From bba670dc90d6f3f7ae5c051dc67c9b1cd9b57e1a Mon Sep 17 00:00:00 2001 From: Kent Fredric Date: Fri, 27 Dec 2019 21:15:39 +1300 Subject: [PATCH] Avoid false-failures if underlying network connection errors In Air-Gapped or otherwise network-restricted environments, TcpStream::connect can spuriously fail due to name resolution failure, or just in establishing the socket itself. In this situation, the test can't give a meaningful result, and this failure doesn't indicate a problem in the OpenSSL stack. Bug: https://github.com/sfackler/rust-openssl/issues/1215 --- openssl/src/ssl/test/mod.rs | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openssl/src/ssl/test/mod.rs b/openssl/src/ssl/test/mod.rs index 18cbb395..ebc1ae03 100644 --- a/openssl/src/ssl/test/mod.rs +++ b/openssl/src/ssl/test/mod.rs @@ -601,7 +601,10 @@ fn default_verify_paths() { ctx.set_default_verify_paths().unwrap(); ctx.set_verify(SslVerifyMode::PEER); let ctx = ctx.build(); - let s = TcpStream::connect("google.com:443").unwrap(); + let s = match TcpStream::connect("google.com:443") { + Ok(s) => s, + Err(_) => return, + }; let mut ssl = Ssl::new(&ctx).unwrap(); ssl.set_hostname("google.com").unwrap(); let mut socket = ssl.connect(s).unwrap();