From fa86c1aa91ecbd479e43736152a3a2d704a2bf75 Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Wed, 6 Jan 2021 14:19:57 +1000
Subject: [PATCH] Configuration: enable all, disable TLS 1.3 - turn off TLS 1.3
 only options

configuration: --enable-all --disable-tls13
Post-handshake authentication and HRR cookie are enable with
'--enable-all' but disabling TLS 1.3 caused configure to fail.
Don't enable these TLS 1.3 only options when TLS 1.3 is disabled.

Also fix up tests that don't work without TLS 1.3 enabled.
---
 configure.ac               | 12 ++++++++----
 scripts/ocsp-stapling.test |  2 +-
 tests/api.c                |  5 +++--
 3 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/configure.ac b/configure.ac
index 698f1f441..1fd81be9c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -628,9 +628,11 @@ if test "$ENABLED_TLS13_POST_AUTH" = "yes"
 then
     if test "x$ENABLED_TLS13" = "xno"
     then
-        AC_MSG_ERROR([cannot enable postauth without enabling tls13.])
+        AC_MSG_NOTICE([TLS 1.3 is disabled - disabling Post-handshake Authentication])
+        ENABLED_TLS13_POST_AUTH="no"
+    else
+        AM_CFLAGS="-DWOLFSSL_POST_HANDSHAKE_AUTH $AM_CFLAGS"
     fi
-  AM_CFLAGS="-DWOLFSSL_POST_HANDSHAKE_AUTH $AM_CFLAGS"
 fi
 
 
@@ -644,9 +646,11 @@ if test "$ENABLED_SEND_HRR_COOKIE" = "yes"
 then
     if test "x$ENABLED_TLS13" = "xno"
     then
-        AC_MSG_ERROR([cannot enable hrrcookie without enabling tls13.])
+        AC_MSG_NOTICE([TLS 1.3 is disabled - disabling HRR Cookie])
+        ENABLED_SEND_HRR_COOKIE="no"
+    else
+        AM_CFLAGS="-DWOLFSSL_SEND_HRR_COOKIE $AM_CFLAGS"
     fi
-  AM_CFLAGS="-DWOLFSSL_SEND_HRR_COOKIE $AM_CFLAGS"
 fi
 
 
diff --git a/scripts/ocsp-stapling.test b/scripts/ocsp-stapling.test
index 81e724a75..eb7244645 100755
--- a/scripts/ocsp-stapling.test
+++ b/scripts/ocsp-stapling.test
@@ -408,7 +408,7 @@ openssl ciphers -tls1_3
 openssl_tls13=$?
 ./examples/client/client -v 4 2>&1 | grep -- 'Bad SSL version'
 wolfssl_not_tls13=$?
-if [ "$openssl_tls13" = "0" -a "wolfssl_not_tls13" != "0" ]; then
+if [ "$openssl_tls13" = "0" -a "$wolfssl_not_tls13" != "0" ]; then
     printf '%s\n\n' "------------- TEST CASE 8 SHOULD PASS --------------------"
     # client asks for OCSP staple but doesn't fail when none returned
     ./examples/client/client -p $port -g -v 4 -W 1
diff --git a/tests/api.c b/tests/api.c
index 55c3d1203..386526106 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -6096,7 +6096,8 @@ static int test_wolfSSL_UseOCSPStaplingV2 (void)
  *----------------------------------------------------------------------------*/
 static void test_wolfSSL_mcast(void)
 {
-#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_MULTICAST)
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_MULTICAST) && \
+    (defined(WOLFSSL_TLS13) || defined(WOLFSSL_SNIFFER))
     WOLFSSL_CTX* ctx;
     WOLFSSL* ssl;
     int result;
@@ -6130,7 +6131,7 @@ static void test_wolfSSL_mcast(void)
 
     wolfSSL_free(ssl);
     wolfSSL_CTX_free(ctx);
-#endif /* WOLFSSL_DTLS && WOLFSSL_MULTICAST */
+#endif /* WOLFSSL_DTLS && WOLFSSL_MULTICAST && (WOLFSSL_TLS13 || WOLFSSL_SNIFFER) */
 }