]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/recipes/70-test_tls13messages.t
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Use empty renegotiate extension instead of SCSV for TLS > 1.0
[thirdparty/openssl.git] / test / recipes / 70-test_tls13messages.t
CommitLineData
c11237c2 1#! /usr/bin/env perl
da1c088f 2# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
c11237c2 3#
909f1a2e 4# Licensed under the Apache License 2.0 (the "License"). You may not use
c11237c2
MC		 5# this file except in compliance with the License. You can obtain a copy
6# in the file LICENSE in the source distribution or at
7# https://www.openssl.org/source/license.html
8
9use strict;
f50306c2 10use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file srctop_dir bldtop_dir/;
c11237c2 11use OpenSSL::Test::Utils;
cc24a22b 12use File::Temp qw(tempfile);
c11237c2 13use TLSProxy::Proxy;
1e566129 14use checkhandshake qw(checkhandshake @handmessages @extensions);
f50306c2 15
1e566129
MC		 16my $test_name = "test_tls13messages";
17setup($test_name);
f50306c2 18
c11237c2 19plan skip_all => "TLSProxy isn't usable on $^O"
c5856878 20 if $^O =~ /^(VMS)$/;
c11237c2
MC		 21
22plan skip_all => "$test_name needs the dynamic engine feature enabled"
23 if disabled("engine") || disabled("dynamic-engine");
24
25plan skip_all => "$test_name needs the sock feature enabled"
26 if disabled("sock");
27
28plan skip_all => "$test_name needs TLSv1.3 enabled"
29 if disabled("tls1_3");
30
dbc6268f
MC		 31plan skip_all => "$test_name needs EC enabled"
32 if disabled("ec");
33
f50306c2
MC		 34@handmessages = (
35 [TLSProxy::Message::MT_CLIENT_HELLO,
1e566129 36 checkhandshake::ALL_HANDSHAKES],
597c51bc 37 [TLSProxy::Message::MT_SERVER_HELLO,
b0bfd140
MC		 38 checkhandshake::HRR_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE],
39 [TLSProxy::Message::MT_CLIENT_HELLO,
40 checkhandshake::HRR_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE],
f50306c2 41 [TLSProxy::Message::MT_SERVER_HELLO,
1e566129 42 checkhandshake::ALL_HANDSHAKES],
f50306c2 43 [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS,
1e566129 44 checkhandshake::ALL_HANDSHAKES],
f50306c2 45 [TLSProxy::Message::MT_CERTIFICATE_REQUEST,
1e566129 46 checkhandshake::CLIENT_AUTH_HANDSHAKE],
f50306c2 47 [TLSProxy::Message::MT_CERTIFICATE,
b0bfd140 48 checkhandshake::ALL_HANDSHAKES & ~(checkhandshake::RESUME_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE)],
2c5dfdc3 49 [TLSProxy::Message::MT_CERTIFICATE_VERIFY,
b0bfd140 50 checkhandshake::ALL_HANDSHAKES & ~(checkhandshake::RESUME_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE)],
f50306c2 51 [TLSProxy::Message::MT_FINISHED,
1e566129 52 checkhandshake::ALL_HANDSHAKES],
f50306c2 53 [TLSProxy::Message::MT_CERTIFICATE,
1e566129 54 checkhandshake::CLIENT_AUTH_HANDSHAKE],
f50306c2 55 [TLSProxy::Message::MT_CERTIFICATE_VERIFY,
1e566129 56 checkhandshake::CLIENT_AUTH_HANDSHAKE],
f50306c2 57 [TLSProxy::Message::MT_FINISHED,
1e566129 58 checkhandshake::ALL_HANDSHAKES],
c11237c2
MC		 59 [0, 0]
60);
61
f50306c2
MC		 62@extensions = (
63 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME,
dc5bcb88 64 TLSProxy::Message::CLIENT,
1e566129 65 checkhandshake::SERVER_NAME_CLI_EXTENSION],
f50306c2 66 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,
dc5bcb88 67 TLSProxy::Message::CLIENT,
1e566129 68 checkhandshake::STATUS_REQUEST_CLI_EXTENSION],
f50306c2 69 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS,
dc5bcb88 70 TLSProxy::Message::CLIENT,
1e566129 71 checkhandshake::DEFAULT_EXTENSIONS],
f50306c2 72 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS,
dc5bcb88 73 TLSProxy::Message::CLIENT,
1e566129 74 checkhandshake::DEFAULT_EXTENSIONS],
f50306c2 75 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS,
dc5bcb88 76 TLSProxy::Message::CLIENT,
1e566129 77 checkhandshake::DEFAULT_EXTENSIONS],
f50306c2 78 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN,
dc5bcb88 79 TLSProxy::Message::CLIENT,
1e566129 80 checkhandshake::ALPN_CLI_EXTENSION],
f50306c2 81 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT,
dc5bcb88 82 TLSProxy::Message::CLIENT,
1e566129 83 checkhandshake::SCT_CLI_EXTENSION],
f50306c2 84 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC,
dc5bcb88 85 TLSProxy::Message::CLIENT,
1e566129 86 checkhandshake::DEFAULT_EXTENSIONS],
f50306c2 87 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET,
dc5bcb88 88 TLSProxy::Message::CLIENT,
1e566129 89 checkhandshake::DEFAULT_EXTENSIONS],
f50306c2 90 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET,
dc5bcb88 91 TLSProxy::Message::CLIENT,
1e566129 92 checkhandshake::DEFAULT_EXTENSIONS],
f50306c2 93 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
dc5bcb88 94 TLSProxy::Message::CLIENT,
1e566129 95 checkhandshake::DEFAULT_EXTENSIONS],
f50306c2 96 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
dc5bcb88 97 TLSProxy::Message::CLIENT,
1e566129 98 checkhandshake::DEFAULT_EXTENSIONS],
b2f7e8c0 99 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES,
dc5bcb88 100 TLSProxy::Message::CLIENT,
b2f7e8c0 101 checkhandshake::DEFAULT_EXTENSIONS],
a23bb15a 102 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK,
dc5bcb88 103 TLSProxy::Message::CLIENT,
a23bb15a 104 checkhandshake::PSK_CLI_EXTENSION],
9d75dce3 105 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_POST_HANDSHAKE_AUTH,
dc5bcb88 106 TLSProxy::Message::CLIENT,
9d75dce3 107 checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION],
972ee925
TP		 108 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_RENEGOTIATE,
109 TLSProxy::Message::CLIENT,
110 checkhandshake::DEFAULT_EXTENSIONS],
f50306c2 111
426dfc9f 112 [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
dc5bcb88 113 TLSProxy::Message::SERVER,
426dfc9f 114 checkhandshake::DEFAULT_EXTENSIONS],
597c51bc 115 [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
dc5bcb88 116 TLSProxy::Message::SERVER,
b0bfd140
MC		 117 checkhandshake::KEY_SHARE_HRR_EXTENSION],
118
119 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME,
dc5bcb88 120 TLSProxy::Message::CLIENT,
b0bfd140
MC		 121 checkhandshake::SERVER_NAME_CLI_EXTENSION],
122 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,
dc5bcb88 123 TLSProxy::Message::CLIENT,
b0bfd140
MC		 124 checkhandshake::STATUS_REQUEST_CLI_EXTENSION],
125 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS,
dc5bcb88 126 TLSProxy::Message::CLIENT,
b0bfd140 127 checkhandshake::DEFAULT_EXTENSIONS],
a2b97bdf 128 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS,
dc5bcb88 129 TLSProxy::Message::CLIENT,
a2b97bdf 130 checkhandshake::DEFAULT_EXTENSIONS],
b0bfd140 131 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS,
dc5bcb88 132 TLSProxy::Message::CLIENT,
b0bfd140
MC		 133 checkhandshake::DEFAULT_EXTENSIONS],
134 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN,
dc5bcb88 135 TLSProxy::Message::CLIENT,
b0bfd140
MC		 136 checkhandshake::ALPN_CLI_EXTENSION],
137 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT,
dc5bcb88 138 TLSProxy::Message::CLIENT,
b0bfd140 139 checkhandshake::SCT_CLI_EXTENSION],
a2b97bdf 140 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC,
dc5bcb88 141 TLSProxy::Message::CLIENT,
a2b97bdf
MC		 142 checkhandshake::DEFAULT_EXTENSIONS],
143 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET,
dc5bcb88 144 TLSProxy::Message::CLIENT,
a2b97bdf
MC		 145 checkhandshake::DEFAULT_EXTENSIONS],
146 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET,
dc5bcb88 147 TLSProxy::Message::CLIENT,
a2b97bdf 148 checkhandshake::DEFAULT_EXTENSIONS],
b0bfd140 149 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
dc5bcb88 150 TLSProxy::Message::CLIENT,
b0bfd140
MC		 151 checkhandshake::DEFAULT_EXTENSIONS],
152 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
dc5bcb88 153 TLSProxy::Message::CLIENT,
b0bfd140
MC		 154 checkhandshake::DEFAULT_EXTENSIONS],
155 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES,
dc5bcb88 156 TLSProxy::Message::CLIENT,
b0bfd140
MC		 157 checkhandshake::DEFAULT_EXTENSIONS],
158 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK,
dc5bcb88 159 TLSProxy::Message::CLIENT,
b0bfd140 160 checkhandshake::PSK_CLI_EXTENSION],
9d75dce3 161 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_POST_HANDSHAKE_AUTH,
dc5bcb88 162 TLSProxy::Message::CLIENT,
9d75dce3 163 checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION],
972ee925
TP		 164 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_RENEGOTIATE,
165 TLSProxy::Message::CLIENT,
166 checkhandshake::DEFAULT_EXTENSIONS],
b0bfd140 167
88050dd1 168 [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
dc5bcb88 169 TLSProxy::Message::SERVER,
88050dd1 170 checkhandshake::DEFAULT_EXTENSIONS],
f50306c2 171 [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
dc5bcb88 172 TLSProxy::Message::SERVER,
1e566129 173 checkhandshake::DEFAULT_EXTENSIONS],
a23bb15a 174 [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_PSK,
dc5bcb88 175 TLSProxy::Message::SERVER,
a23bb15a 176 checkhandshake::PSK_SRV_EXTENSION],
f50306c2
MC		 177
178 [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_SERVER_NAME,
dc5bcb88 179 TLSProxy::Message::SERVER,
1e566129 180 checkhandshake::SERVER_NAME_SRV_EXTENSION],
f50306c2 181 [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_ALPN,
dc5bcb88 182 TLSProxy::Message::SERVER,
1e566129 183 checkhandshake::ALPN_SRV_EXTENSION],
de65f7b9 184 [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_SUPPORTED_GROUPS,
dc5bcb88 185 TLSProxy::Message::SERVER,
de65f7b9 186 checkhandshake::SUPPORTED_GROUPS_SRV_EXTENSION],
e96e0f8e 187
dc5bcb88
MC		 188 [TLSProxy::Message::MT_CERTIFICATE_REQUEST, TLSProxy::Message::EXT_SIG_ALGS,
189 TLSProxy::Message::SERVER,
190 checkhandshake::DEFAULT_EXTENSIONS],
191
e96e0f8e 192 [TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_STATUS_REQUEST,
dc5bcb88 193 TLSProxy::Message::SERVER,
e96e0f8e 194 checkhandshake::STATUS_REQUEST_SRV_EXTENSION],
c3a48c7b 195 [TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_SCT,
dc5bcb88 196 TLSProxy::Message::SERVER,
c3a48c7b 197 checkhandshake::SCT_SRV_EXTENSION],
e96e0f8e 198
dc5bcb88 199 [0,0,0,0]
9ce3ed2a
MC		 200);
201
c11237c2
MC		 202my $proxy = TLSProxy::Proxy->new(
203 undef,
204 cmdstr(app(["openssl"]), display => 1),
205 srctop_file("apps", "server.pem"),
206 (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
207);
208
c11237c2 209#Test 1: Check we get all the right messages for a default handshake
cc24a22b 210(undef, my $session) = tempfile();
a23bb15a 211$proxy->serverconnects(2);
b67cb09f 212$proxy->clientflags("-no_rx_cert_comp -sess_out ".$session);
a23bb15a 213$proxy->sessionfile($session);
c11237c2 214$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
dc5bcb88 215plan tests => 17;
1e566129
MC		 216checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
217 checkhandshake::DEFAULT_EXTENSIONS,
f50306c2 218 "Default handshake test");
c11237c2 219
cc24a22b 220#Test 2: Resumption handshake
a23bb15a 221$proxy->clearClient();
b67cb09f 222$proxy->clientflags("-no_rx_cert_comp -sess_in ".$session);
a23bb15a
MC		 223$proxy->clientstart();
224checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE,
db919b1e
MC		 225 (checkhandshake::DEFAULT_EXTENSIONS
226 | checkhandshake::PSK_CLI_EXTENSION
b510b740 227 | checkhandshake::PSK_SRV_EXTENSION),
a23bb15a 228 "Resumption handshake test");
cc24a22b 229
5f21b440 230SKIP: {
dc5bcb88 231 skip "No OCSP support in this OpenSSL build", 4
5f21b440
BK		 232 if disabled("ct") || disabled("ec") || disabled("ocsp");
233 #Test 3: A status_request handshake (client request only)
234 $proxy->clear();
b67cb09f 235 $proxy->clientflags("-no_rx_cert_comp -status");
5f21b440
BK		 236 $proxy->start();
237 checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
238 checkhandshake::DEFAULT_EXTENSIONS
239 | checkhandshake::STATUS_REQUEST_CLI_EXTENSION,
240 "status_request handshake test (client)");
241
242 #Test 4: A status_request handshake (server support only)
243 $proxy->clear();
b67cb09f
TS		 244 $proxy->clientflags("-no_rx_cert_comp");
245 $proxy->serverflags("-no_rx_cert_comp -status_file "
5f21b440
BK		 246 .srctop_file("test", "recipes", "ocsp-response.der"));
247 $proxy->start();
248 checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
249 checkhandshake::DEFAULT_EXTENSIONS,
250 "status_request handshake test (server)");
251
252 #Test 5: A status_request handshake (client and server)
253 $proxy->clear();
b67cb09f
TS		 254 $proxy->clientflags("-no_rx_cert_comp -status");
255 $proxy->serverflags("-no_rx_cert_comp -status_file "
5f21b440
BK		 256 .srctop_file("test", "recipes", "ocsp-response.der"));
257 $proxy->start();
258 checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
259 checkhandshake::DEFAULT_EXTENSIONS
260 | checkhandshake::STATUS_REQUEST_CLI_EXTENSION
261 | checkhandshake::STATUS_REQUEST_SRV_EXTENSION,
262 "status_request handshake test");
dc5bcb88
MC		 263
264 #Test 6: A status_request handshake (client and server) with client auth
265 $proxy->clear();
b67cb09f 266 $proxy->clientflags("-no_rx_cert_comp -status -enable_pha -cert "
dc5bcb88 267 .srctop_file("apps", "server.pem"));
b67cb09f 268 $proxy->serverflags("-no_rx_cert_comp -Verify 5 -status_file "
dc5bcb88
MC		 269 .srctop_file("test", "recipes", "ocsp-response.der"));
270 $proxy->start();
271 checkhandshake($proxy, checkhandshake::CLIENT_AUTH_HANDSHAKE,
272 checkhandshake::DEFAULT_EXTENSIONS
273 | checkhandshake::STATUS_REQUEST_CLI_EXTENSION
274 | checkhandshake::STATUS_REQUEST_SRV_EXTENSION
275 | checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION,
276 "status_request handshake with client auth test");
5f21b440 277}
cc24a22b 278
dc5bcb88 279#Test 7: A client auth handshake
cc24a22b 280$proxy->clear();
b67cb09f
TS		 281$proxy->clientflags("-no_rx_cert_comp -enable_pha -cert ".srctop_file("apps", "server.pem"));
282$proxy->serverflags("-no_rx_cert_comp -Verify 5");
cc24a22b 283$proxy->start();
1e566129 284checkhandshake($proxy, checkhandshake::CLIENT_AUTH_HANDSHAKE,
9d75dce3
TS		 285 checkhandshake::DEFAULT_EXTENSIONS |
286 checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION,
96153874 287 "Client auth handshake test");
cc24a22b 288
dc5bcb88 289#Test 8: Server name handshake (no client request)
9ce3ed2a 290$proxy->clear();
b67cb09f 291$proxy->clientflags("-no_rx_cert_comp -noservername");
9ce3ed2a 292$proxy->start();
1e566129
MC		 293checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
294 checkhandshake::DEFAULT_EXTENSIONS
11ba87f2 295 & ~checkhandshake::SERVER_NAME_CLI_EXTENSION,
96153874 296 "Server name handshake test (client)");
9ce3ed2a 297
dc5bcb88 298#Test 9: Server name handshake (server support only)
9ce3ed2a 299$proxy->clear();
b67cb09f
TS		 300$proxy->clientflags("-no_rx_cert_comp -noservername");
301$proxy->serverflags("-no_rx_cert_comp -servername testhost");
9ce3ed2a 302$proxy->start();
1e566129 303checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
11ba87f2
MC		 304 checkhandshake::DEFAULT_EXTENSIONS
305 & ~checkhandshake::SERVER_NAME_CLI_EXTENSION,
96153874 306 "Server name handshake test (server)");
9ce3ed2a 307
dc5bcb88 308#Test 10: Server name handshake (client and server)
9ce3ed2a 309$proxy->clear();
b67cb09f
TS		 310$proxy->clientflags("-no_rx_cert_comp -servername testhost");
311$proxy->serverflags("-no_rx_cert_comp -servername testhost");
9ce3ed2a 312$proxy->start();
1e566129 313checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
96153874 314 checkhandshake::DEFAULT_EXTENSIONS
96153874
MC		 315 | checkhandshake::SERVER_NAME_SRV_EXTENSION,
316 "Server name handshake test");
9ce3ed2a 317
dc5bcb88 318#Test 11: ALPN handshake (client request only)
9ce3ed2a 319$proxy->clear();
b67cb09f 320$proxy->clientflags("-no_rx_cert_comp -alpn test");
9ce3ed2a 321$proxy->start();
1e566129
MC		 322checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
323 checkhandshake::DEFAULT_EXTENSIONS
324 | checkhandshake::ALPN_CLI_EXTENSION,
96153874 325 "ALPN handshake test (client)");
9ce3ed2a 326
dc5bcb88 327#Test 12: ALPN handshake (server support only)
9ce3ed2a 328$proxy->clear();
b67cb09f
TS		 329$proxy->clientflags("-no_rx_cert_comp");
330$proxy->serverflags("-no_rx_cert_comp -alpn test");
9ce3ed2a 331$proxy->start();
1e566129
MC		 332checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
333 checkhandshake::DEFAULT_EXTENSIONS,
96153874 334 "ALPN handshake test (server)");
a1448c26 335
dc5bcb88 336#Test 13: ALPN handshake (client and server)
9ce3ed2a 337$proxy->clear();
b67cb09f
TS		 338$proxy->clientflags("-no_rx_cert_comp -alpn test");
339$proxy->serverflags("-no_rx_cert_comp -alpn test");
9ce3ed2a 340$proxy->start();
1e566129 341checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
96153874
MC		 342 checkhandshake::DEFAULT_EXTENSIONS
343 | checkhandshake::ALPN_CLI_EXTENSION
344 | checkhandshake::ALPN_SRV_EXTENSION,
345 "ALPN handshake test");
9ce3ed2a 346
c3a48c7b
MC		 347SKIP: {
348 skip "No CT, EC or OCSP support in this OpenSSL build", 1
349 if disabled("ct") || disabled("ec") || disabled("ocsp");
350
dc5bcb88 351 #Test 14: SCT handshake (client request only)
c3a48c7b
MC		 352 $proxy->clear();
353 #Note: -ct also sends status_request
b67cb09f
TS		 354 $proxy->clientflags("-no_rx_cert_comp -ct");
355 $proxy->serverflags("-no_rx_cert_comp -status_file "
c3a48c7b
MC		 356 .srctop_file("test", "recipes", "ocsp-response.der")
357 ." -serverinfo ".srctop_file("test", "serverinfo2.pem"));
358 $proxy->start();
359 checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
360 checkhandshake::DEFAULT_EXTENSIONS
361 | checkhandshake::SCT_CLI_EXTENSION
362 | checkhandshake::SCT_SRV_EXTENSION
363 | checkhandshake::STATUS_REQUEST_CLI_EXTENSION
364 | checkhandshake::STATUS_REQUEST_SRV_EXTENSION,
365 "SCT handshake test");
366}
367
dc5bcb88 368#Test 15: HRR Handshake
b0bfd140 369$proxy->clear();
b67cb09f 370$proxy->clientflags("-no_rx_cert_comp");
4032cd9a 371$proxy->serverflags("-no_rx_cert_comp -curves P-384");
b0bfd140
MC		 372$proxy->start();
373checkhandshake($proxy, checkhandshake::HRR_HANDSHAKE,
374 checkhandshake::DEFAULT_EXTENSIONS
375 | checkhandshake::KEY_SHARE_HRR_EXTENSION,
376 "HRR handshake test");
377
dc5bcb88 378#Test 16: Resumption handshake with HRR
b0bfd140 379$proxy->clear();
b67cb09f 380$proxy->clientflags("-no_rx_cert_comp -sess_in ".$session);
4032cd9a 381$proxy->serverflags("-no_rx_cert_comp -curves P-384");
b0bfd140
MC		 382$proxy->start();
383checkhandshake($proxy, checkhandshake::HRR_RESUME_HANDSHAKE,
db919b1e
MC		 384 (checkhandshake::DEFAULT_EXTENSIONS
385 | checkhandshake::KEY_SHARE_HRR_EXTENSION
386 | checkhandshake::PSK_CLI_EXTENSION
b510b740 387 | checkhandshake::PSK_SRV_EXTENSION),
b0bfd140 388 "Resumption handshake with HRR test");
de65f7b9 389
dc5bcb88 390#Test 17: Acceptable but non preferred key_share
de65f7b9 391$proxy->clear();
4032cd9a 392$proxy->clientflags("-no_rx_cert_comp -curves P-384");
de65f7b9
MC		 393$proxy->start();
394checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
395 checkhandshake::DEFAULT_EXTENSIONS
396 | checkhandshake::SUPPORTED_GROUPS_SRV_EXTENSION,
597c51bc 397 "Acceptable but non preferred key_share");
de65f7b9 398
b0bfd140 399unlink $session;
A mirror of the official openssl repository