checkhandshake::CLIENT_AUTH_HANDSHAKE],
[TLSProxy::Message::MT_CERTIFICATE,
checkhandshake::ALL_HANDSHAKES & ~checkhandshake::RESUME_HANDSHAKE],
- [TLSProxy::Message::MT_CERTIFICATE_STATUS,
- checkhandshake::OCSP_HANDSHAKE],
+ [TLSProxy::Message::MT_CERTIFICATE_VERIFY,
+ checkhandshake::ALL_HANDSHAKES & ~checkhandshake::RESUME_HANDSHAKE],
[TLSProxy::Message::MT_FINISHED,
checkhandshake::ALL_HANDSHAKES],
[TLSProxy::Message::MT_CERTIFICATE,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
checkhandshake::DEFAULT_EXTENSIONS],
+ [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES,
+ checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_SERVER_NAME,
checkhandshake::SERVER_NAME_SRV_EXTENSION],
- [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_STATUS_REQUEST,
- checkhandshake::STATUS_REQUEST_SRV_EXTENSION],
[TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_ALPN,
checkhandshake::ALPN_SRV_EXTENSION],
+
+ [TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_STATUS_REQUEST,
+ checkhandshake::STATUS_REQUEST_SRV_EXTENSION],
+
[0,0,0]
);
$proxy->clientflags("-status");
$proxy->start();
checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
- checkhandshake::DEFAULT_EXTENSIONS
- | checkhandshake::STATUS_REQUEST_CLI_EXTENSION,
- "status_request handshake test (client)");
+ checkhandshake::DEFAULT_EXTENSIONS
+ | checkhandshake::STATUS_REQUEST_CLI_EXTENSION,
+ "status_request handshake test (client)");
#Test 4: A status_request handshake (server support only)
$proxy->clear();
$proxy->start();
checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
checkhandshake::DEFAULT_EXTENSIONS,
- "status_request handshake test (server)");
+ "status_request handshake test (server)");
#Test 5: A status_request handshake (client and server)
#TODO(TLS1.3): TLS1.3 doesn't actually have CertificateStatus messages. This is
$proxy->serverflags("-status_file "
.srctop_file("test", "recipes", "ocsp-response.der"));
$proxy->start();
-checkhandshake($proxy, checkhandshake::OCSP_HANDSHAKE,
- checkhandshake::DEFAULT_EXTENSIONS
- | checkhandshake::STATUS_REQUEST_CLI_EXTENSION
- | checkhandshake::STATUS_REQUEST_SRV_EXTENSION,
- "status_request handshake test");
+checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
+ checkhandshake::DEFAULT_EXTENSIONS
+ | checkhandshake::STATUS_REQUEST_CLI_EXTENSION
+ | checkhandshake::STATUS_REQUEST_SRV_EXTENSION,
+ "status_request handshake test");
#Test 6: A client auth handshake
$proxy->clear();
$proxy->start();
checkhandshake($proxy, checkhandshake::CLIENT_AUTH_HANDSHAKE,
checkhandshake::DEFAULT_EXTENSIONS,
- "Client auth handshake test");
+ "Client auth handshake test");
#Test 7: Server name handshake (client request only)
$proxy->clear();
checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
checkhandshake::DEFAULT_EXTENSIONS
| checkhandshake::SERVER_NAME_CLI_EXTENSION,
- "Server name handshake test (client)");
+ "Server name handshake test (client)");
#Test 8: Server name handshake (server support only)
$proxy->clear();
$proxy->start();
checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
checkhandshake::DEFAULT_EXTENSIONS,
- "Server name handshake test (server)");
+ "Server name handshake test (server)");
#Test 9: Server name handshake (client and server)
$proxy->clear();
$proxy->serverflags("-servername testhost");
$proxy->start();
checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
- checkhandshake::DEFAULT_EXTENSIONS
- | checkhandshake::SERVER_NAME_CLI_EXTENSION
- | checkhandshake::SERVER_NAME_SRV_EXTENSION,
- "Server name handshake test");
+ checkhandshake::DEFAULT_EXTENSIONS
+ | checkhandshake::SERVER_NAME_CLI_EXTENSION
+ | checkhandshake::SERVER_NAME_SRV_EXTENSION,
+ "Server name handshake test");
#Test 10: ALPN handshake (client request only)
$proxy->clear();
checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
checkhandshake::DEFAULT_EXTENSIONS
| checkhandshake::ALPN_CLI_EXTENSION,
- "ALPN handshake test (client)");
+ "ALPN handshake test (client)");
#Test 11: ALPN handshake (server support only)
$proxy->clear();
$proxy->start();
checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
checkhandshake::DEFAULT_EXTENSIONS,
- "ALPN handshake test (server)");
+ "ALPN handshake test (server)");
#Test 12: ALPN handshake (client and server)
$proxy->clear();
$proxy->serverflags("-alpn test");
$proxy->start();
checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
- checkhandshake::DEFAULT_EXTENSIONS
- | checkhandshake::ALPN_CLI_EXTENSION
- | checkhandshake::ALPN_SRV_EXTENSION,
- "ALPN handshake test");
+ checkhandshake::DEFAULT_EXTENSIONS
+ | checkhandshake::ALPN_CLI_EXTENSION
+ | checkhandshake::ALPN_SRV_EXTENSION,
+ "ALPN handshake test");
#Test 13: SCT handshake (client request only)
#TODO(TLS1.3): This only checks that the client side extension appears. The
$proxy->serverflags("-status_file "
.srctop_file("test", "recipes", "ocsp-response.der"));
$proxy->start();
-checkhandshake($proxy, checkhandshake::OCSP_HANDSHAKE,
- checkhandshake::DEFAULT_EXTENSIONS
- | checkhandshake::SCT_CLI_EXTENSION
- | checkhandshake::STATUS_REQUEST_CLI_EXTENSION
- | checkhandshake::STATUS_REQUEST_SRV_EXTENSION,
- "SCT handshake test");
+checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
+ checkhandshake::DEFAULT_EXTENSIONS
+ | checkhandshake::SCT_CLI_EXTENSION
+ | checkhandshake::STATUS_REQUEST_CLI_EXTENSION
+ | checkhandshake::STATUS_REQUEST_SRV_EXTENSION,
+ "SCT handshake test");