Enable all tests on opensslv3

commit: 3ea763e068fbedf7b7b33b73ca294952543e7930 [log] [tgz]
author: Thomas <thomasbruggink@hotmail.com> Tue Mar 05 21:30:29 2024 +0900
committer: Thomas <thomasbruggink@hotmail.com> Tue Mar 05 21:30:29 2024 +0900
tree: 1682ef2616a0adda75f66a2f22fdda736cfa5bf2
parent: 8148f2ff9740c11417b7e2d2800c07129be2092d [diff]
diff --git a/lib/cpp/test/SecurityFromBufferTest.cpp b/lib/cpp/test/SecurityFromBufferTest.cpp
index c4f5c8e..32f2378 100644
--- a/lib/cpp/test/SecurityFromBufferTest.cpp
+++ b/lib/cpp/test/SecurityFromBufferTest.cpp

@@ -109,7 +109,7 @@
       shared_ptr<TSSLServerSocket> pServerSocket;
 
       pServerSocketFactory.reset(new TSSLSocketFactory(static_cast<apache::thrift::transport::SSLProtocol>(protocol)));
-      #if OPENSSL_VERSION_NUMBER >= 0x10100000L && OPENSSL_VERSION_NUMBER < 0x30000000L
+      #if OPENSSL_VERSION_NUMBER >= 0x10100000L
           // OpenSSL 1.1.0 introduced @SECLEVEL. Modern distributions limit TLS 1.0/1.1
           // to @SECLEVEL=0 or 1, so specify it to test all combinations.
           pServerSocketFactory->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@SECLEVEL=0");
@@ -161,7 +161,7 @@
       try {
         pClientSocketFactory.reset(new TSSLSocketFactory(static_cast<apache::thrift::transport::SSLProtocol>(protocol)));
         pClientSocketFactory->authenticate(true);
-        #if OPENSSL_VERSION_NUMBER >= 0x10100000L && OPENSSL_VERSION_NUMBER < 0x30000000L
+        #if OPENSSL_VERSION_NUMBER >= 0x10100000L
             // OpenSSL 1.1.0 introduced @SECLEVEL. Modern distributions limit TLS 1.0/1.1
             // to @SECLEVEL=0 or 1, so specify it to test all combinations.
             pClientSocketFactory->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@SECLEVEL=0");
@@ -210,16 +210,15 @@
   try {
     // matrix of connection success between client and server with different SSLProtocol selections
         static_assert(apache::thrift::transport::LATEST == 5, "Mismatch in assumed number of ssl protocols");
-        bool ossl1x = (OPENSSL_VERSION_NUMBER < 0x30000000L);
         bool matrix[apache::thrift::transport::LATEST + 1][apache::thrift::transport::LATEST + 1] =
         {
     //   server    = SSLTLS   SSLv2    SSLv3    TLSv1_0  TLSv1_1  TLSv1_2
     // client
-    /* SSLTLS  */  { true,    false,   false,   ossl1x,  ossl1x,  true    },
+    /* SSLTLS  */  { true,    false,   false,   true,    true,    true    },
     /* SSLv2   */  { false,   false,   false,   false,   false,   false   },
     /* SSLv3   */  { false,   false,   true,    false,   false,   false   },
-    /* TLSv1_0 */  { ossl1x,  false,   false,   ossl1x,  false,   false   },
-    /* TLSv1_1 */  { ossl1x,  false,   false,   false,   ossl1x,  false   },
+    /* TLSv1_0 */  { true,    false,   false,   true,    false,   false   },
+    /* TLSv1_1 */  { true,    false,   false,   false,   true,    false   },
     /* TLSv1_2 */  { true,    false,   false,   false,   false,   true    }
         };
 

diff --git a/lib/cpp/test/SecurityTest.cpp b/lib/cpp/test/SecurityTest.cpp
index 4c6c732..cc71f04 100644
--- a/lib/cpp/test/SecurityTest.cpp
+++ b/lib/cpp/test/SecurityTest.cpp

@@ -108,7 +108,7 @@
             shared_ptr<TSSLServerSocket> pServerSocket;
 
             pServerSocketFactory.reset(new TSSLSocketFactory(static_cast<apache::thrift::transport::SSLProtocol>(protocol)));
-            #if OPENSSL_VERSION_NUMBER >= 0x10100000L && OPENSSL_VERSION_NUMBER < 0x30000000L
+            #if OPENSSL_VERSION_NUMBER >= 0x10100000L
                 // OpenSSL 1.1.0 introduced @SECLEVEL. Modern distributions limit TLS 1.0/1.1
                 // to @SECLEVEL=0 or 1, so specify it to test all combinations.
                 pServerSocketFactory->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@SECLEVEL=0:@STRENGTH");
@@ -168,7 +168,7 @@
             {
                 pClientSocketFactory.reset(new TSSLSocketFactory(static_cast<apache::thrift::transport::SSLProtocol>(protocol)));
                 pClientSocketFactory->authenticate(true);
-                #if OPENSSL_VERSION_NUMBER >= 0x10100000L && OPENSSL_VERSION_NUMBER < 0x30000000L
+                #if OPENSSL_VERSION_NUMBER >= 0x10100000L
                     // OpenSSL 1.1.0 introduced @SECLEVEL. Modern distributions limit TLS 1.0/1.1
                     // to @SECLEVEL=0 or 1, so specify it to test all combinations.
                     pClientSocketFactory->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@SECLEVEL=0");
@@ -232,16 +232,15 @@
     {
         // matrix of connection success between client and server with different SSLProtocol selections
         static_assert(apache::thrift::transport::LATEST == 5, "Mismatch in assumed number of ssl protocols");
-        bool ossl1x = (OPENSSL_VERSION_NUMBER < 0x30000000L);
         bool matrix[apache::thrift::transport::LATEST + 1][apache::thrift::transport::LATEST + 1] =
         {
     //   server    = SSLTLS   SSLv2    SSLv3    TLSv1_0  TLSv1_1  TLSv1_2
     // client
-    /* SSLTLS  */  { true,    false,   false,   ossl1x,  ossl1x,  true    },
+    /* SSLTLS  */  { true,    false,   false,   true,    true,    true    },
     /* SSLv2   */  { false,   false,   false,   false,   false,   false   },
     /* SSLv3   */  { false,   false,   true,    false,   false,   false   },
-    /* TLSv1_0 */  { ossl1x,  false,   false,   ossl1x,  false,   false   },
-    /* TLSv1_1 */  { ossl1x,  false,   false,   false,   ossl1x,  false   },
+    /* TLSv1_0 */  { true,    false,   false,   true,    false,   false   },
+    /* TLSv1_1 */  { true,    false,   false,   false,   true,    false   },
     /* TLSv1_2 */  { true,    false,   false,   false,   false,   true    }
         };
commit	3ea763e068fbedf7b7b33b73ca294952543e7930	[log] [tgz]
author	Thomas <thomasbruggink@hotmail.com>	Tue Mar 05 21:30:29 2024 +0900
committer	Thomas <thomasbruggink@hotmail.com>	Tue Mar 05 21:30:29 2024 +0900
tree	1682ef2616a0adda75f66a2f22fdda736cfa5bf2
parent	8148f2ff9740c11417b7e2d2800c07129be2092d [diff]