Merge pull request #1795 from SparkiDev/tls13_no_tls12

Fixes to work when compiled with TLS 1.3 only

scripts/external.test

@@ -7,22 +7,28 @@ ca=./certs/wolfssl-website-ca.pem
 
 [ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
 
-# cloudflare seems to change CAs quickly, disabled by default
-if test -n "$WOLFSSL_EXTERNAL_TEST"; then
-    echo "WOLFSSL_EXTERNAL_TEST set, running test..."
-else
-    echo "WOLFSSL_EXTERNAL_TEST NOT set, won't run"
-    exit 0
+# www.wolfssl.com isn't using RFC 8446 yet but the draft instead.
+./examples/client/client -v 3 2>&1 | grep -- 'Bad SSL version'
+if [ $? -ne 0 ]; then
+
+    # cloudflare seems to change CAs quickly, disabled by default
+    if test -n "$WOLFSSL_EXTERNAL_TEST"; then
+        echo "WOLFSSL_EXTERNAL_TEST set, running test..."
+    else
+        echo "WOLFSSL_EXTERNAL_TEST NOT set, won't run"
+        exit 0
+    fi
+
+    # is our desired server there?
+    ./scripts/ping.test $server 2
+    RESULT=$?
+    [ $RESULT -ne 0 ] && exit 0
+
+    # client test against the server
+    ./examples/client/client -X -C -h $server -p 443 -g -A $ca
+    RESULT=$?
+    [ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
+
 fi
 
-# is our desired server there?
-./scripts/ping.test $server 2
-RESULT=$?
-[ $RESULT -ne 0 ] && exit 0
-
-# client test against the server
-./examples/client/client -X -C -h $server -p 443 -g -A $ca
-RESULT=$?
-[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
-
 exit 0

scripts/ocsp-stapling-with-ca-as-responder.test

@@ -1,6 +1,15 @@
 #!/bin/bash
 # ocsp-stapling.test
 
+
+./examples/client/client -v 3 2>&1 | grep -- 'Bad SSL version'
+if [ $? -eq 0 ]; then
+    echo "TLS 1.2 or lower required"
+    echo "Skipped"
+    exit 0
+fi
+
+
 WORKSPACE=`pwd`
 CERT_DIR="./certs/ocsp"
 resume_port=0

scripts/ocsp-stapling.test

@@ -2,6 +2,15 @@
 
 # ocsp-stapling.test
 
+
+./examples/client/client -v 3 2>&1 | grep -- 'Bad SSL version'
+if [ $? -eq 0 ]; then
+    echo "TLS 1.2 or lower required"
+    echo "Skipped"
+    exit 0
+fi
+
+
 # create a unique ready file ending in PID for the script instance ($$) to take
 # advantage of port zero solution
 WORKSPACE=`pwd`

scripts/ocsp-stapling2.test

@@ -1,6 +1,15 @@
 #!/bin/bash
 # ocsp-stapling.test
 
+
+./examples/client/client -v 3 2>&1 | grep -- 'Bad SSL version'
+if [ $? -eq 0 ]; then
+    echo "TLS 1.2 or lower required"
+    echo "Skipped"
+    exit 0
+fi
+
+
 WORKSPACE=`pwd`
 CERT_DIR="certs/ocsp"
 

scripts/ocsp.test

@@ -8,6 +8,13 @@ ca=certs/external/ca-globalsign-root.pem
 [ ! -x ./examples/client/client ] && printf '\n\n%s\n' "Client doesn't exist" \
                                   && exit 1
 
+./examples/client/client -v 3 2>&1 | grep -- 'Bad SSL version'
+if [ $? -eq 0 ]; then
+    echo "TLS 1.2 or lower required"
+    echo "Skipped"
+    exit 0
+fi
+
 # is our desired server there?
 ./scripts/ping.test $server 2
 RESULT=$?

scripts/resume.test

@@ -119,6 +119,11 @@ if [ $? -ne 0 ]; then
     fi
 fi
 
+./examples/client/client -? 2>&1 | grep -- 'Resume session'
+if [ $? -ne 0 ]; then
+    RUN_TEST="Y"
+fi
+
 if [ "$RUN_TEST" = "Y" ]; then
     do_test