Avoid false-failures if underlying network connection errors

In Air-Gapped or otherwise network-restricted environments, TcpStream::connect can spuriously fail due to name resolution failure, or just in establishing the socket itself. In this situation, the test can't give a meaningful result, and this failure doesn't indicate a problem in the OpenSSL stack. Bug: sfackler#1215
yanivakivas · Dec 27, 2019 · bba670d · bba670d
1 parent 9b2eced
commit bba670d
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/openssl/src/ssl/test/mod.rs b/openssl/src/ssl/test/mod.rs
@@ -601,7 +601,10 @@ fn default_verify_paths() {
     ctx.set_default_verify_paths().unwrap();
     ctx.set_verify(SslVerifyMode::PEER);
     let ctx = ctx.build();
-    let s = TcpStream::connect("google.com:443").unwrap();
+    let s = match TcpStream::connect("google.com:443") {
+        Ok(s) => s,
+        Err(_) => return,
+    };
     let mut ssl = Ssl::new(&ctx).unwrap();
     ssl.set_hostname("google.com").unwrap();
     let mut socket = ssl.connect(s).unwrap();