]>
Commit | Line | Data |
---|---|---|
011467ee MC |
1 | #!/usr/bin/perl |
2 | # Written by Matt Caswell for the OpenSSL project. | |
3 | # ==================================================================== | |
4 | # Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved. | |
5 | # | |
6 | # Redistribution and use in source and binary forms, with or without | |
7 | # modification, are permitted provided that the following conditions | |
8 | # are met: | |
9 | # | |
10 | # 1. Redistributions of source code must retain the above copyright | |
11 | # notice, this list of conditions and the following disclaimer. | |
12 | # | |
13 | # 2. Redistributions in binary form must reproduce the above copyright | |
14 | # notice, this list of conditions and the following disclaimer in | |
15 | # the documentation and/or other materials provided with the | |
16 | # distribution. | |
17 | # | |
18 | # 3. All advertising materials mentioning features or use of this | |
19 | # software must display the following acknowledgment: | |
20 | # "This product includes software developed by the OpenSSL Project | |
21 | # for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | |
22 | # | |
23 | # 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
24 | # endorse or promote products derived from this software without | |
25 | # prior written permission. For written permission, please contact | |
26 | # openssl-core@openssl.org. | |
27 | # | |
28 | # 5. Products derived from this software may not be called "OpenSSL" | |
29 | # nor may "OpenSSL" appear in their names without prior written | |
30 | # permission of the OpenSSL Project. | |
31 | # | |
32 | # 6. Redistributions of any form whatsoever must retain the following | |
33 | # acknowledgment: | |
34 | # "This product includes software developed by the OpenSSL Project | |
35 | # for use in the OpenSSL Toolkit (http://www.openssl.org/)" | |
36 | # | |
37 | # THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
38 | # EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
39 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
40 | # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
41 | # ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
42 | # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
43 | # NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
44 | # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
45 | # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
46 | # STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
47 | # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
48 | # OF THE POSSIBILITY OF SUCH DAMAGE. | |
49 | # ==================================================================== | |
50 | # | |
51 | # This product includes cryptographic software written by Eric Young | |
52 | # (eay@cryptsoft.com). This product includes software written by Tim | |
53 | # Hudson (tjh@cryptsoft.com). | |
54 | ||
55 | use strict; | |
42e0ccdf | 56 | use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/; |
3f22ed2f | 57 | use OpenSSL::Test::Utils; |
011467ee MC |
58 | use TLSProxy::Proxy; |
59 | ||
25be5f44 RL |
60 | my $test_name = "test_sslextension"; |
61 | setup($test_name); | |
62 | ||
60f9f1e1 | 63 | plan skip_all => "TLSProxy isn't usable on $^O" |
2d32d3be | 64 | if $^O =~ /^(VMS|MSWin32)$/; |
60f9f1e1 | 65 | |
2dd400bd | 66 | plan skip_all => "$test_name needs the dynamic engine feature enabled" |
19ab5790 | 67 | if disabled("engine") || disabled("dynamic-engine"); |
25be5f44 | 68 | |
f9e55034 MC |
69 | plan skip_all => "$test_name needs the sock feature enabled" |
70 | if disabled("sock"); | |
71 | ||
25be5f44 | 72 | $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; |
011467ee MC |
73 | my $proxy = TLSProxy::Proxy->new( |
74 | \&vers_tolerance_filter, | |
25c78440 | 75 | cmdstr(app(["openssl"]), display => 1), |
b44b935e RL |
76 | srctop_file("apps", "server.pem"), |
77 | (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) | |
011467ee MC |
78 | ); |
79 | ||
25be5f44 RL |
80 | plan tests => 2; |
81 | ||
011467ee MC |
82 | #Test 1: Asking for TLS1.3 should pass |
83 | my $client_version = TLSProxy::Record::VERS_TLS_1_3; | |
84 | $proxy->start(); | |
25be5f44 | 85 | ok(TLSProxy::Message->success(), "Version tolerance test, TLS 1.3"); |
011467ee MC |
86 | |
87 | #Test 2: Testing something below SSLv3 should fail | |
88 | $client_version = TLSProxy::Record::VERS_SSL_3_0 - 1; | |
5427976d MC |
89 | $proxy->clear(); |
90 | $proxy->start(); | |
25be5f44 | 91 | ok(TLSProxy::Message->fail(), "Version tolerance test, SSL < 3.0"); |
011467ee MC |
92 | |
93 | sub vers_tolerance_filter | |
94 | { | |
95 | my $proxy = shift; | |
96 | ||
97 | # We're only interested in the initial ClientHello | |
98 | if ($proxy->flight != 0) { | |
99 | return; | |
100 | } | |
101 | ||
102 | foreach my $message (@{$proxy->message_list}) { | |
103 | if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { | |
104 | #Set the client version | |
105 | #Anything above the max supported version (TLS1.2) should succeed | |
106 | #Anything below SSLv3 should fail | |
107 | $message->client_version($client_version); | |
108 | $message->repack(); | |
109 | } | |
110 | } | |
111 | } |