1 files changed, 112 insertions, 0 deletions
diff --git a/openssl-1.1.1-no-brainpool.patch b/openssl-1.1.1-no-brainpool.patch
new file mode 100644
index 0000000..90c87a8
--- /dev/null
+++ b/openssl-1.1.1-no-brainpool.patch
@@ -0,0 +1,112 @@
+diff -up openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in.no-brainpool openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in
+--- openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in.no-brainpool	2019-09-10 15:13:07.000000000 +0200
++++ openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in	2019-09-13 15:11:07.358687169 +0200
+@@ -147,22 +147,22 @@ our @tests = (
+     {
+         name => "ECDSA with brainpool",
+         server =>  {
+-            "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
+-            "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
+-            "Groups" => "brainpoolP256r1",
++            "Certificate" => test_pem("server-ecdsa-cert.pem"),
++            "PrivateKey" => test_pem("server-ecdsa-key.pem"),
++#            "Groups" => "brainpoolP256r1",
+         },
+         client => {
+             #We don't restrict this to TLSv1.2, although use of brainpool
+             #should force this anyway so that this should succeed
+             "CipherString" => "aECDSA",
+             "RequestCAFile" => test_pem("root-cert.pem"),
+-            "Groups" => "brainpoolP256r1",
++#            "Groups" => "brainpoolP256r1",
+         },
+         test   => {
+-            "ExpectedServerCertType" =>, "brainpoolP256r1",
+-            "ExpectedServerSignType" =>, "EC",
++#            "ExpectedServerCertType" =>, "brainpoolP256r1",
++#            "ExpectedServerSignType" =>, "EC",
+             # Note: certificate_authorities not sent for TLS < 1.3
+-            "ExpectedServerCANames" =>, "empty",
++#            "ExpectedServerCANames" =>, "empty",
+             "ExpectedResult" => "Success"
+         },
+     },
+@@ -853,18 +853,18 @@ my @tests_tls_1_3 = (
+     {
+         name => "TLS 1.3 ECDSA with brainpool",
+         server =>  {
+-            "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
+-            "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
+-            "Groups" => "brainpoolP256r1",
++            "Certificate" => test_pem("server-ecdsa-cert.pem"),
++            "PrivateKey" => test_pem("server-ecdsa-key.pem"),
++#            "Groups" => "brainpoolP256r1",
+         },
+         client => {
+             "RequestCAFile" => test_pem("root-cert.pem"),
+-            "Groups" => "brainpoolP256r1",
++#            "Groups" => "brainpoolP256r1",
+             "MinProtocol" => "TLSv1.3",
+             "MaxProtocol" => "TLSv1.3"
+         },
+         test   => {
+-            "ExpectedResult" => "ServerFail"
++            "ExpectedResult" => "Success"
+         },
+     },
+ );
+diff -up openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.no-brainpool openssl-1.1.1d/test/ssl-tests/20-cert-select.conf
+--- openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.no-brainpool	2019-09-10 15:13:07.000000000 +0200
++++ openssl-1.1.1d/test/ssl-tests/20-cert-select.conf	2019-09-13 15:12:27.380288469 +0200
+@@ -238,23 +238,18 @@ server = 5-ECDSA with brainpool-server
+ client = 5-ECDSA with brainpool-client
+ 
+ [5-ECDSA with brainpool-server]
+-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
++Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ CipherString = DEFAULT
+-Groups = brainpoolP256r1
+-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
++PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+ 
+ [5-ECDSA with brainpool-client]
+ CipherString = aECDSA
+-Groups = brainpoolP256r1
+ RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+ VerifyMode = Peer
+ 
+ [test-5]
+ ExpectedResult = Success
+-ExpectedServerCANames = empty
+-ExpectedServerCertType = brainpoolP256r1
+-ExpectedServerSignType = EC
+ 
+ 
+ # ===========================================================
+@@ -1713,14 +1708,12 @@ server = 52-TLS 1.3 ECDSA with brainpool
+ client = 52-TLS 1.3 ECDSA with brainpool-client
+ 
+ [52-TLS 1.3 ECDSA with brainpool-server]
+-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
++Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ CipherString = DEFAULT
+-Groups = brainpoolP256r1
+-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
++PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+ 
+ [52-TLS 1.3 ECDSA with brainpool-client]
+ CipherString = DEFAULT
+-Groups = brainpoolP256r1
+ MaxProtocol = TLSv1.3
+ MinProtocol = TLSv1.3
+ RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+@@ -1728,7 +1721,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/ro
+ VerifyMode = Peer
+ 
+ [test-52]
+-ExpectedResult = ServerFail
++ExpectedResult = Success
+ 
+ 
+ # ===========================================================