From 526d25bc1d1f4017b86588ecc718f435d0e3af75 Mon Sep 17 00:00:00 2001
From: David Cooper <david.cooper@nist.gov>
Date: Thu, 5 Aug 2021 10:37:37 -0400
Subject: [PATCH] Don't test for certificate compression if --ssl-native

This commit changes run_server_defaults() so that the test for certificate compression is not run in --ssl-native mode. This fixes an issue that was caught by 21_baseline_starttls.t.
---
 testssl.sh | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index 19ca2d5..f925eef 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -9543,7 +9543,7 @@ run_server_defaults() {
      local -a ciphers_to_test certificate_type
      local -a -i success
      local cn_nosni cn_sni sans_nosni sans_sni san tls_extensions client_auth_ca
-     local cert_compression_methods
+     local cert_compression_methods=""
      local using_sockets=true
 
      "$SSL_NATIVE" && using_sockets=false
@@ -9751,7 +9751,7 @@ run_server_defaults() {
      done
 
      determine_tls_extensions
-     cert_compression_methods="$(determine_cert_compression)"
+     "$using_sockets" && cert_compression_methods="$(determine_cert_compression)"
      [[ -n "$cert_compression_methods" ]] && [[ "$cert_compression_methods" != "none" ]] && \
           extract_new_tls_extensions "$TEMPDIR/$NODEIP.determine_cert_compression.txt"
 
@@ -9895,7 +9895,11 @@ run_server_defaults() {
      tls_time
 
      jsonID="cert_compression"
-     if [[ $(has_server_protocol "tls1_3") -eq 0 ]]; then
+     if ! "$using_sockets"; then
+          # At the moment support for certificate compression can only be
+          # tested using tls_sockets().
+          :
+     elif [[ $(has_server_protocol "tls1_3") -eq 0 ]]; then
           jsonID="certificate_compression"
           pr_bold " Certificate Compression      "
           outln "$cert_compression_methods"