Testsuite: Avoid requesting TLS cert-status requests from GnuTLS test utility unless...
authorJeremy Harris <jgh146exb@wizmail.org>
Wed, 5 Aug 2015 15:01:50 +0000 (16:01 +0100)
committerJeremy Harris <jgh146exb@wizmail.org>
Wed, 5 Aug 2015 15:14:36 +0000 (16:14 +0100)
test/runtest
test/scripts/5650-OCSP-GnuTLS/5650
test/src/client.c

index 1cf6aad..fcc7a97 100755 (executable)
@@ -773,9 +773,6 @@ RESET_AFTER_EXTRA_LINE_READ:
 
   s/(TLS error on connection (?:from .* )?\(SSL_\w+\): error:)(.*)/$1 <<detail omitted>>/;
 
-  # ======== GnuTLS problems ========
-  next if /OCSP unusable with this GnuTLS library version/;
-
   # ======== Maildir things ========
   # timestamp output in maildir processing
   s/(timestamp=|\(timestamp_only\): )\d+/$1ddddddd/g;
index 9ebafb3..343d6af 100644 (file)
@@ -94,8 +94,7 @@ exim -bd -oX PORT_D -DSERVER=server \
 # Temporarily (I hope) use OpenSSL-based client, as GnuTLS is buggy and always requests (and understands)
 # stapling
 #
-#client-gnutls \
-client-ssl \
+client-gnutls \
  HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2
 ??? 220
 ehlo rhu.barb
index 251f586..dd7df5b 100644 (file)
@@ -84,6 +84,9 @@ latter needs a whole pile of tables. */
 # if GNUTLS_VERSION_NUMBER >= 0x030103
 #  define HAVE_OCSP
 #  include <gnutls/ocsp.h>
+#  ifndef GNUTLS_NO_EXTENSIONS
+#   define GNUTLS_NO_EXTENSIONS 0
+#  endif
 # endif
 
 # define DH_BITS      768
@@ -451,7 +454,7 @@ tls_session_init(void)
 {
 gnutls_session session;
 
-gnutls_init(&session, GNUTLS_CLIENT);
+gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_NO_EXTENSIONS);
 
 gnutls_cipher_set_priority(session, default_cipher_priority);
 gnutls_compression_set_priority(session, comp_priority);