tst_QSslSocket: skip tests requiring TLS v 1.0 downgrade

If OpenSSL version is 3.1.1 or above - this version moved the protocol under security level 0, but the default one is 1. Pick-to: 6.6 6.5 6.2 5.15 Fixes: QTBUG-116166 Change-Id: Iaabb2cf33e2a9f280d6167233ee16080dee808b0 Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
2023-08-21 15:20:36 +02:00 · 2023-08-21 15:20:36 +02:00 · 6d6d22b65d
parent 366b4d3ae7
commit 6d6d22b65d
1 changed files with 24 additions and 0 deletions
--- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
+++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
@ -293,6 +293,7 @@ private:
    QSslSocket *socket;
    QList<QSslError> storedExpectedSslErrors;
    bool isTestingOpenSsl = false;
+    bool isSecurityLevel0Required = false;
    bool opensslResolved = false;
    bool isTestingSecureTransport = false;
    bool isTestingSchannel = false;
@ -412,6 +413,9 @@ void tst_QSslSocket::initTestCase()
        flukeCertificateError = QSslError::SelfSignedCertificate;
 #if QT_CONFIG(openssl)
        opensslResolved = qt_auto_test_resolve_OpenSSL_symbols();
+        // This is where OpenSSL moved several protocols under
+        // non-default (0) security level (the default is 1).
+        isSecurityLevel0Required = OPENSSL_VERSION_NUMBER >= 0x30100010;
 #else
        opensslResolved = false; // Not 'unused variable' anymore.
 #endif
@ -810,6 +814,10 @@ void tst_QSslSocket::simpleConnect()
    if (!QSslSocket::supportsSsl())
        return;

+    // Starting from OpenSSL v 3.1.1 deprecated protocol versions (we want to use when connecting) are not available by default.
+    if (isSecurityLevel0Required)
+        QSKIP("Testing with OpenSSL backend, but security level 0 is required for TLS v1.1 or earlier");
+
    QFETCH_GLOBAL(bool, setProxy);
    if (setProxy)
        return;
@ -871,6 +879,10 @@ void tst_QSslSocket::simpleConnectWithIgnore()
    if (!QSslSocket::supportsSsl())
        return;

+    // Starting from OpenSSL v 3.1.1 deprecated protocol versions (we want to use when connecting) are not available by default.
+    if (isSecurityLevel0Required)
+        QSKIP("Testing with OpenSSL backend, but security level 0 is required for TLS v1.1 or earlier");
+
    QFETCH_GLOBAL(bool, setProxy);
    if (setProxy)
        return;
@ -915,6 +927,10 @@ void tst_QSslSocket::simpleConnectWithIgnore()

 void tst_QSslSocket::sslErrors_data()
 {
+    // Starting from OpenSSL v 3.1.1 deprecated protocol versions (we want to use in 'sslErrors' test) are not available by default.
+    if (isSecurityLevel0Required)
+        QSKIP("Testing with OpenSSL backend, but security level 0 is required for TLS v1.1 or earlier");
+
    QTest::addColumn<QString>("host");
    QTest::addColumn<int>("port");

@ -1967,6 +1983,10 @@ void tst_QSslSocket::waitForConnectedEncryptedReadyRead()
    if (!QSslSocket::supportsSsl())
        return;

+    // Starting from OpenSSL v 3.1.1 deprecated protocol versions (we want to use here) are not available by default.
+    if (isSecurityLevel0Required)
+        QSKIP("Testing with OpenSSL backend, but security level 0 is required for TLS v1.1 or earlier");
+
    QSslSocketPtr socket = newSocket();
    this->socket = socket.data();

@ -3113,6 +3133,10 @@ void tst_QSslSocket::encryptWithoutConnecting()

 void tst_QSslSocket::resume_data()
 {
+    // Starting from OpenSSL v 3.1.1 deprecated protocol versions (we want to use in 'resume' test) are not available by default.
+    if (isSecurityLevel0Required)
+        QSKIP("Testing with OpenSSL backend, but security level 0 is required for TLS v1.1 or earlier");
+
    QTest::addColumn<bool>("ignoreErrorsAfterPause");
    QTest::addColumn<QList<QSslError> >("errorsToIgnore");
    QTest::addColumn<bool>("expectSuccess");