When gnutls negotiates TLS 1.3 instead of 1.2, the order of messages sent by the handshake changes. This exposed a logic bug in the test suite which caused us to wait for the server to see handshake completion, but not wait for the client to see completion. The result was the client didn't receive the certificate for verification and the test failed. This is exposed in Fedora 29 rawhide which has just enabled TLS 1.3 in its GNUTLS builds. Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com&gt; --- tests/virnettlssessiontest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/virnettlssessiontest.c b/tests/virnettlssessiontest.c index 7e85607181..375cc1bb02 100644 --- a/tests/virnettlssessiontest.c +++ b/tests/virnettlssessiontest.c @@ -180,7 +180,7 @@ static int testTLSSessionInit(const void *opaque) if (rv == VIR_NET_TLS_HANDSHAKE_COMPLETE) clientShake = true; } - } while (!clientShake && !serverShake); + } while (!clientShake || !serverShake); /* Finally make sure the server validation does what -- 2.17.1