diff options
Diffstat (limited to 'deps/openssl/openssl/util/perl/checkhandshake.pm')
-rw-r--r-- | deps/openssl/openssl/util/perl/checkhandshake.pm | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/deps/openssl/openssl/util/perl/checkhandshake.pm b/deps/openssl/openssl/util/perl/checkhandshake.pm index c53b96d5ee..04441b5615 100644 --- a/deps/openssl/openssl/util/perl/checkhandshake.pm +++ b/deps/openssl/openssl/util/perl/checkhandshake.pm @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -116,7 +116,8 @@ sub checkhandshake($$$$) && $message->mt() != TLSProxy::Message::MT_SERVER_HELLO && $message->mt() != TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS - && $message->mt() != TLSProxy::Message::MT_CERTIFICATE); + && $message->mt() != TLSProxy::Message::MT_CERTIFICATE + && $message->mt() != TLSProxy::Message::MT_CERTIFICATE_REQUEST); next if $message->mt() == TLSProxy::Message::MT_CERTIFICATE && !TLSProxy::Proxy::is_tls13(); @@ -124,7 +125,7 @@ sub checkhandshake($$$$) my $extchnum = 1; my $extshnum = 1; for (my $extloop = 0; - $extensions[$extloop][2] != 0; + $extensions[$extloop][3] != 0; $extloop++) { $extchnum = 2 if $extensions[$extloop][0] != TLSProxy::Message::MT_CLIENT_HELLO && TLSProxy::Proxy::is_tls13(); @@ -135,6 +136,7 @@ sub checkhandshake($$$$) next if $extensions[$extloop][0] == TLSProxy::Message::MT_SERVER_HELLO && $extshnum != $shnum; next if ($message->mt() != $extensions[$extloop][0]); + next if ($message->server() != $extensions[$extloop][2]); $numtests++; } $numtests++; @@ -182,7 +184,8 @@ sub checkhandshake($$$$) && $message->mt() != TLSProxy::Message::MT_SERVER_HELLO && $message->mt() != TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS - && $message->mt() != TLSProxy::Message::MT_CERTIFICATE); + && $message->mt() != TLSProxy::Message::MT_CERTIFICATE + && $message->mt() != TLSProxy::Message::MT_CERTIFICATE_REQUEST); next if $message->mt() == TLSProxy::Message::MT_CERTIFICATE && !TLSProxy::Proxy::is_tls13(); @@ -197,7 +200,7 @@ sub checkhandshake($$$$) my $msgexts = $message->extension_data(); my $extchnum = 1; my $extshnum = 1; - for (my $extloop = 0, $extcount = 0; $extensions[$extloop][2] != 0; + for (my $extloop = 0, $extcount = 0; $extensions[$extloop][3] != 0; $extloop++) { #In TLSv1.3 we can have two ClientHellos if there has been a #HelloRetryRequest, and they may have different extensions. Skip @@ -211,12 +214,13 @@ sub checkhandshake($$$$) next if $extensions[$extloop][0] == TLSProxy::Message::MT_SERVER_HELLO && $extshnum != $shnum; next if ($message->mt() != $extensions[$extloop][0]); - ok (($extensions[$extloop][2] & $exttype) == 0 + next if ($message->server() != $extensions[$extloop][2]); + ok (($extensions[$extloop][3] & $exttype) == 0 || defined ($msgexts->{$extensions[$extloop][1]}), "Extension presence check (Message: ".$message->mt() - ." Extension: ".($extensions[$extloop][2] & $exttype).", " + ." Extension: ".($extensions[$extloop][3] & $exttype).", " .$extloop.")"); - $extcount++ if (($extensions[$extloop][2] & $exttype) != 0); + $extcount++ if (($extensions[$extloop][3] & $exttype) != 0); } ok($extcount == keys %$msgexts, "Extensions count mismatch (" .$extcount.", ".(keys %$msgexts) |