diff options
Diffstat (limited to 'deps/openssl/openssl/test/recipes/70-test_tlsextms.t')
-rw-r--r-- | deps/openssl/openssl/test/recipes/70-test_tlsextms.t | 50 |
1 files changed, 34 insertions, 16 deletions
diff --git a/deps/openssl/openssl/test/recipes/70-test_tlsextms.t b/deps/openssl/openssl/test/recipes/70-test_tlsextms.t index d39acf4242..547a2fca2e 100644 --- a/deps/openssl/openssl/test/recipes/70-test_tlsextms.t +++ b/deps/openssl/openssl/test/recipes/70-test_tlsextms.t @@ -24,8 +24,8 @@ plan skip_all => "$test_name needs the dynamic engine feature enabled" plan skip_all => "$test_name needs the sock feature enabled" if disabled("sock"); -plan skip_all => "$test_name needs TLS enabled" - if alldisabled(available_protocols("tls")); +plan skip_all => "$test_name needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled" + if disabled("tls1") && disabled("tls1_1") && disabled("tls1_2"); $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; @@ -46,14 +46,19 @@ my $proxy = TLSProxy::Proxy->new( (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) ); +#Note that EXTMS is only relevant for <TLS1.3 + #Test 1: By default server and client should send extended master secret # extension. #Expected result: ClientHello extension seen; ServerHello extension seen # Full handshake setrmextms(0, 0); +$proxy->clientflags("-no_tls1_3"); $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; -plan tests => 9; +my $numtests = 9; +$numtests++ if (!disabled("tls1_3")); +plan tests => $numtests; checkmessages(1, "Default extended master secret test", 1, 1, 1); #Test 2: If client omits extended master secret extension, server should too. @@ -62,6 +67,7 @@ checkmessages(1, "Default extended master secret test", 1, 1, 1); clearall(); setrmextms(1, 0); +$proxy->clientflags("-no_tls1_3"); $proxy->start(); checkmessages(2, "No client extension extended master secret test", 0, 0, 1); @@ -69,7 +75,7 @@ checkmessages(2, "No client extension extended master secret test", 0, 0, 1); # Expected result: same as test 1. clearall(); -$proxy->clientflags("-no_ticket"); +$proxy->clientflags("-no_ticket -no_tls1_3"); setrmextms(0, 0); $proxy->start(); checkmessages(3, "No ticket extended master secret test", 1, 1, 1); @@ -78,10 +84,10 @@ checkmessages(3, "No ticket extended master secret test", 1, 1, 1); # Expected result: same as test 2. clearall(); -$proxy->clientflags("-no_ticket"); +$proxy->clientflags("-no_ticket -no_tls1_3"); setrmextms(1, 0); $proxy->start(); -checkmessages(2, "No ticket, no client extension extended master secret test", 0, 0, 1); +checkmessages(4, "No ticket, no client extension extended master secret test", 0, 0, 1); #Test 5: Session resumption extended master secret test # @@ -92,10 +98,10 @@ clearall(); setrmextms(0, 0); (undef, my $session) = tempfile(); $proxy->serverconnects(2); -$proxy->clientflags("-sess_out ".$session); +$proxy->clientflags("-no_tls1_3 -sess_out ".$session); $proxy->start(); $proxy->clearClient(); -$proxy->clientflags("-sess_in ".$session); +$proxy->clientflags("-no_tls1_3 -sess_in ".$session); $proxy->clientstart(); checkmessages(5, "Session resumption extended master secret test", 1, 1, 0); unlink $session; @@ -109,10 +115,10 @@ clearall(); setrmextms(1, 0); (undef, $session) = tempfile(); $proxy->serverconnects(2); -$proxy->clientflags("-sess_out ".$session); +$proxy->clientflags("-no_tls1_3 -sess_out ".$session); $proxy->start(); $proxy->clearClient(); -$proxy->clientflags("-sess_in ".$session); +$proxy->clientflags("-no_tls1_3 -sess_in ".$session); setrmextms(0, 0); $proxy->clientstart(); checkmessages(6, "Session resumption extended master secret test", 1, 1, 1); @@ -126,10 +132,10 @@ clearall(); setrmextms(0, 0); (undef, $session) = tempfile(); $proxy->serverconnects(2); -$proxy->clientflags("-sess_out ".$session); +$proxy->clientflags("-no_tls1_3 -sess_out ".$session); $proxy->start(); $proxy->clearClient(); -$proxy->clientflags("-sess_in ".$session); +$proxy->clientflags("-no_tls1_3 -sess_in ".$session); setrmextms(1, 0); $proxy->clientstart(); ok(TLSProxy::Message->fail(), "Client inconsistent session resumption"); @@ -143,10 +149,10 @@ clearall(); setrmextms(0, 0); (undef, $session) = tempfile(); $proxy->serverconnects(2); -$proxy->clientflags("-sess_out ".$session); +$proxy->clientflags("-no_tls1_3 -sess_out ".$session); $proxy->start(); $proxy->clearClient(); -$proxy->clientflags("-sess_in ".$session); +$proxy->clientflags("-no_tls1_3 -sess_in ".$session); setrmextms(0, 1); $proxy->clientstart(); ok(TLSProxy::Message->fail(), "Server inconsistent session resumption 1"); @@ -160,15 +166,27 @@ clearall(); setrmextms(0, 1); (undef, $session) = tempfile(); $proxy->serverconnects(2); -$proxy->clientflags("-sess_out ".$session); +$proxy->clientflags("-no_tls1_3 -sess_out ".$session); $proxy->start(); $proxy->clearClient(); -$proxy->clientflags("-sess_in ".$session); +$proxy->clientflags("-no_tls1_3 -sess_in ".$session); setrmextms(0, 0); $proxy->clientstart(); ok(TLSProxy::Message->fail(), "Server inconsistent session resumption 2"); unlink $session; +#Test 10: In TLS1.3 we should not negotiate extended master secret +#Expected result: ClientHello extension seen; ServerHello extension not seen +# TLS1.3 handshake (will appear as abbreviated handshake +# because of no CKE message) +if (!disabled("tls1_3")) { + clearall(); + setrmextms(0, 0); + $proxy->start(); + checkmessages(10, "TLS1.3 extended master secret test", 1, 0, 0); +} + + sub extms_filter { my $proxy = shift; |