[thirdparty/openssl.git] / test / recipes / 70-test_tls13messages.t

#! /usr/bin/env perl
# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License").  You may not use
# this file except in compliance with the License.  You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html

use strict;
use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file srctop_dir bldtop_dir/;
use OpenSSL::Test::Utils;
use File::Temp qw(tempfile);
use TLSProxy::Proxy;

my $test_name;

# This block needs to run before 'use lib srctop_dir' directives.
BEGIN {
    $test_name = "test_tls13messages";
    OpenSSL::Test::setup($test_name);
}
use lib srctop_dir("test");

use recipes::checkhandshake qw(checkhandshake @handmessages @extensions);

plan skip_all => "TLSProxy isn't usable on $^O"
    if $^O =~ /^(VMS|MSWin32)$/;

plan skip_all => "$test_name needs the dynamic engine feature enabled"
    if disabled("engine") || disabled("dynamic-engine");

plan skip_all => "$test_name needs the sock feature enabled"
    if disabled("sock");

plan skip_all => "$test_name needs TLSv1.3 enabled"
    if disabled("tls1_3");

$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");


@handmessages = (
    [TLSProxy::Message::MT_CLIENT_HELLO,
        recipes::checkhandshake::ALL_HANDSHAKES],
    [TLSProxy::Message::MT_SERVER_HELLO,
        recipes::checkhandshake::ALL_HANDSHAKES],
    [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS,
        recipes::checkhandshake::ALL_HANDSHAKES],
    [TLSProxy::Message::MT_CERTIFICATE_REQUEST,
        recipes::checkhandshake::CLIENT_AUTH_HANDSHAKE],
    [TLSProxy::Message::MT_CERTIFICATE,
        recipes::checkhandshake::ALL_HANDSHAKES & ~recipes::checkhandshake::RESUME_HANDSHAKE],
    [TLSProxy::Message::MT_CERTIFICATE_STATUS,
        recipes::checkhandshake::OCSP_HANDSHAKE],
    [TLSProxy::Message::MT_FINISHED,
        recipes::checkhandshake::ALL_HANDSHAKES],
    [TLSProxy::Message::MT_CERTIFICATE,
        recipes::checkhandshake::CLIENT_AUTH_HANDSHAKE],
    [TLSProxy::Message::MT_CERTIFICATE_VERIFY,
        recipes::checkhandshake::CLIENT_AUTH_HANDSHAKE],
    [TLSProxy::Message::MT_FINISHED,
        recipes::checkhandshake::ALL_HANDSHAKES],
    [0, 0]
);

@extensions = (
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME,
        recipes::checkhandshake::SERVER_NAME_CLI_EXTENSION],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,
        recipes::checkhandshake::STATUS_REQUEST_CLI_EXTENSION],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS,
        recipes::checkhandshake::DEFAULT_EXTENSIONS],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS,
        recipes::checkhandshake::DEFAULT_EXTENSIONS],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS,
        recipes::checkhandshake::DEFAULT_EXTENSIONS],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN,
        recipes::checkhandshake::ALPN_CLI_EXTENSION],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT,
        recipes::checkhandshake::SCT_CLI_EXTENSION],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC,
        recipes::checkhandshake::DEFAULT_EXTENSIONS],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET,
        recipes::checkhandshake::DEFAULT_EXTENSIONS],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET,
        recipes::checkhandshake::DEFAULT_EXTENSIONS],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
        recipes::checkhandshake::DEFAULT_EXTENSIONS],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
        recipes::checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
        recipes::checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_SERVER_NAME,
        recipes::checkhandshake::SERVER_NAME_SRV_EXTENSION],
    [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_STATUS_REQUEST,
        recipes::checkhandshake::STATUS_REQUEST_SRV_EXTENSION],
    [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_ALPN,
        recipes::checkhandshake::ALPN_SRV_EXTENSION],
    [0,0,0]
);

my $proxy = TLSProxy::Proxy->new(
    undef,
    cmdstr(app(["openssl"]), display => 1),
    srctop_file("apps", "server.pem"),
    (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
);

#Test 1: Check we get all the right messages for a default handshake
(undef, my $session) = tempfile();
#$proxy->serverconnects(2);
$proxy->clientflags("-sess_out ".$session);
$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
plan tests => 12;
checkhandshake($proxy, recipes::checkhandshake::DEFAULT_HANDSHAKE,
               recipes::checkhandshake::DEFAULT_EXTENSIONS,
               "Default handshake test");

#TODO(TLS1.3): Test temporarily disabled until we implement TLS1.3 resumption
#Test 2: Resumption handshake
#$proxy->clearClient();
#$proxy->clientflags("-sess_in ".$session);
#$proxy->clientstart();
#checkmessages(RESUME_HANDSHAKE, "Resumption handshake test");
unlink $session;

#Test 3: A status_request handshake (client request only)
$proxy->clear();
$proxy->clientflags("-status");
$proxy->start();
checkhandshake($proxy, recipes::checkhandshake::DEFAULT_HANDSHAKE,
              recipes::checkhandshake::DEFAULT_EXTENSIONS
              | recipes::checkhandshake::STATUS_REQUEST_CLI_EXTENSION,
              "status_request handshake test (client)");

#Test 4: A status_request handshake (server support only)
$proxy->clear();
$proxy->serverflags("-status_file "
                    .srctop_file("test", "recipes", "ocsp-response.der"));
$proxy->start();
checkhandshake($proxy, recipes::checkhandshake::DEFAULT_HANDSHAKE,
               recipes::checkhandshake::DEFAULT_EXTENSIONS,
              "status_request handshake test (server)");

#Test 5: A status_request handshake (client and server)
#TODO(TLS1.3): TLS1.3 doesn't actually have CertificateStatus messages. This is
#a temporary test until such time as we do proper TLS1.3 style certificate
#status
$proxy->clear();
$proxy->clientflags("-status");
$proxy->serverflags("-status_file "
                    .srctop_file("test", "recipes", "ocsp-response.der"));
$proxy->start();
checkhandshake($proxy, recipes::checkhandshake::OCSP_HANDSHAKE,
              recipes::checkhandshake::DEFAULT_EXTENSIONS
              | recipes::checkhandshake::STATUS_REQUEST_CLI_EXTENSION
              | recipes::checkhandshake::STATUS_REQUEST_SRV_EXTENSION,
              "status_request handshake test");

#Test 6: A client auth handshake
$proxy->clear();
$proxy->clientflags("-cert ".srctop_file("apps", "server.pem"));
$proxy->serverflags("-Verify 5");
$proxy->start();
checkhandshake($proxy, recipes::checkhandshake::CLIENT_AUTH_HANDSHAKE,
               recipes::checkhandshake::DEFAULT_EXTENSIONS,
              "Client auth handshake test");

#Test 7: Server name handshake (client request only)
$proxy->clear();
$proxy->clientflags("-servername testhost");
$proxy->start();
checkhandshake($proxy, recipes::checkhandshake::DEFAULT_HANDSHAKE,
               recipes::checkhandshake::DEFAULT_EXTENSIONS
               | recipes::checkhandshake::SERVER_NAME_CLI_EXTENSION,
              "Server name handshake test (client)");

#Test 8: Server name handshake (server support only)
$proxy->clear();
$proxy->serverflags("-servername testhost");
$proxy->start();
checkhandshake($proxy, recipes::checkhandshake::DEFAULT_HANDSHAKE,
               recipes::checkhandshake::DEFAULT_EXTENSIONS,
              "Server name handshake test (server)");

#Test 9: Server name handshake (client and server)
$proxy->clear();
$proxy->clientflags("-servername testhost");
$proxy->serverflags("-servername testhost");
$proxy->start();
checkhandshake($proxy, recipes::checkhandshake::DEFAULT_HANDSHAKE,
              recipes::checkhandshake::DEFAULT_EXTENSIONS
              | recipes::checkhandshake::SERVER_NAME_CLI_EXTENSION
              | recipes::checkhandshake::SERVER_NAME_SRV_EXTENSION,
              "Server name handshake test");

#Test 10: ALPN handshake (client request only)
$proxy->clear();
$proxy->clientflags("-alpn test");
$proxy->start();
checkhandshake($proxy, recipes::checkhandshake::DEFAULT_HANDSHAKE,
               recipes::checkhandshake::DEFAULT_EXTENSIONS
               | recipes::checkhandshake::ALPN_CLI_EXTENSION,
              "ALPN handshake test (client)");

#Test 11: ALPN handshake (server support only)
$proxy->clear();
$proxy->serverflags("-alpn test");
$proxy->start();
checkhandshake($proxy, recipes::checkhandshake::DEFAULT_HANDSHAKE,
               recipes::checkhandshake::DEFAULT_EXTENSIONS,
              "ALPN handshake test (server)");

#Test 12: ALPN handshake (client and server)
$proxy->clear();
$proxy->clientflags("-alpn test");
$proxy->serverflags("-alpn test");
$proxy->start();
checkhandshake($proxy, recipes::checkhandshake::DEFAULT_HANDSHAKE,
              recipes::checkhandshake::DEFAULT_EXTENSIONS
              | recipes::checkhandshake::ALPN_CLI_EXTENSION
              | recipes::checkhandshake::ALPN_SRV_EXTENSION,
              "ALPN handshake test");

#Test 13: SCT handshake (client request only)
#TODO(TLS1.3): This only checks that the client side extension appears. The
#SCT extension is unusual in that we have no built-in server side implementation
#The server side implementation can nomrally be added using the custom
#extensions framework (e.g. by using the "-serverinfo" s_server option). However
#currently we only support <= TLS1.2 for custom extensions because the existing
#framework and API has no knowledge of the TLS1.3 messages
$proxy->clear();
#Note: -ct also sends status_request
$proxy->clientflags("-ct");
$proxy->serverflags("-status_file "
                    .srctop_file("test", "recipes", "ocsp-response.der"));
$proxy->start();
checkhandshake($proxy, recipes::checkhandshake::OCSP_HANDSHAKE,
              recipes::checkhandshake::DEFAULT_EXTENSIONS
              | recipes::checkhandshake::SCT_CLI_EXTENSION
              | recipes::checkhandshake::STATUS_REQUEST_CLI_EXTENSION
              | recipes::checkhandshake::STATUS_REQUEST_SRV_EXTENSION,
              "SCT handshake test");
Commit	Line	Data
c11237c2 MC	1	#! /usr/bin/env perl
	2	# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
	3	#
	4	# Licensed under the OpenSSL license (the "License"). You may not use
	5	# this file except in compliance with the License. You can obtain a copy
	6	# in the file LICENSE in the source distribution or at
	7	# https://www.openssl.org/source/license.html
	8
	9	use strict;
f50306c2	10	use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file srctop_dir bldtop_dir/;
c11237c2	11	use OpenSSL::Test::Utils;
cc24a22b	12	use File::Temp qw(tempfile);
c11237c2	13	use TLSProxy::Proxy;
f50306c2	14
60ea0034 MC	15	my $test_name;
60ea0034 MC	16
f50306c2 MC	17	# This block needs to run before 'use lib srctop_dir' directives.
f50306c2 MC	18	BEGIN {
60ea0034 MC	19	$test_name = "test_tls13messages";
60ea0034 MC	20	OpenSSL::Test::setup($test_name);
f50306c2	21	}
22ab4b7d	22	use lib srctop_dir("test");
f50306c2 MC	23
	24	use recipes::checkhandshake qw(checkhandshake @handmessages @extensions);
	25
c11237c2 MC	26	plan skip_all => "TLSProxy isn't usable on $^O"
	27	if $^O =~ /^(VMS\|MSWin32)$/;
	28
	29	plan skip_all => "$test_name needs the dynamic engine feature enabled"
	30	if disabled("engine") \|\| disabled("dynamic-engine");
	31
	32	plan skip_all => "$test_name needs the sock feature enabled"
	33	if disabled("sock");
	34
	35	plan skip_all => "$test_name needs TLSv1.3 enabled"
	36	if disabled("tls1_3");
	37
	38	$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
9ce3ed2a	39	$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
c11237c2	40
c11237c2	41
f50306c2 MC	42	@handmessages = (
	43	[TLSProxy::Message::MT_CLIENT_HELLO,
	44	recipes::checkhandshake::ALL_HANDSHAKES],
	45	[TLSProxy::Message::MT_SERVER_HELLO,
	46	recipes::checkhandshake::ALL_HANDSHAKES],
	47	[TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS,
	48	recipes::checkhandshake::ALL_HANDSHAKES],
	49	[TLSProxy::Message::MT_CERTIFICATE_REQUEST,
	50	recipes::checkhandshake::CLIENT_AUTH_HANDSHAKE],
	51	[TLSProxy::Message::MT_CERTIFICATE,
	52	recipes::checkhandshake::ALL_HANDSHAKES & ~recipes::checkhandshake::RESUME_HANDSHAKE],
	53	[TLSProxy::Message::MT_CERTIFICATE_STATUS,
	54	recipes::checkhandshake::OCSP_HANDSHAKE],
	55	[TLSProxy::Message::MT_FINISHED,
	56	recipes::checkhandshake::ALL_HANDSHAKES],
	57	[TLSProxy::Message::MT_CERTIFICATE,
	58	recipes::checkhandshake::CLIENT_AUTH_HANDSHAKE],
	59	[TLSProxy::Message::MT_CERTIFICATE_VERIFY,
	60	recipes::checkhandshake::CLIENT_AUTH_HANDSHAKE],
	61	[TLSProxy::Message::MT_FINISHED,
	62	recipes::checkhandshake::ALL_HANDSHAKES],
c11237c2 MC	63	[0, 0]
	64	);
	65
f50306c2 MC	66	@extensions = (
	67	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME,
	68	recipes::checkhandshake::SERVER_NAME_CLI_EXTENSION],
	69	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,
	70	recipes::checkhandshake::STATUS_REQUEST_CLI_EXTENSION],
	71	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS,
	72	recipes::checkhandshake::DEFAULT_EXTENSIONS],
	73	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS,
	74	recipes::checkhandshake::DEFAULT_EXTENSIONS],
	75	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS,
	76	recipes::checkhandshake::DEFAULT_EXTENSIONS],
	77	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN,
	78	recipes::checkhandshake::ALPN_CLI_EXTENSION],
	79	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT,
	80	recipes::checkhandshake::SCT_CLI_EXTENSION],
	81	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC,
	82	recipes::checkhandshake::DEFAULT_EXTENSIONS],
	83	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET,
	84	recipes::checkhandshake::DEFAULT_EXTENSIONS],
	85	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET,
	86	recipes::checkhandshake::DEFAULT_EXTENSIONS],
	87	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
	88	recipes::checkhandshake::DEFAULT_EXTENSIONS],
	89	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
	90	recipes::checkhandshake::DEFAULT_EXTENSIONS],
	91
	92	[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
	93	recipes::checkhandshake::DEFAULT_EXTENSIONS],
	94
	95	[TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_SERVER_NAME,
	96	recipes::checkhandshake::SERVER_NAME_SRV_EXTENSION],
	97	[TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_STATUS_REQUEST,
	98	recipes::checkhandshake::STATUS_REQUEST_SRV_EXTENSION],
	99	[TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_ALPN,
	100	recipes::checkhandshake::ALPN_SRV_EXTENSION],
9ce3ed2a MC	101	[0,0,0]
	102	);
	103
c11237c2 MC	104	my $proxy = TLSProxy::Proxy->new(
	105	undef,
	106	cmdstr(app(["openssl"]), display => 1),
	107	srctop_file("apps", "server.pem"),
	108	(!$ENV{HARNESS_ACTIVE} \|\| $ENV{HARNESS_VERBOSE})
	109	);
	110
c11237c2	111	#Test 1: Check we get all the right messages for a default handshake
cc24a22b	112	(undef, my $session) = tempfile();
71728dd8	113	#$proxy->serverconnects(2);
cc24a22b	114	$proxy->clientflags("-sess_out ".$session);
c11237c2	115	$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
9ce3ed2a	116	plan tests => 12;
f50306c2 MC	117	checkhandshake($proxy, recipes::checkhandshake::DEFAULT_HANDSHAKE,
	118	recipes::checkhandshake::DEFAULT_EXTENSIONS,
	119	"Default handshake test");
c11237c2	120
71728dd8	121	#TODO(TLS1.3): Test temporarily disabled until we implement TLS1.3 resumption
cc24a22b	122	#Test 2: Resumption handshake
71728dd8 MC	123	#$proxy->clearClient();
	124	#$proxy->clientflags("-sess_in ".$session);
	125	#$proxy->clientstart();
	126	#checkmessages(RESUME_HANDSHAKE, "Resumption handshake test");
cc24a22b MC	127	unlink $session;
cc24a22b MC	128
9ce3ed2a MC	129	#Test 3: A status_request handshake (client request only)
	130	$proxy->clear();
	131	$proxy->clientflags("-status");
	132	$proxy->start();
f50306c2 MC	133	checkhandshake($proxy, recipes::checkhandshake::DEFAULT_HANDSHAKE,
	134	recipes::checkhandshake::DEFAULT_EXTENSIONS
	135	\| recipes::checkhandshake::STATUS_REQUEST_CLI_EXTENSION,
9ce3ed2a MC	136	"status_request handshake test (client)");
	137
	138	#Test 4: A status_request handshake (server support only)
	139	$proxy->clear();
	140	$proxy->serverflags("-status_file "
	141	.srctop_file("test", "recipes", "ocsp-response.der"));
	142	$proxy->start();
f50306c2 MC	143	checkhandshake($proxy, recipes::checkhandshake::DEFAULT_HANDSHAKE,
f50306c2 MC	144	recipes::checkhandshake::DEFAULT_EXTENSIONS,
9ce3ed2a MC	145	"status_request handshake test (server)");
	146
	147	#Test 5: A status_request handshake (client and server)
cc24a22b MC	148	#TODO(TLS1.3): TLS1.3 doesn't actually have CertificateStatus messages. This is
	149	#a temporary test until such time as we do proper TLS1.3 style certificate
	150	#status
	151	$proxy->clear();
	152	$proxy->clientflags("-status");
	153	$proxy->serverflags("-status_file "
	154	.srctop_file("test", "recipes", "ocsp-response.der"));
	155	$proxy->start();
f50306c2 MC	156	checkhandshake($proxy, recipes::checkhandshake::OCSP_HANDSHAKE,
	157	recipes::checkhandshake::DEFAULT_EXTENSIONS
	158	\| recipes::checkhandshake::STATUS_REQUEST_CLI_EXTENSION
	159	\| recipes::checkhandshake::STATUS_REQUEST_SRV_EXTENSION,
9ce3ed2a	160	"status_request handshake test");
cc24a22b	161
9ce3ed2a	162	#Test 6: A client auth handshake
cc24a22b MC	163	$proxy->clear();
	164	$proxy->clientflags("-cert ".srctop_file("apps", "server.pem"));
	165	$proxy->serverflags("-Verify 5");
	166	$proxy->start();
f50306c2 MC	167	checkhandshake($proxy, recipes::checkhandshake::CLIENT_AUTH_HANDSHAKE,
f50306c2 MC	168	recipes::checkhandshake::DEFAULT_EXTENSIONS,
9ce3ed2a	169	"Client auth handshake test");
cc24a22b	170
9ce3ed2a MC	171	#Test 7: Server name handshake (client request only)
	172	$proxy->clear();
	173	$proxy->clientflags("-servername testhost");
	174	$proxy->start();
f50306c2 MC	175	checkhandshake($proxy, recipes::checkhandshake::DEFAULT_HANDSHAKE,
	176	recipes::checkhandshake::DEFAULT_EXTENSIONS
	177	\| recipes::checkhandshake::SERVER_NAME_CLI_EXTENSION,
9ce3ed2a MC	178	"Server name handshake test (client)");
	179
	180	#Test 8: Server name handshake (server support only)
	181	$proxy->clear();
	182	$proxy->serverflags("-servername testhost");
	183	$proxy->start();
f50306c2 MC	184	checkhandshake($proxy, recipes::checkhandshake::DEFAULT_HANDSHAKE,
f50306c2 MC	185	recipes::checkhandshake::DEFAULT_EXTENSIONS,
9ce3ed2a MC	186	"Server name handshake test (server)");
	187
	188	#Test 9: Server name handshake (client and server)
	189	$proxy->clear();
	190	$proxy->clientflags("-servername testhost");
	191	$proxy->serverflags("-servername testhost");
	192	$proxy->start();
f50306c2 MC	193	checkhandshake($proxy, recipes::checkhandshake::DEFAULT_HANDSHAKE,
	194	recipes::checkhandshake::DEFAULT_EXTENSIONS
	195	\| recipes::checkhandshake::SERVER_NAME_CLI_EXTENSION
	196	\| recipes::checkhandshake::SERVER_NAME_SRV_EXTENSION,
9ce3ed2a MC	197	"Server name handshake test");
	198
	199	#Test 10: ALPN handshake (client request only)
	200	$proxy->clear();
	201	$proxy->clientflags("-alpn test");
	202	$proxy->start();
f50306c2 MC	203	checkhandshake($proxy, recipes::checkhandshake::DEFAULT_HANDSHAKE,
	204	recipes::checkhandshake::DEFAULT_EXTENSIONS
	205	\| recipes::checkhandshake::ALPN_CLI_EXTENSION,
9ce3ed2a MC	206	"ALPN handshake test (client)");
	207
	208	#Test 11: ALPN handshake (server support only)
	209	$proxy->clear();
	210	$proxy->serverflags("-alpn test");
	211	$proxy->start();
f50306c2 MC	212	checkhandshake($proxy, recipes::checkhandshake::DEFAULT_HANDSHAKE,
f50306c2 MC	213	recipes::checkhandshake::DEFAULT_EXTENSIONS,
9ce3ed2a	214	"ALPN handshake test (server)");
a1448c26	215
9ce3ed2a MC	216	#Test 12: ALPN handshake (client and server)
	217	$proxy->clear();
	218	$proxy->clientflags("-alpn test");
	219	$proxy->serverflags("-alpn test");
	220	$proxy->start();
f50306c2 MC	221	checkhandshake($proxy, recipes::checkhandshake::DEFAULT_HANDSHAKE,
	222	recipes::checkhandshake::DEFAULT_EXTENSIONS
	223	\| recipes::checkhandshake::ALPN_CLI_EXTENSION
	224	\| recipes::checkhandshake::ALPN_SRV_EXTENSION,
9ce3ed2a MC	225	"ALPN handshake test");
	226
	227	#Test 13: SCT handshake (client request only)
	228	#TODO(TLS1.3): This only checks that the client side extension appears. The
	229	#SCT extension is unusual in that we have no built-in server side implementation
	230	#The server side implementation can nomrally be added using the custom
	231	#extensions framework (e.g. by using the "-serverinfo" s_server option). However
	232	#currently we only support <= TLS1.2 for custom extensions because the existing
	233	#framework and API has no knowledge of the TLS1.3 messages
	234	$proxy->clear();
	235	#Note: -ct also sends status_request
	236	$proxy->clientflags("-ct");
	237	$proxy->serverflags("-status_file "
	238	.srctop_file("test", "recipes", "ocsp-response.der"));
	239	$proxy->start();
f50306c2 MC	240	checkhandshake($proxy, recipes::checkhandshake::OCSP_HANDSHAKE,
	241	recipes::checkhandshake::DEFAULT_EXTENSIONS
	242	\| recipes::checkhandshake::SCT_CLI_EXTENSION
	243	\| recipes::checkhandshake::STATUS_REQUEST_CLI_EXTENSION
	244	\| recipes::checkhandshake::STATUS_REQUEST_SRV_EXTENSION,
9ce3ed2a	245	"SCT handshake test");