my $inject_recs_num = 1;
$proxy->serverflags("-tls1_2");
$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
-my $num_tests = 10;
+my $num_tests = 11;
if (!disabled("tls1_1")) {
$num_tests++;
}
+if (!disabled("tls1_3")) {
+ $num_tests += 3;
+}
plan tests => $num_tests;
ok(TLSProxy::Message->fail(), "Out of context empty records test");
$proxy->clear();
$proxy->serverflags("-tls1_2");
$proxy->start();
-ok(!TLSProxy::Message->end(), "SSLv2 in SSLv2 ClientHello test");
+ok(TLSProxy::Message->fail(), "SSLv2 in SSLv2 ClientHello test");
#Test 7: Sanity check ClientHello fragmentation. This isn't really an SSLv2 test
# at all, but it gives us confidence that Test 8 fails for the right
#Test 10: Sending an unrecognised record type in TLS1.2 should fail
$proxy->clear();
+$proxy->serverflags("-tls1_2");
$proxy->filter(\&add_unknown_record_type);
$proxy->start();
ok(TLSProxy::Message->fail(), "Unrecognised record type in TLS1.2");
ok(TLSProxy::Message->fail(), "Unrecognised record type in TLS1.1");
}
+#Test 12: Sending a different record version in TLS1.2 should fail
+$proxy->clear();
+$proxy->clientflags("-tls1_2");
+$proxy->filter(\&change_version);
+$proxy->start();
+ok(TLSProxy::Message->fail(), "Changed record version in TLS1.2");
+
+#TLS1.3 specific tests
+if (!disabled("tls1_3")) {
+ #Test 13: Sending a different record version in TLS1.3 should succeed
+ $proxy->clear();
+ $proxy->filter(\&change_version);
+ $proxy->start();
+ ok(TLSProxy::Message->success(), "Changed record version in TLS1.3");
+
+ #Test 14: Sending an unrecognised record type in TLS1.3 should fail
+ $proxy->clear();
+ $proxy->filter(\&add_unknown_record_type);
+ $proxy->start();
+ ok(TLSProxy::Message->fail(), "Unrecognised record type in TLS1.3");
+
+ #Test 15: Sending an outer record type other than app data once encrypted
+ #should fail
+ $proxy->clear();
+ $proxy->filter(\&change_outer_record_type);
+ $proxy->start();
+ ok(TLSProxy::Message->fail(), "Wrong outer record type in TLS1.3");
+ }
+
+
sub add_empty_recs_filter
{
my $proxy = shift;
my $proxy = shift;
# We'll change a record after the initial version neg has taken place
- if ($proxy->flight != 2) {
+ if ($proxy->flight != 1) {
return;
}
my $lastrec = ${$proxy->record_list}[-1];
my $record = TLSProxy::Record->new(
- 2,
+ 1,
TLSProxy::Record::RT_UNKNOWN,
$lastrec->version(),
1,
"X"
);
- unshift @{$proxy->record_list}, $record;
+ #Find ServerHello record and insert after that
+ my $i;
+ for ($i = 0; ${$proxy->record_list}[$i]->flight() < 1; $i++) {
+ next;
+ }
+ $i++;
+
+ splice @{$proxy->record_list}, $i, 0, $record;
+}
+
+sub change_version
+{
+ my $proxy = shift;
+
+ # We'll change a version after the initial version neg has taken place
+ if ($proxy->flight != 2) {
+ return;
+ }
+
+ (${$proxy->record_list}[-1])->version(TLSProxy::Record::VERS_TLS_1_1);
+}
+
+sub change_outer_record_type
+{
+ my $proxy = shift;
+
+ # We'll change a record after the initial version neg has taken place
+ if ($proxy->flight != 1) {
+ return;
+ }
+
+ #Find ServerHello record and change record after that
+ my $i;
+ for ($i = 0; ${$proxy->record_list}[$i]->flight() < 1; $i++) {
+ next;
+ }
+ $i++;
+ ${$proxy->record_list}[$i]->outer_content_type(TLSProxy::Record::RT_HANDSHAKE);
}
projects / openssl.git / blobdiff