]>
git.ipfire.org Git - thirdparty/openssl.git/blob - test/recipes/70-test_certtypeext.t
2 # Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
4 # Licensed under the Apache License 2.0 (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
10 use OpenSSL
::Test qw
/:DEFAULT cmdstr srctop_file bldtop_dir/;
11 use OpenSSL
::Test
::Utils
;
14 my $test_name = "test_certtypeext";
17 plan skip_all
=> "TLSProxy isn't usable on $^O"
20 plan skip_all
=> "$test_name needs the dynamic engine feature enabled"
21 if disabled
("engine") || disabled
("dynamic-engine");
23 plan skip_all
=> "$test_name needs the sock feature enabled"
26 plan skip_all
=> "$test_name needs TLSv1.2 enabled"
27 if disabled
("tls1_2");
29 my $proxy = TLSProxy
::Proxy
->new(
31 cmdstr
(app
(["openssl"]), display
=> 1),
32 srctop_file
("apps", "server.pem"),
33 (!$ENV{HARNESS_ACTIVE
} || $ENV{HARNESS_VERBOSE
})
37 SERVER_CERT_TYPE
=> 0,
38 CLIENT_CERT_TYPE
=> 1,
43 # Test 1: Just do a verify without cert type
45 $proxy->clientflags("-tls1_2 -cert ".srctop_file
("apps", "server.pem"));
46 $proxy->serverflags("-verify 4");
47 $testtype = NO_CERT_TYPE
;
48 $proxy->start() or plan skip_all
=> "Unable to start up Proxy for tests";
50 ok
(TLSProxy
::Message
->success, "Simple verify");
52 # Test 2: Set a bogus server cert type
54 $proxy->serverflags("-enable_server_rpk");
55 $testtype = SERVER_CERT_TYPE
;
57 ok
(TLSProxy
::Message
->fail, "Unsupported server cert type");
59 # Test 3: Set a bogus client cert type
61 $proxy->serverflags("-enable_client_rpk");
62 $testtype = CLIENT_CERT_TYPE
;
64 ok
(TLSProxy
::Message
->success, "Unsupported client cert type, no verify");
66 # Test 4: Set a bogus server cert type with verify
68 $testtype = CLIENT_CERT_TYPE
;
69 $proxy->clientflags("-tls1_2 -cert ".srctop_file
("apps", "server.pem"));
70 $proxy->serverflags("-verify 4 -enable_client_rpk");
72 ok
(TLSProxy
::Message
->fail, "Unsupported client cert type with verify");
79 # We're only interested in the initial ClientHello
80 return if $proxy->flight != 0;
82 $message = ${$proxy->message_list}[0];
84 # Add unsupported and bogus client and server cert type to the client hello.
85 my $ct = pack "C5", 0x04, 0x01, 0x03, 0x55, 0x66;
86 if ($testtype == CLIENT_CERT_TYPE
) {
87 print "SETTING CLIENT CERT TYPE\n";
88 $message->set_extension(TLSProxy
::Message
::EXT_CLIENT_CERT_TYPE
, $ct);
90 if ($testtype == SERVER_CERT_TYPE
) {
91 print "SETTING SERVER CERT TYPE\n";
92 $message->set_extension(TLSProxy
::Message
::EXT_SERVER_CERT_TYPE
, $ct);