From 77dec16b3b2099ed2c1c1764017b455bf9e5b702 Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Mon, 22 Aug 2022 08:00:40 -0600 Subject: [PATCH] Supplemental fix in addition to #5470 --- scripts/ocsp-stapling.test | 2 +- scripts/ocsp-stapling2.test | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ocsp-stapling.test b/scripts/ocsp-stapling.test index 075baea83..e8c89de9c 100755 --- a/scripts/ocsp-stapling.test +++ b/scripts/ocsp-stapling.test @@ -234,7 +234,7 @@ if [ ! -f "$ready_file" ]; then exit 1 else # should fail if ocspstapling is also enabled - OPENSSL_OUTPUT=$(echo "hi" | openssl s_client -status $V4V6_FLAG -connect "${LOCALHOST}:$port1" -cert ./certs/client-cert.pem -key ./certs/client-key.pem -CAfile ./certs/ocsp/root-ca-cert.pem 2>&1) + OPENSSL_OUTPUT=$(echo "hi" | openssl s_client -status $V4V6_FLAG -legacy_renegotiation -connect "${LOCALHOST}:$port1" -cert ./certs/client-cert.pem -key ./certs/client-key.pem -CAfile ./certs/ocsp/root-ca-cert.pem 2>&1) OPENSSL_RESULT=$? echo "$OPENSSL_OUTPUT" fgrep -q 'self signed certificate in certificate chain' <<< "$OPENSSL_OUTPUT" diff --git a/scripts/ocsp-stapling2.test b/scripts/ocsp-stapling2.test index 7ede390df..3425f5d73 100755 --- a/scripts/ocsp-stapling2.test +++ b/scripts/ocsp-stapling2.test @@ -419,7 +419,7 @@ remove_single_rF $ready_file5 -p $port5 -H loadSSL & server_pid5=$! wait_for_readyFile $ready_file5 $server_pid5 $port5 -echo "test connection" | openssl s_client -status -connect ${LOCALHOST}:$port5 -cert ./certs/client-cert.pem -key ./certs/client-key.pem -CAfile ./certs/ocsp/root-ca-cert.pem +echo "test connection" | openssl s_client -status -legacy_renegotiation -connect ${LOCALHOST}:$port5 -cert ./certs/client-cert.pem -key ./certs/client-key.pem -CAfile ./certs/ocsp/root-ca-cert.pem RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed $RESULT" && exit 1 wait $server_pid5