28 lines
1.0 KiB
Diff
28 lines
1.0 KiB
Diff
# HG changeset patch
|
|
# User Daiki Ueno <dueno@redhat.com>
|
|
# Date 1558341826 -7200
|
|
# Mon May 20 10:43:46 2019 +0200
|
|
# Node ID b447f0046807b718d2928d0e33313620d38a287a
|
|
# Parent 02ea5f29ac3c1f1c6e6eb4b655afd9b4fc075a9e
|
|
tests: skip TLS 1.3 tests under FIPS mode
|
|
|
|
diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh
|
|
--- a/tests/ssl/ssl.sh
|
|
+++ b/tests/ssl/ssl.sh
|
|
@@ -393,6 +393,15 @@ ssl_auth()
|
|
echo "${testname}" | grep "TLS 1.3" > /dev/null
|
|
TLS13=$?
|
|
|
|
+ # Currently TLS 1.3 tests are known to fail under FIPS mode,
|
|
+ # because HKDF is implemented using the PKCS #11 functions
|
|
+ # prohibited under FIPS mode.
|
|
+ if [ "${TLS13}" -eq 0 ] && \
|
|
+ [ "$SERVER_MODE" = "fips" -o "$CLIENT_MODE" = "fips" ] ; then
|
|
+ echo "$SCRIPTNAME: skipping $testname (non-FIPS only)"
|
|
+ continue
|
|
+ fi
|
|
+
|
|
if [ "${CLIENT_MODE}" = "fips" -a "${CAUTH}" -eq 0 ] ; then
|
|
echo "$SCRIPTNAME: skipping $testname (non-FIPS only)"
|
|
elif [ "$ectype" = "SNI" -a "$NORM_EXT" = "Extended Test" ] ; then
|