]>
Commit | Line | Data |
---|---|---|
c11237c2 | 1 | #! /usr/bin/env perl |
da1c088f | 2 | # Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. |
c11237c2 | 3 | # |
909f1a2e | 4 | # Licensed under the Apache License 2.0 (the "License"). You may not use |
c11237c2 MC |
5 | # this file except in compliance with the License. You can obtain a copy |
6 | # in the file LICENSE in the source distribution or at | |
7 | # https://www.openssl.org/source/license.html | |
8 | ||
9 | use strict; | |
f50306c2 | 10 | use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file srctop_dir bldtop_dir/; |
c11237c2 | 11 | use OpenSSL::Test::Utils; |
cc24a22b | 12 | use File::Temp qw(tempfile); |
c11237c2 | 13 | use TLSProxy::Proxy; |
1e566129 | 14 | use checkhandshake qw(checkhandshake @handmessages @extensions); |
f50306c2 | 15 | |
1e566129 MC |
16 | my $test_name = "test_tls13messages"; |
17 | setup($test_name); | |
f50306c2 | 18 | |
c11237c2 | 19 | plan skip_all => "TLSProxy isn't usable on $^O" |
c5856878 | 20 | if $^O =~ /^(VMS)$/; |
c11237c2 MC |
21 | |
22 | plan skip_all => "$test_name needs the dynamic engine feature enabled" | |
23 | if disabled("engine") || disabled("dynamic-engine"); | |
24 | ||
25 | plan skip_all => "$test_name needs the sock feature enabled" | |
26 | if disabled("sock"); | |
27 | ||
28 | plan skip_all => "$test_name needs TLSv1.3 enabled" | |
29 | if disabled("tls1_3"); | |
30 | ||
dbc6268f MC |
31 | plan skip_all => "$test_name needs EC enabled" |
32 | if disabled("ec"); | |
33 | ||
f50306c2 MC |
34 | @handmessages = ( |
35 | [TLSProxy::Message::MT_CLIENT_HELLO, | |
1e566129 | 36 | checkhandshake::ALL_HANDSHAKES], |
597c51bc | 37 | [TLSProxy::Message::MT_SERVER_HELLO, |
b0bfd140 MC |
38 | checkhandshake::HRR_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE], |
39 | [TLSProxy::Message::MT_CLIENT_HELLO, | |
40 | checkhandshake::HRR_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE], | |
f50306c2 | 41 | [TLSProxy::Message::MT_SERVER_HELLO, |
1e566129 | 42 | checkhandshake::ALL_HANDSHAKES], |
f50306c2 | 43 | [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, |
1e566129 | 44 | checkhandshake::ALL_HANDSHAKES], |
f50306c2 | 45 | [TLSProxy::Message::MT_CERTIFICATE_REQUEST, |
1e566129 | 46 | checkhandshake::CLIENT_AUTH_HANDSHAKE], |
f50306c2 | 47 | [TLSProxy::Message::MT_CERTIFICATE, |
b0bfd140 | 48 | checkhandshake::ALL_HANDSHAKES & ~(checkhandshake::RESUME_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE)], |
2c5dfdc3 | 49 | [TLSProxy::Message::MT_CERTIFICATE_VERIFY, |
b0bfd140 | 50 | checkhandshake::ALL_HANDSHAKES & ~(checkhandshake::RESUME_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE)], |
f50306c2 | 51 | [TLSProxy::Message::MT_FINISHED, |
1e566129 | 52 | checkhandshake::ALL_HANDSHAKES], |
f50306c2 | 53 | [TLSProxy::Message::MT_CERTIFICATE, |
1e566129 | 54 | checkhandshake::CLIENT_AUTH_HANDSHAKE], |
f50306c2 | 55 | [TLSProxy::Message::MT_CERTIFICATE_VERIFY, |
1e566129 | 56 | checkhandshake::CLIENT_AUTH_HANDSHAKE], |
f50306c2 | 57 | [TLSProxy::Message::MT_FINISHED, |
1e566129 | 58 | checkhandshake::ALL_HANDSHAKES], |
c11237c2 MC |
59 | [0, 0] |
60 | ); | |
61 | ||
f50306c2 MC |
62 | @extensions = ( |
63 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME, | |
dc5bcb88 | 64 | TLSProxy::Message::CLIENT, |
1e566129 | 65 | checkhandshake::SERVER_NAME_CLI_EXTENSION], |
f50306c2 | 66 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST, |
dc5bcb88 | 67 | TLSProxy::Message::CLIENT, |
1e566129 | 68 | checkhandshake::STATUS_REQUEST_CLI_EXTENSION], |
f50306c2 | 69 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS, |
dc5bcb88 | 70 | TLSProxy::Message::CLIENT, |
1e566129 | 71 | checkhandshake::DEFAULT_EXTENSIONS], |
f50306c2 | 72 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS, |
dc5bcb88 | 73 | TLSProxy::Message::CLIENT, |
1e566129 | 74 | checkhandshake::DEFAULT_EXTENSIONS], |
f50306c2 | 75 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS, |
dc5bcb88 | 76 | TLSProxy::Message::CLIENT, |
1e566129 | 77 | checkhandshake::DEFAULT_EXTENSIONS], |
f50306c2 | 78 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN, |
dc5bcb88 | 79 | TLSProxy::Message::CLIENT, |
1e566129 | 80 | checkhandshake::ALPN_CLI_EXTENSION], |
f50306c2 | 81 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT, |
dc5bcb88 | 82 | TLSProxy::Message::CLIENT, |
1e566129 | 83 | checkhandshake::SCT_CLI_EXTENSION], |
f50306c2 | 84 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC, |
dc5bcb88 | 85 | TLSProxy::Message::CLIENT, |
1e566129 | 86 | checkhandshake::DEFAULT_EXTENSIONS], |
f50306c2 | 87 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET, |
dc5bcb88 | 88 | TLSProxy::Message::CLIENT, |
1e566129 | 89 | checkhandshake::DEFAULT_EXTENSIONS], |
f50306c2 | 90 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET, |
dc5bcb88 | 91 | TLSProxy::Message::CLIENT, |
1e566129 | 92 | checkhandshake::DEFAULT_EXTENSIONS], |
f50306c2 | 93 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE, |
dc5bcb88 | 94 | TLSProxy::Message::CLIENT, |
1e566129 | 95 | checkhandshake::DEFAULT_EXTENSIONS], |
f50306c2 | 96 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, |
dc5bcb88 | 97 | TLSProxy::Message::CLIENT, |
1e566129 | 98 | checkhandshake::DEFAULT_EXTENSIONS], |
b2f7e8c0 | 99 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES, |
dc5bcb88 | 100 | TLSProxy::Message::CLIENT, |
b2f7e8c0 | 101 | checkhandshake::DEFAULT_EXTENSIONS], |
a23bb15a | 102 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK, |
dc5bcb88 | 103 | TLSProxy::Message::CLIENT, |
a23bb15a | 104 | checkhandshake::PSK_CLI_EXTENSION], |
9d75dce3 | 105 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_POST_HANDSHAKE_AUTH, |
dc5bcb88 | 106 | TLSProxy::Message::CLIENT, |
9d75dce3 | 107 | checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION], |
972ee925 TP |
108 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_RENEGOTIATE, |
109 | TLSProxy::Message::CLIENT, | |
110 | checkhandshake::DEFAULT_EXTENSIONS], | |
f50306c2 | 111 | |
426dfc9f | 112 | [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, |
dc5bcb88 | 113 | TLSProxy::Message::SERVER, |
426dfc9f | 114 | checkhandshake::DEFAULT_EXTENSIONS], |
597c51bc | 115 | [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE, |
dc5bcb88 | 116 | TLSProxy::Message::SERVER, |
b0bfd140 MC |
117 | checkhandshake::KEY_SHARE_HRR_EXTENSION], |
118 | ||
119 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME, | |
dc5bcb88 | 120 | TLSProxy::Message::CLIENT, |
b0bfd140 MC |
121 | checkhandshake::SERVER_NAME_CLI_EXTENSION], |
122 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST, | |
dc5bcb88 | 123 | TLSProxy::Message::CLIENT, |
b0bfd140 MC |
124 | checkhandshake::STATUS_REQUEST_CLI_EXTENSION], |
125 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS, | |
dc5bcb88 | 126 | TLSProxy::Message::CLIENT, |
b0bfd140 | 127 | checkhandshake::DEFAULT_EXTENSIONS], |
a2b97bdf | 128 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS, |
dc5bcb88 | 129 | TLSProxy::Message::CLIENT, |
a2b97bdf | 130 | checkhandshake::DEFAULT_EXTENSIONS], |
b0bfd140 | 131 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS, |
dc5bcb88 | 132 | TLSProxy::Message::CLIENT, |
b0bfd140 MC |
133 | checkhandshake::DEFAULT_EXTENSIONS], |
134 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN, | |
dc5bcb88 | 135 | TLSProxy::Message::CLIENT, |
b0bfd140 MC |
136 | checkhandshake::ALPN_CLI_EXTENSION], |
137 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT, | |
dc5bcb88 | 138 | TLSProxy::Message::CLIENT, |
b0bfd140 | 139 | checkhandshake::SCT_CLI_EXTENSION], |
a2b97bdf | 140 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC, |
dc5bcb88 | 141 | TLSProxy::Message::CLIENT, |
a2b97bdf MC |
142 | checkhandshake::DEFAULT_EXTENSIONS], |
143 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET, | |
dc5bcb88 | 144 | TLSProxy::Message::CLIENT, |
a2b97bdf MC |
145 | checkhandshake::DEFAULT_EXTENSIONS], |
146 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET, | |
dc5bcb88 | 147 | TLSProxy::Message::CLIENT, |
a2b97bdf | 148 | checkhandshake::DEFAULT_EXTENSIONS], |
b0bfd140 | 149 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE, |
dc5bcb88 | 150 | TLSProxy::Message::CLIENT, |
b0bfd140 MC |
151 | checkhandshake::DEFAULT_EXTENSIONS], |
152 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, | |
dc5bcb88 | 153 | TLSProxy::Message::CLIENT, |
b0bfd140 MC |
154 | checkhandshake::DEFAULT_EXTENSIONS], |
155 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES, | |
dc5bcb88 | 156 | TLSProxy::Message::CLIENT, |
b0bfd140 MC |
157 | checkhandshake::DEFAULT_EXTENSIONS], |
158 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK, | |
dc5bcb88 | 159 | TLSProxy::Message::CLIENT, |
b0bfd140 | 160 | checkhandshake::PSK_CLI_EXTENSION], |
9d75dce3 | 161 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_POST_HANDSHAKE_AUTH, |
dc5bcb88 | 162 | TLSProxy::Message::CLIENT, |
9d75dce3 | 163 | checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION], |
972ee925 TP |
164 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_RENEGOTIATE, |
165 | TLSProxy::Message::CLIENT, | |
166 | checkhandshake::DEFAULT_EXTENSIONS], | |
b0bfd140 | 167 | |
88050dd1 | 168 | [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, |
dc5bcb88 | 169 | TLSProxy::Message::SERVER, |
88050dd1 | 170 | checkhandshake::DEFAULT_EXTENSIONS], |
f50306c2 | 171 | [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE, |
dc5bcb88 | 172 | TLSProxy::Message::SERVER, |
1e566129 | 173 | checkhandshake::DEFAULT_EXTENSIONS], |
a23bb15a | 174 | [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_PSK, |
dc5bcb88 | 175 | TLSProxy::Message::SERVER, |
a23bb15a | 176 | checkhandshake::PSK_SRV_EXTENSION], |
f50306c2 MC |
177 | |
178 | [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_SERVER_NAME, | |
dc5bcb88 | 179 | TLSProxy::Message::SERVER, |
1e566129 | 180 | checkhandshake::SERVER_NAME_SRV_EXTENSION], |
f50306c2 | 181 | [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_ALPN, |
dc5bcb88 | 182 | TLSProxy::Message::SERVER, |
1e566129 | 183 | checkhandshake::ALPN_SRV_EXTENSION], |
de65f7b9 | 184 | [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_SUPPORTED_GROUPS, |
dc5bcb88 | 185 | TLSProxy::Message::SERVER, |
de65f7b9 | 186 | checkhandshake::SUPPORTED_GROUPS_SRV_EXTENSION], |
e96e0f8e | 187 | |
dc5bcb88 MC |
188 | [TLSProxy::Message::MT_CERTIFICATE_REQUEST, TLSProxy::Message::EXT_SIG_ALGS, |
189 | TLSProxy::Message::SERVER, | |
190 | checkhandshake::DEFAULT_EXTENSIONS], | |
191 | ||
e96e0f8e | 192 | [TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_STATUS_REQUEST, |
dc5bcb88 | 193 | TLSProxy::Message::SERVER, |
e96e0f8e | 194 | checkhandshake::STATUS_REQUEST_SRV_EXTENSION], |
c3a48c7b | 195 | [TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_SCT, |
dc5bcb88 | 196 | TLSProxy::Message::SERVER, |
c3a48c7b | 197 | checkhandshake::SCT_SRV_EXTENSION], |
e96e0f8e | 198 | |
dc5bcb88 | 199 | [0,0,0,0] |
9ce3ed2a MC |
200 | ); |
201 | ||
c11237c2 MC |
202 | my $proxy = TLSProxy::Proxy->new( |
203 | undef, | |
204 | cmdstr(app(["openssl"]), display => 1), | |
205 | srctop_file("apps", "server.pem"), | |
206 | (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) | |
207 | ); | |
208 | ||
c11237c2 | 209 | #Test 1: Check we get all the right messages for a default handshake |
cc24a22b | 210 | (undef, my $session) = tempfile(); |
a23bb15a | 211 | $proxy->serverconnects(2); |
b67cb09f | 212 | $proxy->clientflags("-no_rx_cert_comp -sess_out ".$session); |
a23bb15a | 213 | $proxy->sessionfile($session); |
c11237c2 | 214 | $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; |
dc5bcb88 | 215 | plan tests => 17; |
1e566129 MC |
216 | checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, |
217 | checkhandshake::DEFAULT_EXTENSIONS, | |
f50306c2 | 218 | "Default handshake test"); |
c11237c2 | 219 | |
cc24a22b | 220 | #Test 2: Resumption handshake |
a23bb15a | 221 | $proxy->clearClient(); |
b67cb09f | 222 | $proxy->clientflags("-no_rx_cert_comp -sess_in ".$session); |
a23bb15a MC |
223 | $proxy->clientstart(); |
224 | checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, | |
db919b1e MC |
225 | (checkhandshake::DEFAULT_EXTENSIONS |
226 | | checkhandshake::PSK_CLI_EXTENSION | |
b510b740 | 227 | | checkhandshake::PSK_SRV_EXTENSION), |
a23bb15a | 228 | "Resumption handshake test"); |
cc24a22b | 229 | |
5f21b440 | 230 | SKIP: { |
dc5bcb88 | 231 | skip "No OCSP support in this OpenSSL build", 4 |
5f21b440 BK |
232 | if disabled("ct") || disabled("ec") || disabled("ocsp"); |
233 | #Test 3: A status_request handshake (client request only) | |
234 | $proxy->clear(); | |
b67cb09f | 235 | $proxy->clientflags("-no_rx_cert_comp -status"); |
5f21b440 BK |
236 | $proxy->start(); |
237 | checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, | |
238 | checkhandshake::DEFAULT_EXTENSIONS | |
239 | | checkhandshake::STATUS_REQUEST_CLI_EXTENSION, | |
240 | "status_request handshake test (client)"); | |
241 | ||
242 | #Test 4: A status_request handshake (server support only) | |
243 | $proxy->clear(); | |
b67cb09f TS |
244 | $proxy->clientflags("-no_rx_cert_comp"); |
245 | $proxy->serverflags("-no_rx_cert_comp -status_file " | |
5f21b440 BK |
246 | .srctop_file("test", "recipes", "ocsp-response.der")); |
247 | $proxy->start(); | |
248 | checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, | |
249 | checkhandshake::DEFAULT_EXTENSIONS, | |
250 | "status_request handshake test (server)"); | |
251 | ||
252 | #Test 5: A status_request handshake (client and server) | |
253 | $proxy->clear(); | |
b67cb09f TS |
254 | $proxy->clientflags("-no_rx_cert_comp -status"); |
255 | $proxy->serverflags("-no_rx_cert_comp -status_file " | |
5f21b440 BK |
256 | .srctop_file("test", "recipes", "ocsp-response.der")); |
257 | $proxy->start(); | |
258 | checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, | |
259 | checkhandshake::DEFAULT_EXTENSIONS | |
260 | | checkhandshake::STATUS_REQUEST_CLI_EXTENSION | |
261 | | checkhandshake::STATUS_REQUEST_SRV_EXTENSION, | |
262 | "status_request handshake test"); | |
dc5bcb88 MC |
263 | |
264 | #Test 6: A status_request handshake (client and server) with client auth | |
265 | $proxy->clear(); | |
b67cb09f | 266 | $proxy->clientflags("-no_rx_cert_comp -status -enable_pha -cert " |
dc5bcb88 | 267 | .srctop_file("apps", "server.pem")); |
b67cb09f | 268 | $proxy->serverflags("-no_rx_cert_comp -Verify 5 -status_file " |
dc5bcb88 MC |
269 | .srctop_file("test", "recipes", "ocsp-response.der")); |
270 | $proxy->start(); | |
271 | checkhandshake($proxy, checkhandshake::CLIENT_AUTH_HANDSHAKE, | |
272 | checkhandshake::DEFAULT_EXTENSIONS | |
273 | | checkhandshake::STATUS_REQUEST_CLI_EXTENSION | |
274 | | checkhandshake::STATUS_REQUEST_SRV_EXTENSION | |
275 | | checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION, | |
276 | "status_request handshake with client auth test"); | |
5f21b440 | 277 | } |
cc24a22b | 278 | |
dc5bcb88 | 279 | #Test 7: A client auth handshake |
cc24a22b | 280 | $proxy->clear(); |
b67cb09f TS |
281 | $proxy->clientflags("-no_rx_cert_comp -enable_pha -cert ".srctop_file("apps", "server.pem")); |
282 | $proxy->serverflags("-no_rx_cert_comp -Verify 5"); | |
cc24a22b | 283 | $proxy->start(); |
1e566129 | 284 | checkhandshake($proxy, checkhandshake::CLIENT_AUTH_HANDSHAKE, |
9d75dce3 TS |
285 | checkhandshake::DEFAULT_EXTENSIONS | |
286 | checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION, | |
96153874 | 287 | "Client auth handshake test"); |
cc24a22b | 288 | |
dc5bcb88 | 289 | #Test 8: Server name handshake (no client request) |
9ce3ed2a | 290 | $proxy->clear(); |
b67cb09f | 291 | $proxy->clientflags("-no_rx_cert_comp -noservername"); |
9ce3ed2a | 292 | $proxy->start(); |
1e566129 MC |
293 | checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, |
294 | checkhandshake::DEFAULT_EXTENSIONS | |
11ba87f2 | 295 | & ~checkhandshake::SERVER_NAME_CLI_EXTENSION, |
96153874 | 296 | "Server name handshake test (client)"); |
9ce3ed2a | 297 | |
dc5bcb88 | 298 | #Test 9: Server name handshake (server support only) |
9ce3ed2a | 299 | $proxy->clear(); |
b67cb09f TS |
300 | $proxy->clientflags("-no_rx_cert_comp -noservername"); |
301 | $proxy->serverflags("-no_rx_cert_comp -servername testhost"); | |
9ce3ed2a | 302 | $proxy->start(); |
1e566129 | 303 | checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, |
11ba87f2 MC |
304 | checkhandshake::DEFAULT_EXTENSIONS |
305 | & ~checkhandshake::SERVER_NAME_CLI_EXTENSION, | |
96153874 | 306 | "Server name handshake test (server)"); |
9ce3ed2a | 307 | |
dc5bcb88 | 308 | #Test 10: Server name handshake (client and server) |
9ce3ed2a | 309 | $proxy->clear(); |
b67cb09f TS |
310 | $proxy->clientflags("-no_rx_cert_comp -servername testhost"); |
311 | $proxy->serverflags("-no_rx_cert_comp -servername testhost"); | |
9ce3ed2a | 312 | $proxy->start(); |
1e566129 | 313 | checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, |
96153874 | 314 | checkhandshake::DEFAULT_EXTENSIONS |
96153874 MC |
315 | | checkhandshake::SERVER_NAME_SRV_EXTENSION, |
316 | "Server name handshake test"); | |
9ce3ed2a | 317 | |
dc5bcb88 | 318 | #Test 11: ALPN handshake (client request only) |
9ce3ed2a | 319 | $proxy->clear(); |
b67cb09f | 320 | $proxy->clientflags("-no_rx_cert_comp -alpn test"); |
9ce3ed2a | 321 | $proxy->start(); |
1e566129 MC |
322 | checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, |
323 | checkhandshake::DEFAULT_EXTENSIONS | |
324 | | checkhandshake::ALPN_CLI_EXTENSION, | |
96153874 | 325 | "ALPN handshake test (client)"); |
9ce3ed2a | 326 | |
dc5bcb88 | 327 | #Test 12: ALPN handshake (server support only) |
9ce3ed2a | 328 | $proxy->clear(); |
b67cb09f TS |
329 | $proxy->clientflags("-no_rx_cert_comp"); |
330 | $proxy->serverflags("-no_rx_cert_comp -alpn test"); | |
9ce3ed2a | 331 | $proxy->start(); |
1e566129 MC |
332 | checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, |
333 | checkhandshake::DEFAULT_EXTENSIONS, | |
96153874 | 334 | "ALPN handshake test (server)"); |
a1448c26 | 335 | |
dc5bcb88 | 336 | #Test 13: ALPN handshake (client and server) |
9ce3ed2a | 337 | $proxy->clear(); |
b67cb09f TS |
338 | $proxy->clientflags("-no_rx_cert_comp -alpn test"); |
339 | $proxy->serverflags("-no_rx_cert_comp -alpn test"); | |
9ce3ed2a | 340 | $proxy->start(); |
1e566129 | 341 | checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, |
96153874 MC |
342 | checkhandshake::DEFAULT_EXTENSIONS |
343 | | checkhandshake::ALPN_CLI_EXTENSION | |
344 | | checkhandshake::ALPN_SRV_EXTENSION, | |
345 | "ALPN handshake test"); | |
9ce3ed2a | 346 | |
c3a48c7b MC |
347 | SKIP: { |
348 | skip "No CT, EC or OCSP support in this OpenSSL build", 1 | |
349 | if disabled("ct") || disabled("ec") || disabled("ocsp"); | |
350 | ||
dc5bcb88 | 351 | #Test 14: SCT handshake (client request only) |
c3a48c7b MC |
352 | $proxy->clear(); |
353 | #Note: -ct also sends status_request | |
b67cb09f TS |
354 | $proxy->clientflags("-no_rx_cert_comp -ct"); |
355 | $proxy->serverflags("-no_rx_cert_comp -status_file " | |
c3a48c7b MC |
356 | .srctop_file("test", "recipes", "ocsp-response.der") |
357 | ." -serverinfo ".srctop_file("test", "serverinfo2.pem")); | |
358 | $proxy->start(); | |
359 | checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, | |
360 | checkhandshake::DEFAULT_EXTENSIONS | |
361 | | checkhandshake::SCT_CLI_EXTENSION | |
362 | | checkhandshake::SCT_SRV_EXTENSION | |
363 | | checkhandshake::STATUS_REQUEST_CLI_EXTENSION | |
364 | | checkhandshake::STATUS_REQUEST_SRV_EXTENSION, | |
365 | "SCT handshake test"); | |
366 | } | |
367 | ||
dc5bcb88 | 368 | #Test 15: HRR Handshake |
b0bfd140 | 369 | $proxy->clear(); |
b67cb09f | 370 | $proxy->clientflags("-no_rx_cert_comp"); |
4032cd9a | 371 | $proxy->serverflags("-no_rx_cert_comp -curves P-384"); |
b0bfd140 MC |
372 | $proxy->start(); |
373 | checkhandshake($proxy, checkhandshake::HRR_HANDSHAKE, | |
374 | checkhandshake::DEFAULT_EXTENSIONS | |
375 | | checkhandshake::KEY_SHARE_HRR_EXTENSION, | |
376 | "HRR handshake test"); | |
377 | ||
dc5bcb88 | 378 | #Test 16: Resumption handshake with HRR |
b0bfd140 | 379 | $proxy->clear(); |
b67cb09f | 380 | $proxy->clientflags("-no_rx_cert_comp -sess_in ".$session); |
4032cd9a | 381 | $proxy->serverflags("-no_rx_cert_comp -curves P-384"); |
b0bfd140 MC |
382 | $proxy->start(); |
383 | checkhandshake($proxy, checkhandshake::HRR_RESUME_HANDSHAKE, | |
db919b1e MC |
384 | (checkhandshake::DEFAULT_EXTENSIONS |
385 | | checkhandshake::KEY_SHARE_HRR_EXTENSION | |
386 | | checkhandshake::PSK_CLI_EXTENSION | |
b510b740 | 387 | | checkhandshake::PSK_SRV_EXTENSION), |
b0bfd140 | 388 | "Resumption handshake with HRR test"); |
de65f7b9 | 389 | |
dc5bcb88 | 390 | #Test 17: Acceptable but non preferred key_share |
de65f7b9 | 391 | $proxy->clear(); |
4032cd9a | 392 | $proxy->clientflags("-no_rx_cert_comp -curves P-384"); |
de65f7b9 MC |
393 | $proxy->start(); |
394 | checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, | |
395 | checkhandshake::DEFAULT_EXTENSIONS | |
396 | | checkhandshake::SUPPORTED_GROUPS_SRV_EXTENSION, | |
597c51bc | 397 | "Acceptable but non preferred key_share"); |
de65f7b9 | 398 | |
b0bfd140 | 399 | unlink $session; |