# Known TLS and DTLS protocols
my @tls = qw(ssl3 tls1 tls1_1 tls1_2 tls1_3);
-my @dtls = qw(dtls1 dtls1_2);
+my @dtls = qw(dtls1 dtls1_2 dtls1_3);
# Explicitly known options that are possible to disable. They can
# be regexps, and will be used like this: /^no-${option}$/
foreach my $proto ((@tls, @dtls))
{
push(@disablables, $proto);
- push(@disablables, "$proto-method") unless $proto eq "tls1_3";
+ push(@disablables, "$proto-method") unless $proto eq "tls1_3" || $proto eq "dtls1_3";
}
# Internal disablables, for aliasing purposes. They serve no special
plan skip_all => "$test_name needs the sock feature enabled"
if disabled("sock");
-plan skip_all => "$test_name needs TLS1.3 enabled"
- if disabled("tls1_3") || (disabled("ec") && disabled("dh"));
-
-my $proxy = TLSProxy::Proxy->new(
- undef,
- cmdstr(app(["openssl"]), display => 1),
- srctop_file("apps", "server.pem"),
- (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
-);
-
-#Test 1: We test that a server can handle an unencrypted alert when normally the
-# next message is encrypted
-$proxy->filter(\&alert_filter);
-$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
-plan tests => 1;
-my $alert = TLSProxy::Message->alert();
-ok(TLSProxy::Message->fail() && !$alert->server() && !$alert->encrypted(), "Client sends an unencrypted alert");
+plan skip_all => "$test_name needs elliptic curves and diffie-hellman enabled"
+ if disabled("ec") && disabled("dh");
+
+my $testcount = 1;
+
+plan tests => 2 * $testcount;
+
+SKIP: {
+ skip "TLS 1.3 is disabled", $testcount if disabled("tls1_3");
+ # Run tests with TLS
+ run_tests(0);
+}
+
+SKIP: {
+ skip "DTLS 1.3 is disabled", $testcount if disabled("dtls1_3");
+ skip "DTLSProxy does not support partial messages that are sent when EC is disabled",
+ $testcount if disabled("ec");
+ skip "DTLSProxy does not work on Windows", $testcount if $^O =~ /^(MSWin32)$/;
+ run_tests(1);
+}
+
+sub run_tests
+{
+ my $run_test_as_dtls = shift;
+ my $proxy_start_success = 0;
+
+ my $proxy;
+ if ($run_test_as_dtls == 1) {
+ $proxy = TLSProxy::Proxy->new_dtls(
+ undef,
+ cmdstr(app([ "openssl" ]), display => 1),
+ srctop_file("apps", "server.pem"),
+ (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
+ );
+ }
+ else {
+ $proxy = TLSProxy::Proxy->new(
+ undef,
+ cmdstr(app(["openssl"]), display => 1),
+ srctop_file("apps", "server.pem"),
+ (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
+ );
+ }
+
+ #Test 1: We test that a server can handle an unencrypted alert when normally the
+ # next message is encrypted
+ $proxy->clear();
+ $proxy->filter(\&alert_filter);
+ $proxy_start_success = $proxy->start();
+ skip "TLSProxy did not start correctly", $testcount if $proxy_start_success == 0;
+
+ my $alert = TLSProxy::Message->alert();
+ ok(TLSProxy::Message->fail() && !$alert->server() && !$alert->encrypted(), "Client sends an unencrypted alert");
+}
sub alert_filter
{
." -cert ".$self->cert." -cert2 ".$self->cert
." -naccept ".$self->serverconnects;
if ($self->{isdtls}) {
- $execcmd .= " -dtls -max_protocol DTLSv1.2"
+ $execcmd .= " -dtls -max_protocol DTLSv1.3"
# TLSProxy does not support message fragmentation. So
# set a high mtu and fingers crossed.
." -mtu 1500";
." s_client -provider=p_ossltest -provider=default -propquery ?provider=p_ossltest"
." -connect $self->{proxy_addr}:$self->{proxy_port}";
if ($self->{isdtls}) {
- $execcmd .= " -dtls -max_protocol DTLSv1.2"
+ $execcmd .= " -dtls -max_protocol DTLSv1.3"
# TLSProxy does not support message fragmentation. So
# set a high mtu and fingers crossed.
." -mtu 1500"
projects / thirdparty / openssl.git / commitdiff
