From dffc677561e59d77064587fb8c1676e2b6166ca2 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Thu, 4 Jun 2020 16:42:40 -0700
Subject: [PATCH] Fix for TLS v1.3 with `--enable-sniffer`.

---
 examples/client/client.c         | 2 +-
 examples/echoclient/echoclient.c | 6 +++++-
 examples/echoserver/echoserver.c | 6 +++++-
 examples/server/server.c         | 2 +-
 4 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/examples/client/client.c b/examples/client/client.c
index 6cc3b6328..afe5beabe 100644
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -2371,7 +2371,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 #endif
 
 #if defined(WOLFSSL_SNIFFER)
-    if (cipherList == NULL) {
+    if (cipherList == NULL && version < 4) {
         /* don't use EDH, can't sniff tmp keys */
         if (wolfSSL_CTX_set_cipher_list(ctx, "AES128-SHA") != WOLFSSL_SUCCESS) {
             wolfSSL_CTX_free(ctx); ctx = NULL;
diff --git a/examples/echoclient/echoclient.c b/examples/echoclient/echoclient.c
index db5d74c97..2026cbbea 100644
--- a/examples/echoclient/echoclient.c
+++ b/examples/echoclient/echoclient.c
@@ -121,7 +121,11 @@ void echoclient_test(void* args)
 #if defined(CYASSL_DTLS)
     method  = DTLSv1_2_client_method();
 #elif !defined(NO_TLS)
+    #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_SNIFFER)
+    method = CyaTLSv1_2_client_method();
+    #else
     method = CyaSSLv23_client_method();
+    #endif
 #elif defined(WOLFSSL_ALLOW_SSLV3)
     method = SSLv3_client_method();
 #else
@@ -151,7 +155,7 @@ void echoclient_test(void* args)
 
 #if defined(CYASSL_SNIFFER)
     /* Only set if not running testsuite */
-    if (XSTRNCMP(argv[0], "testsuite", XSTRLEN("testsuite")) != 0) {
+    if (XSTRSTR(argv[0], "testsuite") != 0) {
         /* don't use EDH, can't sniff tmp keys */
         SSL_CTX_set_cipher_list(ctx, "AES256-SHA");
     }
diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c
index b7bb49282..1ed4d1fe9 100644
--- a/examples/echoserver/echoserver.c
+++ b/examples/echoserver/echoserver.c
@@ -138,7 +138,11 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
 #if defined(CYASSL_DTLS)
     method  = CyaDTLSv1_2_server_method();
 #elif !defined(NO_TLS)
+    #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_SNIFFER)
+    method = CyaTLSv1_2_server_method();
+    #else
     method = CyaSSLv23_server_method();
+    #endif
 #elif defined(WOLFSSL_ALLOW_SSLV3)
     method = CyaSSLv3_server_method();
 #else
@@ -228,7 +232,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
 
 #if defined(CYASSL_SNIFFER)
     /* Only set if not running testsuite */
-    if (XSTRNCMP(argv[0], "testsuite", XSTRLEN("testsuite")) != 0) {
+    if (XSTRSTR(argv[0], "testsuite") != 0) {
         /* don't use EDH, can't sniff tmp keys */
         CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA");
     }
diff --git a/examples/server/server.c b/examples/server/server.c
index 3f7ae6d4e..0471e6434 100644
--- a/examples/server/server.c
+++ b/examples/server/server.c
@@ -1830,7 +1830,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
 
 #if defined(WOLFSSL_SNIFFER)
     /* don't use EDH, can't sniff tmp keys */
-    if (cipherList == NULL) {
+    if (cipherList == NULL && version < 4) {
         if (SSL_CTX_set_cipher_list(ctx, "AES128-SHA") != WOLFSSL_SUCCESS)
             err_sys_ex(runWithErrors, "server can't set cipher list 3");
     }