Add a test for CVE-2017-3737

Test reading/writing to an SSL object after a fatal error has been
detected. This CVE only affected 1.0.2, but we should add it to other
branches for completeness.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

1 files changed, 21 insertions, 0 deletions

diff --git a/test/recipes/90-test_fatalerr.t b/test/recipes/90-test_fatalerr.t
new file mode 100644
index 0000000..361bc1f
--- /dev/null
+++ b/test/recipes/90-test_fatalerr.t
@@ -0,0 +1,21 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Utils;
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
+
+setup("test_fatalerr");
+
+plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build"
+    if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls"));
+
+plan tests => 1;
+
+ok(run(test(["fatalerrtest", srctop_file("apps", "server.pem"),
+             srctop_file("apps", "server.pem")])), "running fatalerrtest");