summaryrefslogtreecommitdiffstats
path: root/test
diff options
context:
space:
mode:
authorMatt Caswell <matt@openssl.org>2019-09-05 17:21:56 +0200
committerMatt Caswell <matt@openssl.org>2019-09-06 11:07:11 +0200
commitdc5bcb88d819de55eb37460c122e02fec91c6d86 (patch)
tree2c55b0c48c950d7aba7a4e581e65683327a6b441 /test
parentDon't send a status_request extension in a CertificateRequest message (diff)
downloadopenssl-dc5bcb88d819de55eb37460c122e02fec91c6d86.tar.xz
openssl-dc5bcb88d819de55eb37460c122e02fec91c6d86.zip
Teach TLSProxy how to parse CertificateRequest messages
We also use this in test_tls13messages to check that the extensions we expect to see in a CertificateRequest are there. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9780)
Diffstat (limited to 'test')
-rw-r--r--test/recipes/70-test_sslmessages.t25
-rw-r--r--test/recipes/70-test_tls13kexmodes.t36
-rw-r--r--test/recipes/70-test_tls13messages.t89
3 files changed, 131 insertions, 19 deletions
diff --git a/test/recipes/70-test_sslmessages.t b/test/recipes/70-test_sslmessages.t
index 6fb1f8557e..9f8c3226e6 100644
--- a/test/recipes/70-test_sslmessages.t
+++ b/test/recipes/70-test_sslmessages.t
@@ -95,58 +95,81 @@ my $proxy = TLSProxy::Proxy->new(
@extensions = (
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME,
+ TLSProxy::Message::CLIENT,
checkhandshake::SERVER_NAME_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,
+ TLSProxy::Message::CLIENT,
checkhandshake::STATUS_REQUEST_CLI_EXTENSION],
(disabled("ec") ? () :
[TLSProxy::Message::MT_CLIENT_HELLO,
TLSProxy::Message::EXT_SUPPORTED_GROUPS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS]),
(disabled("ec") ? () :
[TLSProxy::Message::MT_CLIENT_HELLO,
TLSProxy::Message::EXT_EC_POINT_FORMATS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS]),
(disabled("tls1_2") ? () :
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS]),
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN,
+ TLSProxy::Message::CLIENT,
checkhandshake::ALPN_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT,
+ TLSProxy::Message::CLIENT,
checkhandshake::SCT_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_RENEGOTIATE,
+ TLSProxy::Message::CLIENT,
checkhandshake::RENEGOTIATE_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_NPN,
+ TLSProxy::Message::CLIENT,
checkhandshake::NPN_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SRP,
+ TLSProxy::Message::CLIENT,
checkhandshake::SRP_CLI_EXTENSION],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_RENEGOTIATE,
+ TLSProxy::Message::SERVER,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC,
+ TLSProxy::Message::SERVER,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET,
+ TLSProxy::Message::SERVER,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SESSION_TICKET,
+ TLSProxy::Message::SERVER,
checkhandshake::SESSION_TICKET_SRV_EXTENSION],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SERVER_NAME,
+ TLSProxy::Message::SERVER,
checkhandshake::SERVER_NAME_SRV_EXTENSION],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,
+ TLSProxy::Message::SERVER,
checkhandshake::STATUS_REQUEST_SRV_EXTENSION],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_ALPN,
+ TLSProxy::Message::SERVER,
checkhandshake::ALPN_SRV_EXTENSION],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SCT,
+ TLSProxy::Message::SERVER,
checkhandshake::SCT_SRV_EXTENSION],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_NPN,
+ TLSProxy::Message::SERVER,
checkhandshake::NPN_SRV_EXTENSION],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS,
+ TLSProxy::Message::SERVER,
checkhandshake::EC_POINT_FORMAT_SRV_EXTENSION],
- [0,0,0]
+ [0,0,0,0]
);
#Test 1: Check we get all the right messages for a default handshake
diff --git a/test/recipes/70-test_tls13kexmodes.t b/test/recipes/70-test_tls13kexmodes.t
index 069d6149dd..ad10eddeb7 100644
--- a/test/recipes/70-test_tls13kexmodes.t
+++ b/test/recipes/70-test_tls13kexmodes.t
@@ -65,78 +65,112 @@ $ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
@extensions = (
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME,
+ TLSProxy::Message::CLIENT,
checkhandshake::SERVER_NAME_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,
+ TLSProxy::Message::CLIENT,
checkhandshake::STATUS_REQUEST_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN,
+ TLSProxy::Message::CLIENT,
checkhandshake::ALPN_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT,
+ TLSProxy::Message::CLIENT,
checkhandshake::SCT_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES,
+ TLSProxy::Message::CLIENT,
checkhandshake::PSK_KEX_MODES_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK,
+ TLSProxy::Message::CLIENT,
checkhandshake::PSK_CLI_EXTENSION],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
+ TLSProxy::Message::SERVER,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
+ TLSProxy::Message::SERVER,
checkhandshake::KEY_SHARE_HRR_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME,
+ TLSProxy::Message::CLIENT,
checkhandshake::SERVER_NAME_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,
+ TLSProxy::Message::CLIENT,
checkhandshake::STATUS_REQUEST_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN,
+ TLSProxy::Message::CLIENT,
checkhandshake::ALPN_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT,
+ TLSProxy::Message::CLIENT,
checkhandshake::SCT_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES,
+ TLSProxy::Message::CLIENT,
checkhandshake::PSK_KEX_MODES_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK,
+ TLSProxy::Message::CLIENT,
checkhandshake::PSK_CLI_EXTENSION],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
+ TLSProxy::Message::SERVER,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
+ TLSProxy::Message::SERVER,
checkhandshake::KEY_SHARE_SRV_EXTENSION],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_PSK,
+ TLSProxy::Message::SERVER,
checkhandshake::PSK_SRV_EXTENSION],
[TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_STATUS_REQUEST,
+ TLSProxy::Message::SERVER,
checkhandshake::STATUS_REQUEST_SRV_EXTENSION],
- [0,0,0]
+ [0,0,0,0]
);
use constant {
diff --git a/test/recipes/70-test_tls13messages.t b/test/recipes/70-test_tls13messages.t
index a3fc35e438..02afbdc4ff 100644
--- a/test/recipes/70-test_tls13messages.t
+++ b/test/recipes/70-test_tls13messages.t
@@ -65,92 +65,136 @@ $ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
@extensions = (
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME,
+ TLSProxy::Message::CLIENT,
checkhandshake::SERVER_NAME_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,
+ TLSProxy::Message::CLIENT,
checkhandshake::STATUS_REQUEST_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN,
+ TLSProxy::Message::CLIENT,
checkhandshake::ALPN_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT,
+ TLSProxy::Message::CLIENT,
checkhandshake::SCT_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK,
+ TLSProxy::Message::CLIENT,
checkhandshake::PSK_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_POST_HANDSHAKE_AUTH,
+ TLSProxy::Message::CLIENT,
checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
+ TLSProxy::Message::SERVER,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
+ TLSProxy::Message::SERVER,
checkhandshake::KEY_SHARE_HRR_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME,
+ TLSProxy::Message::CLIENT,
checkhandshake::SERVER_NAME_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,
+ TLSProxy::Message::CLIENT,
checkhandshake::STATUS_REQUEST_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN,
+ TLSProxy::Message::CLIENT,
checkhandshake::ALPN_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT,
+ TLSProxy::Message::CLIENT,
checkhandshake::SCT_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK,
+ TLSProxy::Message::CLIENT,
checkhandshake::PSK_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_POST_HANDSHAKE_AUTH,
+ TLSProxy::Message::CLIENT,
checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
+ TLSProxy::Message::SERVER,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
+ TLSProxy::Message::SERVER,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_PSK,
+ TLSProxy::Message::SERVER,
checkhandshake::PSK_SRV_EXTENSION],
[TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_SERVER_NAME,
+ TLSProxy::Message::SERVER,
checkhandshake::SERVER_NAME_SRV_EXTENSION],
[TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_ALPN,
+ TLSProxy::Message::SERVER,
checkhandshake::ALPN_SRV_EXTENSION],
[TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_SUPPORTED_GROUPS,
+ TLSProxy::Message::SERVER,
checkhandshake::SUPPORTED_GROUPS_SRV_EXTENSION],
+ [TLSProxy::Message::MT_CERTIFICATE_REQUEST, TLSProxy::Message::EXT_SIG_ALGS,
+ TLSProxy::Message::SERVER,
+ checkhandshake::DEFAULT_EXTENSIONS],
+
[TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_STATUS_REQUEST,
+ TLSProxy::Message::SERVER,
checkhandshake::STATUS_REQUEST_SRV_EXTENSION],
[TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_SCT,
+ TLSProxy::Message::SERVER,
checkhandshake::SCT_SRV_EXTENSION],
- [0,0,0]
+ [0,0,0,0]
);
my $proxy = TLSProxy::Proxy->new(
@@ -166,7 +210,7 @@ $proxy->serverconnects(2);
$proxy->clientflags("-sess_out ".$session);
$proxy->sessionfile($session);
$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
-plan tests => 16;
+plan tests => 17;
checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
checkhandshake::DEFAULT_EXTENSIONS,
"Default handshake test");
@@ -182,7 +226,7 @@ checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE,
"Resumption handshake test");
SKIP: {
- skip "No OCSP support in this OpenSSL build", 3
+ skip "No OCSP support in this OpenSSL build", 4
if disabled("ct") || disabled("ec") || disabled("ocsp");
#Test 3: A status_request handshake (client request only)
$proxy->clear();
@@ -213,9 +257,23 @@ SKIP: {
| checkhandshake::STATUS_REQUEST_CLI_EXTENSION
| checkhandshake::STATUS_REQUEST_SRV_EXTENSION,
"status_request handshake test");
+
+ #Test 6: A status_request handshake (client and server) with client auth
+ $proxy->clear();
+ $proxy->clientflags("-status -enable_pha -cert "
+ .srctop_file("apps", "server.pem"));
+ $proxy->serverflags("-Verify 5 -status_file "
+ .srctop_file("test", "recipes", "ocsp-response.der"));
+ $proxy->start();
+ checkhandshake($proxy, checkhandshake::CLIENT_AUTH_HANDSHAKE,
+ checkhandshake::DEFAULT_EXTENSIONS
+ | checkhandshake::STATUS_REQUEST_CLI_EXTENSION
+ | checkhandshake::STATUS_REQUEST_SRV_EXTENSION
+ | checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION,
+ "status_request handshake with client auth test");
}
-#Test 6: A client auth handshake
+#Test 7: A client auth handshake
$proxy->clear();
$proxy->clientflags("-enable_pha -cert ".srctop_file("apps", "server.pem"));
$proxy->serverflags("-Verify 5");
@@ -225,7 +283,7 @@ checkhandshake($proxy, checkhandshake::CLIENT_AUTH_HANDSHAKE,
checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION,
"Client auth handshake test");
-#Test 7: Server name handshake (no client request)
+#Test 8: Server name handshake (no client request)
$proxy->clear();
$proxy->clientflags("-noservername");
$proxy->start();
@@ -234,7 +292,7 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
& ~checkhandshake::SERVER_NAME_CLI_EXTENSION,
"Server name handshake test (client)");
-#Test 8: Server name handshake (server support only)
+#Test 9: Server name handshake (server support only)
$proxy->clear();
$proxy->clientflags("-noservername");
$proxy->serverflags("-servername testhost");
@@ -244,7 +302,7 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
& ~checkhandshake::SERVER_NAME_CLI_EXTENSION,
"Server name handshake test (server)");
-#Test 9: Server name handshake (client and server)
+#Test 10: Server name handshake (client and server)
$proxy->clear();
$proxy->clientflags("-servername testhost");
$proxy->serverflags("-servername testhost");
@@ -254,7 +312,7 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
| checkhandshake::SERVER_NAME_SRV_EXTENSION,
"Server name handshake test");
-#Test 10: ALPN handshake (client request only)
+#Test 11: ALPN handshake (client request only)
$proxy->clear();
$proxy->clientflags("-alpn test");
$proxy->start();
@@ -263,7 +321,7 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
| checkhandshake::ALPN_CLI_EXTENSION,
"ALPN handshake test (client)");
-#Test 11: ALPN handshake (server support only)
+#Test 12: ALPN handshake (server support only)
$proxy->clear();
$proxy->serverflags("-alpn test");
$proxy->start();
@@ -271,7 +329,7 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
checkhandshake::DEFAULT_EXTENSIONS,
"ALPN handshake test (server)");
-#Test 12: ALPN handshake (client and server)
+#Test 13: ALPN handshake (client and server)
$proxy->clear();
$proxy->clientflags("-alpn test");
$proxy->serverflags("-alpn test");
@@ -286,7 +344,7 @@ SKIP: {
skip "No CT, EC or OCSP support in this OpenSSL build", 1
if disabled("ct") || disabled("ec") || disabled("ocsp");
- #Test 13: SCT handshake (client request only)
+ #Test 14: SCT handshake (client request only)
$proxy->clear();
#Note: -ct also sends status_request
$proxy->clientflags("-ct");
@@ -303,10 +361,7 @@ SKIP: {
"SCT handshake test");
}
-
-
-
-#Test 14: HRR Handshake
+#Test 15: HRR Handshake
$proxy->clear();
$proxy->serverflags("-curves P-256");
$proxy->start();
@@ -315,7 +370,7 @@ checkhandshake($proxy, checkhandshake::HRR_HANDSHAKE,
| checkhandshake::KEY_SHARE_HRR_EXTENSION,
"HRR handshake test");
-#Test 15: Resumption handshake with HRR
+#Test 16: Resumption handshake with HRR
$proxy->clear();
$proxy->clientflags("-sess_in ".$session);
$proxy->serverflags("-curves P-256");
@@ -327,7 +382,7 @@ checkhandshake($proxy, checkhandshake::HRR_RESUME_HANDSHAKE,
| checkhandshake::PSK_SRV_EXTENSION),
"Resumption handshake with HRR test");
-#Test 16: Acceptable but non preferred key_share
+#Test 17: Acceptable but non preferred key_share
$proxy->clear();
$proxy->clientflags("-curves P-256");
$proxy->start();
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-19 15:06:51 +0100