test suite: use stock OpenSSL config except for tests/tls-protocols.

It's best to use a stock (clean) environment when possible.  We only
need to test TLS protocol version <1.2 for tests/tls-protocols.

2 files changed, 17 insertions, 0 deletions

diff --git a/tests/tls-protocols/openssl.cnf b/tests/tls-protocols/openssl.cnf
new file mode 100644
index 0000000..980097d
--- /dev/null
+++ b/tests/tls-protocols/openssl.cnf
@@ -0,0 +1,14 @@
+# as we want to test TLSv1 we need to set MinProtocol=None, see
+# see /usr/share/doc/libssl1.1/NEWS.Debian.gz
+
+openssl_conf = default_conf
+
+[default_conf]
+ssl_conf = ssl_sect
+
+[ssl_sect]
+system_default = system_default_sect
+
+[system_default_sect]
+MinProtocol = None
+CipherString = DEFAULT
diff --git a/tests/tls-protocols/t b/tests/tls-protocols/t
index c302731..72f7db2 100644
--- a/tests/tls-protocols/t
+++ b/tests/tls-protocols/t
@@ -5,6 +5,9 @@ interimap --debug || error
 ! grep -E "^remote: Maximum SSL/TLS protocol version: " <"$STDERR" || error
 grep -E "^remote: SSL protocol: TLSv" <"$STDERR" || error
 
+# load custom OpenSSL configuration to allow TLS protocol version <=1.1
+export OPENSSL_CONF="$TESTDIR/openssl.cnf"
+
 # backup config
 install -m0600 "$XDG_CONFIG_HOME/interimap/config" "$XDG_CONFIG_HOME/interimap/config~"
 with_remote_tls_protocols() {