]>
Commit | Line | Data |
---|---|---|
e42c4544 MC |
1 | # -*- mode: perl; -*- |
2 | # Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. | |
3 | # | |
909f1a2e | 4 | # Licensed under the Apache License 2.0 (the "License"). You may not use |
e42c4544 MC |
5 | # this file except in compliance with the License. You can obtain a copy |
6 | # in the file LICENSE in the source distribution or at | |
7 | # https://www.openssl.org/source/license.html | |
8 | ||
9 | ||
10 | ## Test Renegotiation | |
11 | ||
12 | use strict; | |
13 | use warnings; | |
14 | ||
15 | package ssltests; | |
4d118fe0 | 16 | use OpenSSL::Test::Utils; |
e42c4544 | 17 | |
e42c4544 MC |
18 | our @tests = ( |
19 | { | |
fe7dd553 MC |
20 | name => "renegotiate-client-no-resume", |
21 | server => { | |
cd998837 MC |
22 | "Options" => "NoResumptionOnRenegotiation", |
23 | "MaxProtocol" => "TLSv1.2" | |
fe7dd553 MC |
24 | }, |
25 | client => {}, | |
26 | test => { | |
27 | "Method" => "TLS", | |
28 | "HandshakeMode" => "RenegotiateClient", | |
29 | "ResumptionExpected" => "No", | |
30 | "ExpectedResult" => "Success" | |
31 | } | |
32 | }, | |
33 | { | |
34 | name => "renegotiate-client-resume", | |
cd998837 MC |
35 | server => { |
36 | "MaxProtocol" => "TLSv1.2" | |
37 | }, | |
fe7dd553 MC |
38 | client => {}, |
39 | test => { | |
40 | "Method" => "TLS", | |
41 | "HandshakeMode" => "RenegotiateClient", | |
42 | "ResumptionExpected" => "Yes", | |
43 | "ExpectedResult" => "Success" | |
44 | } | |
45 | }, | |
46 | { | |
47 | name => "renegotiate-server-no-resume", | |
48 | server => { | |
cd998837 MC |
49 | "Options" => "NoResumptionOnRenegotiation", |
50 | "MaxProtocol" => "TLSv1.2" | |
fe7dd553 MC |
51 | }, |
52 | client => {}, | |
53 | test => { | |
54 | "Method" => "TLS", | |
55 | "HandshakeMode" => "RenegotiateServer", | |
56 | "ResumptionExpected" => "No", | |
57 | "ExpectedResult" => "Success" | |
58 | } | |
59 | }, | |
60 | { | |
61 | name => "renegotiate-server-resume", | |
cd998837 MC |
62 | server => { |
63 | "MaxProtocol" => "TLSv1.2" | |
64 | }, | |
e42c4544 MC |
65 | client => {}, |
66 | test => { | |
67 | "Method" => "TLS", | |
fe7dd553 MC |
68 | "HandshakeMode" => "RenegotiateServer", |
69 | "ResumptionExpected" => "Yes", | |
e42c4544 MC |
70 | "ExpectedResult" => "Success" |
71 | } | |
72 | }, | |
dff70a2b MC |
73 | { |
74 | name => "renegotiate-client-auth-require", | |
75 | server => { | |
76 | "Options" => "NoResumptionOnRenegotiation", | |
77 | "MaxProtocol" => "TLSv1.2", | |
31b238ad | 78 | "VerifyCAFile" => test_pem("root-cert.pem"), |
dff70a2b MC |
79 | "VerifyMode" => "Require", |
80 | }, | |
81 | client => { | |
31b238ad DSH |
82 | "Certificate" => test_pem("ee-client-chain.pem"), |
83 | "PrivateKey" => test_pem("ee-key.pem"), | |
dff70a2b MC |
84 | }, |
85 | test => { | |
86 | "Method" => "TLS", | |
87 | "HandshakeMode" => "RenegotiateServer", | |
88 | "ResumptionExpected" => "No", | |
89 | "ExpectedResult" => "Success" | |
90 | } | |
91 | }, | |
92 | { | |
93 | name => "renegotiate-client-auth-once", | |
94 | server => { | |
95 | "Options" => "NoResumptionOnRenegotiation", | |
96 | "MaxProtocol" => "TLSv1.2", | |
31b238ad | 97 | "VerifyCAFile" => test_pem("root-cert.pem"), |
dff70a2b MC |
98 | "VerifyMode" => "Once", |
99 | }, | |
100 | client => { | |
31b238ad DSH |
101 | "Certificate" => test_pem("ee-client-chain.pem"), |
102 | "PrivateKey" => test_pem("ee-key.pem"), | |
dff70a2b MC |
103 | }, |
104 | test => { | |
105 | "Method" => "TLS", | |
106 | "HandshakeMode" => "RenegotiateServer", | |
107 | "ResumptionExpected" => "No", | |
108 | "ExpectedResult" => "Success" | |
109 | } | |
4d118fe0 MC |
110 | } |
111 | ); | |
112 | our @tests_tls1_2 = ( | |
cc22cd54 MC |
113 | { |
114 | name => "renegotiate-aead-to-non-aead", | |
115 | server => { | |
116 | "Options" => "NoResumptionOnRenegotiation", | |
cc22cd54 MC |
117 | }, |
118 | client => { | |
119 | "CipherString" => "AES128-GCM-SHA256", | |
aafec89c | 120 | "MaxProtocol" => "TLSv1.2", |
cc22cd54 MC |
121 | extra => { |
122 | "RenegotiateCiphers" => "AES128-SHA" | |
123 | } | |
124 | }, | |
125 | test => { | |
126 | "Method" => "TLS", | |
127 | "HandshakeMode" => "RenegotiateClient", | |
128 | "ResumptionExpected" => "No", | |
129 | "ExpectedResult" => "Success" | |
130 | } | |
131 | }, | |
132 | { | |
133 | name => "renegotiate-non-aead-to-aead", | |
134 | server => { | |
135 | "Options" => "NoResumptionOnRenegotiation", | |
cc22cd54 MC |
136 | }, |
137 | client => { | |
138 | "CipherString" => "AES128-SHA", | |
aafec89c | 139 | "MaxProtocol" => "TLSv1.2", |
cc22cd54 MC |
140 | extra => { |
141 | "RenegotiateCiphers" => "AES128-GCM-SHA256" | |
142 | } | |
143 | }, | |
144 | test => { | |
145 | "Method" => "TLS", | |
146 | "HandshakeMode" => "RenegotiateClient", | |
147 | "ResumptionExpected" => "No", | |
148 | "ExpectedResult" => "Success" | |
149 | } | |
150 | }, | |
151 | { | |
152 | name => "renegotiate-non-aead-to-non-aead", | |
153 | server => { | |
154 | "Options" => "NoResumptionOnRenegotiation", | |
cc22cd54 MC |
155 | }, |
156 | client => { | |
157 | "CipherString" => "AES128-SHA", | |
aafec89c | 158 | "MaxProtocol" => "TLSv1.2", |
cc22cd54 MC |
159 | extra => { |
160 | "RenegotiateCiphers" => "AES256-SHA" | |
161 | } | |
162 | }, | |
163 | test => { | |
164 | "Method" => "TLS", | |
165 | "HandshakeMode" => "RenegotiateClient", | |
166 | "ResumptionExpected" => "No", | |
167 | "ExpectedResult" => "Success" | |
168 | } | |
169 | }, | |
170 | { | |
171 | name => "renegotiate-aead-to-aead", | |
172 | server => { | |
173 | "Options" => "NoResumptionOnRenegotiation", | |
cc22cd54 MC |
174 | }, |
175 | client => { | |
176 | "CipherString" => "AES128-GCM-SHA256", | |
aafec89c | 177 | "MaxProtocol" => "TLSv1.2", |
cc22cd54 MC |
178 | extra => { |
179 | "RenegotiateCiphers" => "AES256-GCM-SHA384" | |
180 | } | |
181 | }, | |
182 | test => { | |
183 | "Method" => "TLS", | |
184 | "HandshakeMode" => "RenegotiateClient", | |
185 | "ResumptionExpected" => "No", | |
186 | "ExpectedResult" => "Success" | |
187 | } | |
db0f35dd TS |
188 | }, |
189 | { | |
190 | name => "no-renegotiation-server-by-client", | |
191 | server => { | |
192 | "Options" => "NoRenegotiation", | |
193 | "MaxProtocol" => "TLSv1.2" | |
194 | }, | |
195 | client => { }, | |
196 | test => { | |
197 | "Method" => "TLS", | |
198 | "HandshakeMode" => "RenegotiateClient", | |
199 | "ResumptionExpected" => "No", | |
200 | "ExpectedResult" => "ClientFail" | |
201 | } | |
202 | }, | |
203 | { | |
204 | name => "no-renegotiation-server-by-server", | |
205 | server => { | |
206 | "Options" => "NoRenegotiation", | |
207 | "MaxProtocol" => "TLSv1.2" | |
208 | }, | |
209 | client => { }, | |
210 | test => { | |
211 | "Method" => "TLS", | |
212 | "HandshakeMode" => "RenegotiateServer", | |
213 | "ResumptionExpected" => "No", | |
214 | "ExpectedResult" => "ServerFail" | |
215 | } | |
216 | }, | |
217 | { | |
218 | name => "no-renegotiation-client-by-server", | |
219 | server => { | |
220 | "MaxProtocol" => "TLSv1.2" | |
221 | }, | |
222 | client => { | |
223 | "Options" => "NoRenegotiation", | |
224 | }, | |
225 | test => { | |
226 | "Method" => "TLS", | |
227 | "HandshakeMode" => "RenegotiateServer", | |
228 | "ResumptionExpected" => "No", | |
229 | "ExpectedResult" => "ServerFail" | |
230 | } | |
231 | }, | |
232 | { | |
233 | name => "no-renegotiation-client-by-client", | |
234 | server => { | |
235 | "MaxProtocol" => "TLSv1.2" | |
236 | }, | |
237 | client => { | |
238 | "Options" => "NoRenegotiation", | |
239 | }, | |
240 | test => { | |
241 | "Method" => "TLS", | |
242 | "HandshakeMode" => "RenegotiateClient", | |
243 | "ResumptionExpected" => "No", | |
244 | "ExpectedResult" => "ClientFail" | |
245 | } | |
4d118fe0 | 246 | } |
e42c4544 | 247 | ); |
4d118fe0 MC |
248 | |
249 | push @tests, @tests_tls1_2 unless disabled("tls1_2"); |