also need to handle the ciphersuite without the TLS part present, for # client-ssl's output. We also see some older forced ciphersuites, but # negotiating TLS 1.2 instead of 1.0. @@ -493,6 +494,20 @@ RESET_AFTER_EXTRA_LINE_READ: s/( (?: (?:\b|\s) [\(=] ) | \s )TLSv1\.2:/$1TLSv1:/xg; s/\bAES256-GCM-SHA384\b/AES256-SHA/g; + # GnuTLS have seen: + # TLS1.2:RSA_AES_256_CBC_SHA1:256 (canonical) + # TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128 + # + # X=TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256 + # X=TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256 + # and as stand-alone cipher: + # DHE-RSA-AES256-SHA256 + # DHE-RSA-AES256-SHA + # picking latter as canonical simply because regex easier that way. + s/\bDHE_RSA_AES_128_CBC_SHA1:128/RSA_AES_256_CBC_SHA1:256/g; + s/X=TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256/X=TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256/g; + s/\bDHE-RSA-AES256-SHA256\b/DHE-RSA-AES256-SHA/g; + # ======== Caller's login, uid, gid, home, gecos ======== -- cgit v1.2.3