]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1c361b4)
Add testing of TLSv1.3 resumption in test_tls13messages
authorMatt Caswell <matt@openssl.org>
Fri, 20 Jan 2017 12:11:49 +0000 (12:11 +0000)
committerMatt Caswell <matt@openssl.org>
Mon, 30 Jan 2017 10:18:23 +0000 (10:18 +0000)
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)

test/recipes/70-test_tls13messages.t patch | blob | blame | history
test/testlib/checkhandshake.pm patch | blob | blame | history

diff --git a/test/recipes/70-test_tls13messages.t b/test/recipes/70-test_tls13messages.t
index fb69e7cd0d9b0c395534c0db1301cd1f43920abe..609a4f4def98ccb48a91004cefe80a5279fc4d29 100755 (executable)
--- a/test/recipes/70-test_tls13messages.t
+++ b/test/recipes/70-test_tls13messages.t
@@ -83,9 +83,13 @@ $ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
         checkhandshake::DEFAULT_EXTENSIONS],
     [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES,
         checkhandshake::DEFAULT_EXTENSIONS],
+    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK,
+        checkhandshake::PSK_CLI_EXTENSION],
 
     [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
         checkhandshake::DEFAULT_EXTENSIONS],
+    [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_PSK,
+        checkhandshake::PSK_SRV_EXTENSION],
 
     [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_SERVER_NAME,
         checkhandshake::SERVER_NAME_SRV_EXTENSION],
@@ -107,20 +111,24 @@ my $proxy = TLSProxy::Proxy->new(
 
 #Test 1: Check we get all the right messages for a default handshake
 (undef, my $session) = tempfile();
-#$proxy->serverconnects(2);
+$proxy->serverconnects(2);
 $proxy->clientflags("-sess_out ".$session);
+$proxy->sessionfile($session);
 $proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
-plan tests => 12;
+plan tests => 13;
 checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
                checkhandshake::DEFAULT_EXTENSIONS,
                "Default handshake test");
 
-#TODO(TLS1.3): Test temporarily disabled until we implement TLS1.3 resumption
 #Test 2: Resumption handshake
-#$proxy->clearClient();
-#$proxy->clientflags("-sess_in ".$session);
-#$proxy->clientstart();
-#checkmessages(RESUME_HANDSHAKE, "Resumption handshake test");
+$proxy->clearClient();
+$proxy->clientflags("-sess_in ".$session);
+$proxy->clientstart();
+checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE,
+               checkhandshake::DEFAULT_EXTENSIONS
+               | checkhandshake::PSK_CLI_EXTENSION
+               | checkhandshake::PSK_SRV_EXTENSION,
+               "Resumption handshake test");
 unlink $session;
 
 #Test 3: A status_request handshake (client request only)
diff --git a/test/testlib/checkhandshake.pm b/test/testlib/checkhandshake.pm
index 0c3df6fde23e525d192e9f83cbcbf1e33ed36389..e974403af3f1d6a1e44cf6edca9d2386c4a554c7 100644 (file)
--- a/test/testlib/checkhandshake.pm
+++ b/test/testlib/checkhandshake.pm
@@ -46,6 +46,8 @@ use constant {
     SRP_CLI_EXTENSION => 0x00002000,
     #Client side for ec point formats is a default extension
     EC_POINT_FORMAT_SRV_EXTENSION => 0x00004000,
+    PSK_CLI_EXTENSION => 0x00008000,
+    PSK_SRV_EXTENSION => 0x00010000
 };
 
 our @handmessages = ();
@@ -81,6 +83,10 @@ sub checkhandshake($$$$)
         #one extension gets checked twice (once in each Certificate message)
         $numtests += 2 if ($proxy->is_tls13()
                           && ($handtype & CLIENT_AUTH_HANDSHAKE) != 0);
+        #And in a resumption handshake we don't get Certificate at all and the
+        #Certificate extension doesn't get checked at all
+        $numtests -= 2 if ($proxy->is_tls13()
+                          && ($handtype & RESUME_HANDSHAKE) != 0);
 
         plan tests => $numtests;
 
A mirror of the official openssl repository