]>
Commit | Line | Data |
---|---|---|
ef96e4a2 MC |
1 | #!/usr/bin/perl |
2 | # Written by Matt Caswell for the OpenSSL project. | |
3 | # ==================================================================== | |
4 | # Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved. | |
5 | # | |
6 | # Redistribution and use in source and binary forms, with or without | |
7 | # modification, are permitted provided that the following conditions | |
8 | # are met: | |
9 | # | |
10 | # 1. Redistributions of source code must retain the above copyright | |
11 | # notice, this list of conditions and the following disclaimer. | |
12 | # | |
13 | # 2. Redistributions in binary form must reproduce the above copyright | |
14 | # notice, this list of conditions and the following disclaimer in | |
15 | # the documentation and/or other materials provided with the | |
16 | # distribution. | |
17 | # | |
18 | # 3. All advertising materials mentioning features or use of this | |
19 | # software must display the following acknowledgment: | |
20 | # "This product includes software developed by the OpenSSL Project | |
21 | # for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | |
22 | # | |
23 | # 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
24 | # endorse or promote products derived from this software without | |
25 | # prior written permission. For written permission, please contact | |
26 | # openssl-core@openssl.org. | |
27 | # | |
28 | # 5. Products derived from this software may not be called "OpenSSL" | |
29 | # nor may "OpenSSL" appear in their names without prior written | |
30 | # permission of the OpenSSL Project. | |
31 | # | |
32 | # 6. Redistributions of any form whatsoever must retain the following | |
33 | # acknowledgment: | |
34 | # "This product includes software developed by the OpenSSL Project | |
35 | # for use in the OpenSSL Toolkit (http://www.openssl.org/)" | |
36 | # | |
37 | # THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
38 | # EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
39 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
40 | # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
41 | # ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
42 | # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
43 | # NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
44 | # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
45 | # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
46 | # STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
47 | # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
48 | # OF THE POSSIBILITY OF SUCH DAMAGE. | |
49 | # ==================================================================== | |
50 | # | |
51 | # This product includes cryptographic software written by Eric Young | |
52 | # (eay@cryptsoft.com). This product includes software written by Tim | |
53 | # Hudson (tjh@cryptsoft.com). | |
54 | ||
55 | use strict; | |
42e0ccdf | 56 | use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/; |
3f22ed2f | 57 | use OpenSSL::Test::Utils; |
ef96e4a2 MC |
58 | use TLSProxy::Proxy; |
59 | ||
60 | my $test_name = "test_sslcertstatus"; | |
61 | setup($test_name); | |
62 | ||
60f9f1e1 | 63 | plan skip_all => "TLSProxy isn't usable on $^O" |
2d32d3be | 64 | if $^O =~ /^(VMS|MSWin32)$/; |
60f9f1e1 | 65 | |
2dd400bd | 66 | plan skip_all => "$test_name needs the dynamic engine feature enabled" |
19ab5790 | 67 | if disabled("engine") || disabled("dynamic-engine"); |
ef96e4a2 | 68 | |
42e0ccdf | 69 | $ENV{OPENSSL_ENGINES} = bldtop_dir("engines"); |
ef96e4a2 MC |
70 | $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; |
71 | my $proxy = TLSProxy::Proxy->new( | |
72 | \&certstatus_filter, | |
73 | cmdstr(app(["openssl"])), | |
b44b935e RL |
74 | srctop_file("apps", "server.pem"), |
75 | (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) | |
ef96e4a2 MC |
76 | ); |
77 | ||
78 | plan tests => 1; | |
79 | ||
80 | #Test 1: Sending a status_request extension in both ClientHello and ServerHello | |
81 | #but then omitting the CertificateStatus message is valid | |
82 | $proxy->clientflags("-status"); | |
83 | $proxy->start(); | |
84 | ok(TLSProxy::Message->success, "Missing CertificateStatus message"); | |
85 | ||
86 | sub certstatus_filter | |
87 | { | |
88 | my $proxy = shift; | |
89 | ||
90 | # We're only interested in the initial ServerHello | |
91 | if ($proxy->flight != 1) { | |
92 | return; | |
93 | } | |
94 | ||
95 | foreach my $message (@{$proxy->message_list}) { | |
96 | if ($message->mt == TLSProxy::Message::MT_SERVER_HELLO) { | |
97 | #Add the status_request to the ServerHello even though we are not | |
98 | #going to send a CertificateStatus message | |
aa474d1f | 99 | $message->set_extension(TLSProxy::Message::EXT_STATUS_REQUEST, |
ef96e4a2 MC |
100 | ""); |
101 | ||
102 | $message->repack(); | |
103 | } | |
104 | } | |
105 | } |