]>
Commit | Line | Data |
---|---|---|
0bfe166b MC |
1 | #! /usr/bin/env perl |
2 | # Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. | |
3 | # | |
4 | # Licensed under the OpenSSL license (the "License"). You may not use | |
5 | # this file except in compliance with the License. You can obtain a copy | |
6 | # in the file LICENSE in the source distribution or at | |
7 | # https://www.openssl.org/source/license.html | |
8 | ||
9 | use strict; | |
f50306c2 | 10 | use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file srctop_dir bldtop_dir/; |
0bfe166b MC |
11 | use OpenSSL::Test::Utils; |
12 | use File::Temp qw(tempfile); | |
13 | use TLSProxy::Proxy; | |
1e566129 | 14 | use checkhandshake qw(checkhandshake @handmessages @extensions); |
f50306c2 | 15 | |
1e566129 MC |
16 | my $test_name = "test_sslmessages"; |
17 | setup($test_name); | |
f50306c2 | 18 | |
0bfe166b MC |
19 | plan skip_all => "TLSProxy isn't usable on $^O" |
20 | if $^O =~ /^(VMS|MSWin32)$/; | |
21 | ||
22 | plan skip_all => "$test_name needs the dynamic engine feature enabled" | |
23 | if disabled("engine") || disabled("dynamic-engine"); | |
24 | ||
25 | plan skip_all => "$test_name needs the sock feature enabled" | |
26 | if disabled("sock"); | |
27 | ||
28 | plan skip_all => "$test_name needs TLS enabled" | |
29 | if alldisabled(available_protocols("tls")); | |
30 | ||
31 | $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; | |
60ea0034 | 32 | $ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); |
6ca94f10 | 33 | |
0bfe166b MC |
34 | my $proxy = TLSProxy::Proxy->new( |
35 | undef, | |
36 | cmdstr(app(["openssl"]), display => 1), | |
37 | srctop_file("apps", "server.pem"), | |
38 | (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) | |
39 | ); | |
40 | ||
f50306c2 MC |
41 | @handmessages = ( |
42 | [TLSProxy::Message::MT_CLIENT_HELLO, | |
1e566129 | 43 | checkhandshake::ALL_HANDSHAKES], |
f50306c2 | 44 | [TLSProxy::Message::MT_SERVER_HELLO, |
1e566129 | 45 | checkhandshake::ALL_HANDSHAKES], |
f50306c2 | 46 | [TLSProxy::Message::MT_CERTIFICATE, |
1e566129 MC |
47 | checkhandshake::ALL_HANDSHAKES |
48 | & ~checkhandshake::RESUME_HANDSHAKE], | |
397f4f78 MC |
49 | (disabled("ec") ? () : |
50 | [TLSProxy::Message::MT_SERVER_KEY_EXCHANGE, | |
51 | checkhandshake::EC_HANDSHAKE]), | |
f50306c2 | 52 | [TLSProxy::Message::MT_CERTIFICATE_STATUS, |
1e566129 | 53 | checkhandshake::OCSP_HANDSHAKE], |
f50306c2 MC |
54 | #ServerKeyExchange handshakes not currently supported by TLSProxy |
55 | [TLSProxy::Message::MT_CERTIFICATE_REQUEST, | |
1e566129 | 56 | checkhandshake::CLIENT_AUTH_HANDSHAKE], |
f50306c2 | 57 | [TLSProxy::Message::MT_SERVER_HELLO_DONE, |
1e566129 MC |
58 | checkhandshake::ALL_HANDSHAKES |
59 | & ~checkhandshake::RESUME_HANDSHAKE], | |
f50306c2 | 60 | [TLSProxy::Message::MT_CERTIFICATE, |
1e566129 | 61 | checkhandshake::CLIENT_AUTH_HANDSHAKE], |
f50306c2 | 62 | [TLSProxy::Message::MT_CLIENT_KEY_EXCHANGE, |
1e566129 MC |
63 | checkhandshake::ALL_HANDSHAKES |
64 | & ~checkhandshake::RESUME_HANDSHAKE], | |
f50306c2 | 65 | [TLSProxy::Message::MT_CERTIFICATE_VERIFY, |
1e566129 | 66 | checkhandshake::CLIENT_AUTH_HANDSHAKE], |
60ea0034 | 67 | [TLSProxy::Message::MT_NEXT_PROTO, |
1e566129 | 68 | checkhandshake::NPN_HANDSHAKE], |
f50306c2 | 69 | [TLSProxy::Message::MT_FINISHED, |
1e566129 | 70 | checkhandshake::ALL_HANDSHAKES], |
f50306c2 | 71 | [TLSProxy::Message::MT_NEW_SESSION_TICKET, |
1e566129 MC |
72 | checkhandshake::ALL_HANDSHAKES |
73 | & ~checkhandshake::RESUME_HANDSHAKE], | |
f50306c2 | 74 | [TLSProxy::Message::MT_FINISHED, |
1e566129 | 75 | checkhandshake::ALL_HANDSHAKES], |
f50306c2 | 76 | [TLSProxy::Message::MT_CLIENT_HELLO, |
1e566129 | 77 | checkhandshake::RENEG_HANDSHAKE], |
f50306c2 | 78 | [TLSProxy::Message::MT_SERVER_HELLO, |
1e566129 | 79 | checkhandshake::RENEG_HANDSHAKE], |
f50306c2 | 80 | [TLSProxy::Message::MT_CERTIFICATE, |
1e566129 | 81 | checkhandshake::RENEG_HANDSHAKE], |
f50306c2 | 82 | [TLSProxy::Message::MT_SERVER_HELLO_DONE, |
1e566129 | 83 | checkhandshake::RENEG_HANDSHAKE], |
f50306c2 | 84 | [TLSProxy::Message::MT_CLIENT_KEY_EXCHANGE, |
1e566129 | 85 | checkhandshake::RENEG_HANDSHAKE], |
f50306c2 | 86 | [TLSProxy::Message::MT_FINISHED, |
1e566129 | 87 | checkhandshake::RENEG_HANDSHAKE], |
f50306c2 | 88 | [TLSProxy::Message::MT_NEW_SESSION_TICKET, |
1e566129 | 89 | checkhandshake::RENEG_HANDSHAKE], |
f50306c2 | 90 | [TLSProxy::Message::MT_FINISHED, |
1e566129 | 91 | checkhandshake::RENEG_HANDSHAKE], |
f50306c2 MC |
92 | [0, 0] |
93 | ); | |
94 | ||
95 | @extensions = ( | |
96 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME, | |
1e566129 | 97 | checkhandshake::SERVER_NAME_CLI_EXTENSION], |
f50306c2 | 98 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST, |
1e566129 | 99 | checkhandshake::STATUS_REQUEST_CLI_EXTENSION], |
397f4f78 MC |
100 | (disabled("ec") ? () : |
101 | [TLSProxy::Message::MT_CLIENT_HELLO, | |
102 | TLSProxy::Message::EXT_SUPPORTED_GROUPS, | |
103 | checkhandshake::DEFAULT_EXTENSIONS]), | |
104 | (disabled("ec") ? () : | |
105 | [TLSProxy::Message::MT_CLIENT_HELLO, | |
106 | TLSProxy::Message::EXT_EC_POINT_FORMATS, | |
107 | checkhandshake::DEFAULT_EXTENSIONS]), | |
f6e752c0 RL |
108 | (disabled("tls1_2") ? () : |
109 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS, | |
110 | checkhandshake::DEFAULT_EXTENSIONS]), | |
f50306c2 | 111 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN, |
1e566129 | 112 | checkhandshake::ALPN_CLI_EXTENSION], |
f50306c2 | 113 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT, |
1e566129 | 114 | checkhandshake::SCT_CLI_EXTENSION], |
f50306c2 | 115 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC, |
1e566129 | 116 | checkhandshake::DEFAULT_EXTENSIONS], |
f50306c2 | 117 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET, |
1e566129 | 118 | checkhandshake::DEFAULT_EXTENSIONS], |
f50306c2 | 119 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET, |
1e566129 | 120 | checkhandshake::DEFAULT_EXTENSIONS], |
f50306c2 | 121 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_RENEGOTIATE, |
1e566129 | 122 | checkhandshake::RENEGOTIATE_CLI_EXTENSION], |
60ea0034 | 123 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_NPN, |
1e566129 | 124 | checkhandshake::NPN_CLI_EXTENSION], |
60ea0034 | 125 | [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SRP, |
1e566129 | 126 | checkhandshake::SRP_CLI_EXTENSION], |
f50306c2 MC |
127 | |
128 | [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_RENEGOTIATE, | |
1e566129 | 129 | checkhandshake::DEFAULT_EXTENSIONS], |
f50306c2 | 130 | [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC, |
1e566129 | 131 | checkhandshake::DEFAULT_EXTENSIONS], |
f50306c2 | 132 | [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET, |
1e566129 | 133 | checkhandshake::DEFAULT_EXTENSIONS], |
f50306c2 | 134 | [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SESSION_TICKET, |
1e566129 | 135 | checkhandshake::SESSION_TICKET_SRV_EXTENSION], |
f50306c2 | 136 | [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SERVER_NAME, |
1e566129 | 137 | checkhandshake::SERVER_NAME_SRV_EXTENSION], |
f50306c2 | 138 | [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST, |
1e566129 | 139 | checkhandshake::STATUS_REQUEST_SRV_EXTENSION], |
f50306c2 | 140 | [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_ALPN, |
1e566129 | 141 | checkhandshake::ALPN_SRV_EXTENSION], |
60ea0034 | 142 | [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SCT, |
1e566129 | 143 | checkhandshake::SCT_SRV_EXTENSION], |
60ea0034 | 144 | [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_NPN, |
1e566129 | 145 | checkhandshake::NPN_SRV_EXTENSION], |
397f4f78 MC |
146 | [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS, |
147 | checkhandshake::EC_POINT_FORMAT_SRV_EXTENSION], | |
f50306c2 MC |
148 | [0,0,0] |
149 | ); | |
0bfe166b MC |
150 | |
151 | #Test 1: Check we get all the right messages for a default handshake | |
152 | (undef, my $session) = tempfile(); | |
153 | $proxy->serverconnects(2); | |
154 | $proxy->clientflags("-no_tls1_3 -sess_out ".$session); | |
155 | $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; | |
397f4f78 | 156 | plan tests => 21; |
1e566129 MC |
157 | checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, |
158 | checkhandshake::DEFAULT_EXTENSIONS, | |
f50306c2 | 159 | "Default handshake test"); |
0bfe166b MC |
160 | |
161 | #Test 2: Resumption handshake | |
162 | $proxy->clearClient(); | |
163 | $proxy->clientflags("-no_tls1_3 -sess_in ".$session); | |
164 | $proxy->clientstart(); | |
1e566129 MC |
165 | checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, |
166 | checkhandshake::DEFAULT_EXTENSIONS | |
db919b1e MC |
167 | & ~checkhandshake::SESSION_TICKET_SRV_EXTENSION |
168 | & ~checkhandshake::SERVER_NAME_CLI_EXTENSION, | |
f50306c2 | 169 | "Resumption handshake test"); |
0bfe166b MC |
170 | unlink $session; |
171 | ||
aec23ece RL |
172 | SKIP: { |
173 | skip "No OCSP support in this OpenSSL build", 3 | |
174 | if disabled("ocsp"); | |
60ea0034 | 175 | |
aec23ece RL |
176 | #Test 3: A status_request handshake (client request only) |
177 | $proxy->clear(); | |
178 | $proxy->clientflags("-no_tls1_3 -status"); | |
179 | $proxy->start(); | |
180 | checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, | |
181 | checkhandshake::DEFAULT_EXTENSIONS | |
182 | | checkhandshake::STATUS_REQUEST_CLI_EXTENSION, | |
183 | "status_request handshake test (client)"); | |
60ea0034 | 184 | |
aec23ece RL |
185 | #Test 4: A status_request handshake (server support only) |
186 | $proxy->clear(); | |
187 | $proxy->clientflags("-no_tls1_3"); | |
188 | $proxy->serverflags("-status_file " | |
189 | .srctop_file("test", "recipes", "ocsp-response.der")); | |
190 | $proxy->start(); | |
191 | checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, | |
192 | checkhandshake::DEFAULT_EXTENSIONS, | |
193 | "status_request handshake test (server)"); | |
194 | ||
195 | #Test 5: A status_request handshake (client and server) | |
196 | $proxy->clear(); | |
197 | $proxy->clientflags("-no_tls1_3 -status"); | |
198 | $proxy->serverflags("-status_file " | |
199 | .srctop_file("test", "recipes", "ocsp-response.der")); | |
200 | $proxy->start(); | |
201 | checkhandshake($proxy, checkhandshake::OCSP_HANDSHAKE, | |
202 | checkhandshake::DEFAULT_EXTENSIONS | |
203 | | checkhandshake::STATUS_REQUEST_CLI_EXTENSION | |
204 | | checkhandshake::STATUS_REQUEST_SRV_EXTENSION, | |
205 | "status_request handshake test"); | |
206 | } | |
0bfe166b | 207 | |
60ea0034 | 208 | #Test 6: A client auth handshake |
0bfe166b MC |
209 | $proxy->clear(); |
210 | $proxy->clientflags("-no_tls1_3 -cert ".srctop_file("apps", "server.pem")); | |
211 | $proxy->serverflags("-Verify 5"); | |
212 | $proxy->start(); | |
1e566129 MC |
213 | checkhandshake($proxy, checkhandshake::CLIENT_AUTH_HANDSHAKE, |
214 | checkhandshake::DEFAULT_EXTENSIONS, | |
f50306c2 | 215 | "Client auth handshake test"); |
0bfe166b | 216 | |
60ea0034 | 217 | #Test 7: A handshake with a renegotiation |
0bfe166b MC |
218 | $proxy->clear(); |
219 | $proxy->clientflags("-no_tls1_3"); | |
220 | $proxy->reneg(1); | |
221 | $proxy->start(); | |
1e566129 MC |
222 | checkhandshake($proxy, checkhandshake::RENEG_HANDSHAKE, |
223 | checkhandshake::DEFAULT_EXTENSIONS, | |
46f4e1be | 224 | "Renegotiation handshake test"); |
f50306c2 | 225 | |
11ba87f2 | 226 | #Test 8: Server name handshake (no client request) |
60ea0034 | 227 | $proxy->clear(); |
11ba87f2 | 228 | $proxy->clientflags("-no_tls1_3 -noservername"); |
60ea0034 | 229 | $proxy->start(); |
1e566129 MC |
230 | checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, |
231 | checkhandshake::DEFAULT_EXTENSIONS | |
11ba87f2 | 232 | & ~checkhandshake::SERVER_NAME_CLI_EXTENSION, |
96153874 | 233 | "Server name handshake test (client)"); |
60ea0034 MC |
234 | |
235 | #Test 9: Server name handshake (server support only) | |
236 | $proxy->clear(); | |
11ba87f2 | 237 | $proxy->clientflags("-no_tls1_3 -noservername"); |
60ea0034 MC |
238 | $proxy->serverflags("-servername testhost"); |
239 | $proxy->start(); | |
1e566129 | 240 | checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, |
11ba87f2 MC |
241 | checkhandshake::DEFAULT_EXTENSIONS |
242 | & ~checkhandshake::SERVER_NAME_CLI_EXTENSION, | |
96153874 | 243 | "Server name handshake test (server)"); |
60ea0034 MC |
244 | |
245 | #Test 10: Server name handshake (client and server) | |
246 | $proxy->clear(); | |
247 | $proxy->clientflags("-no_tls1_3 -servername testhost"); | |
248 | $proxy->serverflags("-servername testhost"); | |
249 | $proxy->start(); | |
1e566129 | 250 | checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, |
96153874 | 251 | checkhandshake::DEFAULT_EXTENSIONS |
96153874 MC |
252 | | checkhandshake::SERVER_NAME_SRV_EXTENSION, |
253 | "Server name handshake test"); | |
60ea0034 MC |
254 | |
255 | #Test 11: ALPN handshake (client request only) | |
256 | $proxy->clear(); | |
257 | $proxy->clientflags("-no_tls1_3 -alpn test"); | |
258 | $proxy->start(); | |
1e566129 MC |
259 | checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, |
260 | checkhandshake::DEFAULT_EXTENSIONS | |
261 | | checkhandshake::ALPN_CLI_EXTENSION, | |
96153874 | 262 | "ALPN handshake test (client)"); |
f50306c2 | 263 | |
60ea0034 MC |
264 | #Test 12: ALPN handshake (server support only) |
265 | $proxy->clear(); | |
266 | $proxy->clientflags("-no_tls1_3"); | |
267 | $proxy->serverflags("-alpn test"); | |
268 | $proxy->start(); | |
1e566129 MC |
269 | checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, |
270 | checkhandshake::DEFAULT_EXTENSIONS, | |
96153874 | 271 | "ALPN handshake test (server)"); |
a1448c26 | 272 | |
60ea0034 MC |
273 | #Test 13: ALPN handshake (client and server) |
274 | $proxy->clear(); | |
275 | $proxy->clientflags("-no_tls1_3 -alpn test"); | |
276 | $proxy->serverflags("-alpn test"); | |
277 | $proxy->start(); | |
1e566129 | 278 | checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, |
96153874 MC |
279 | checkhandshake::DEFAULT_EXTENSIONS |
280 | | checkhandshake::ALPN_CLI_EXTENSION | |
281 | | checkhandshake::ALPN_SRV_EXTENSION, | |
282 | "ALPN handshake test"); | |
60ea0034 | 283 | |
a05bed19 | 284 | SKIP: { |
aec23ece RL |
285 | skip "No CT, EC or OCSP support in this OpenSSL build", 1 |
286 | if disabled("ct") || disabled("ec") || disabled("ocsp"); | |
a05bed19 RL |
287 | |
288 | #Test 14: SCT handshake (client request only) | |
289 | $proxy->clear(); | |
290 | #Note: -ct also sends status_request | |
291 | $proxy->clientflags("-no_tls1_3 -ct"); | |
292 | $proxy->serverflags("-status_file " | |
293 | .srctop_file("test", "recipes", "ocsp-response.der")); | |
294 | $proxy->start(); | |
295 | checkhandshake($proxy, checkhandshake::OCSP_HANDSHAKE, | |
296 | checkhandshake::DEFAULT_EXTENSIONS | |
297 | | checkhandshake::SCT_CLI_EXTENSION | |
298 | | checkhandshake::STATUS_REQUEST_CLI_EXTENSION | |
299 | | checkhandshake::STATUS_REQUEST_SRV_EXTENSION, | |
300 | "SCT handshake test (client)"); | |
301 | } | |
60ea0034 | 302 | |
aec23ece RL |
303 | SKIP: { |
304 | skip "No OCSP support in this OpenSSL build", 1 | |
305 | if disabled("ocsp"); | |
306 | ||
307 | #Test 15: SCT handshake (server support only) | |
308 | $proxy->clear(); | |
309 | #Note: -ct also sends status_request | |
310 | $proxy->clientflags("-no_tls1_3"); | |
311 | $proxy->serverflags("-status_file " | |
312 | .srctop_file("test", "recipes", "ocsp-response.der")); | |
313 | $proxy->start(); | |
314 | checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, | |
315 | checkhandshake::DEFAULT_EXTENSIONS, | |
316 | "SCT handshake test (server)"); | |
317 | } | |
60ea0034 | 318 | |
a05bed19 | 319 | SKIP: { |
aec23ece RL |
320 | skip "No CT, EC or OCSP support in this OpenSSL build", 1 |
321 | if disabled("ct") || disabled("ec") || disabled("ocsp"); | |
a05bed19 RL |
322 | |
323 | #Test 16: SCT handshake (client and server) | |
324 | #There is no built-in server side support for this so we are actually also | |
325 | #testing custom extensions here | |
326 | $proxy->clear(); | |
327 | #Note: -ct also sends status_request | |
328 | $proxy->clientflags("-no_tls1_3 -ct"); | |
329 | $proxy->serverflags("-status_file " | |
330 | .srctop_file("test", "recipes", "ocsp-response.der") | |
331 | ." -serverinfo ".srctop_file("test", "serverinfo.pem")); | |
332 | $proxy->start(); | |
333 | checkhandshake($proxy, checkhandshake::OCSP_HANDSHAKE, | |
334 | checkhandshake::DEFAULT_EXTENSIONS | |
335 | | checkhandshake::SCT_CLI_EXTENSION | |
336 | | checkhandshake::SCT_SRV_EXTENSION | |
337 | | checkhandshake::STATUS_REQUEST_CLI_EXTENSION | |
338 | | checkhandshake::STATUS_REQUEST_SRV_EXTENSION, | |
339 | "SCT handshake test"); | |
340 | } | |
60ea0034 MC |
341 | |
342 | ||
e0c47b2c RL |
343 | SKIP: { |
344 | skip "No NPN support in this OpenSSL build", 3 | |
345 | if disabled("nextprotoneg"); | |
60ea0034 | 346 | |
e0c47b2c RL |
347 | #Test 17: NPN handshake (client request only) |
348 | $proxy->clear(); | |
349 | $proxy->clientflags("-no_tls1_3 -nextprotoneg test"); | |
350 | $proxy->start(); | |
351 | checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, | |
352 | checkhandshake::DEFAULT_EXTENSIONS | |
353 | | checkhandshake::NPN_CLI_EXTENSION, | |
354 | "NPN handshake test (client)"); | |
a1448c26 | 355 | |
e0c47b2c RL |
356 | #Test 18: NPN handshake (server support only) |
357 | $proxy->clear(); | |
358 | $proxy->clientflags("-no_tls1_3"); | |
359 | $proxy->serverflags("-nextprotoneg test"); | |
360 | $proxy->start(); | |
361 | checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, | |
362 | checkhandshake::DEFAULT_EXTENSIONS, | |
363 | "NPN handshake test (server)"); | |
364 | ||
365 | #Test 19: NPN handshake (client and server) | |
366 | $proxy->clear(); | |
367 | $proxy->clientflags("-no_tls1_3 -nextprotoneg test"); | |
368 | $proxy->serverflags("-nextprotoneg test"); | |
369 | $proxy->start(); | |
370 | checkhandshake($proxy, checkhandshake::NPN_HANDSHAKE, | |
371 | checkhandshake::DEFAULT_EXTENSIONS | |
372 | | checkhandshake::NPN_CLI_EXTENSION | |
373 | | checkhandshake::NPN_SRV_EXTENSION, | |
374 | "NPN handshake test"); | |
375 | } | |
60ea0034 | 376 | |
327d38d0 RL |
377 | SKIP: { |
378 | skip "No SRP support in this OpenSSL build", 1 | |
379 | if disabled("srp"); | |
380 | ||
381 | #Test 20: SRP extension | |
382 | #Note: We are not actually going to perform an SRP handshake (TLSProxy | |
383 | #does not support it). However it is sufficient for us to check that the | |
384 | #SRP extension gets added on the client side. There is no SRP extension | |
385 | #generated on the server side anyway. | |
386 | $proxy->clear(); | |
387 | $proxy->clientflags("-no_tls1_3 -srpuser user -srppass pass:pass"); | |
388 | $proxy->start(); | |
389 | checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, | |
390 | checkhandshake::DEFAULT_EXTENSIONS | |
391 | | checkhandshake::SRP_CLI_EXTENSION, | |
392 | "SRP extension test"); | |
393 | } | |
397f4f78 MC |
394 | |
395 | #Test 21: EC handshake | |
396 | SKIP: { | |
397 | skip "No EC support in this OpenSSL build", 1 if disabled("ec"); | |
398 | $proxy->clear(); | |
399 | $proxy->clientflags("-no_tls1_3"); | |
38a73150 | 400 | $proxy->serverflags("-no_tls1_3"); |
397f4f78 MC |
401 | $proxy->ciphers("ECDHE-RSA-AES128-SHA"); |
402 | $proxy->start(); | |
403 | checkhandshake($proxy, checkhandshake::EC_HANDSHAKE, | |
404 | checkhandshake::DEFAULT_EXTENSIONS | |
405 | | checkhandshake::EC_POINT_FORMAT_SRV_EXTENSION, | |
406 | "EC handshake test"); | |
407 | } |