]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/recipes/70-test_sslvertol.t
Unified copyright for test recipes
[thirdparty/openssl.git] / test / recipes / 70-test_sslvertol.t
1 #! /usr/bin/env perl
2 # Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
3 #
4 # Licensed under the OpenSSL license (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
8
9 use strict;
10 use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/;
11 use OpenSSL::Test::Utils;
12 use TLSProxy::Proxy;
13
14 my $test_name = "test_sslextension";
15 setup($test_name);
16
17 plan skip_all => "TLSProxy isn't usable on $^O"
18 if $^O =~ /^(VMS|MSWin32)$/;
19
20 plan skip_all => "$test_name needs the dynamic engine feature enabled"
21 if disabled("engine") || disabled("dynamic-engine");
22
23 plan skip_all => "$test_name needs the sock feature enabled"
24 if disabled("sock");
25
26 $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
27 my $proxy = TLSProxy::Proxy->new(
28 \&vers_tolerance_filter,
29 cmdstr(app(["openssl"]), display => 1),
30 srctop_file("apps", "server.pem"),
31 (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
32 );
33
34 plan tests => 2;
35
36 #Test 1: Asking for TLS1.3 should pass
37 my $client_version = TLSProxy::Record::VERS_TLS_1_3;
38 $proxy->start();
39 ok(TLSProxy::Message->success(), "Version tolerance test, TLS 1.3");
40
41 #Test 2: Testing something below SSLv3 should fail
42 $client_version = TLSProxy::Record::VERS_SSL_3_0 - 1;
43 $proxy->clear();
44 $proxy->start();
45 ok(TLSProxy::Message->fail(), "Version tolerance test, SSL < 3.0");
46
47 sub vers_tolerance_filter
48 {
49 my $proxy = shift;
50
51 # We're only interested in the initial ClientHello
52 if ($proxy->flight != 0) {
53 return;
54 }
55
56 foreach my $message (@{$proxy->message_list}) {
57 if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) {
58 #Set the client version
59 #Anything above the max supported version (TLS1.2) should succeed
60 #Anything below SSLv3 should fail
61 $message->client_version($client_version);
62 $message->repack();
63 }
64 }
65 }