return testresult;
}
+/*
+ * Test that SSL_version, SSL_get_version, SSL_is_quic, SSL_is_tls and
+ * SSL_is_dtls return the expected results for a QUIC connection. Compare with
+ * test_version() in sslapitest.c which does the same thing for TLS/DTLS
+ * connections.
+ */
+static int test_version(void)
+{
+ SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
+ SSL *clientquic = NULL;
+ QUIC_TSERVER *qtserv = NULL;
+ int testresult = 0;
+
+ if (!TEST_ptr(cctx)
+ || !TEST_true(qtest_create_quic_objects(libctx, cctx, cert, privkey,
+ 0, &qtserv, &clientquic,
+ NULL))
+ || !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
+ goto err;
+
+ if (!TEST_int_eq(SSL_version(clientquic), OSSL_QUIC1_VERSION)
+ || !TEST_str_eq(SSL_get_version(clientquic), "QUICv1"))
+ goto err;
+
+ if (!TEST_true(SSL_is_quic(clientquic))
+ || !TEST_false(SSL_is_tls(clientquic))
+ || !TEST_false(SSL_is_dtls(clientquic)))
+ goto err;
+
+
+ testresult = 1;
+ err:
+ ossl_quic_tserver_free(qtserv);
+ SSL_free(clientquic);
+ SSL_CTX_free(cctx);
+
+ return testresult;
+}
+
OPT_TEST_DECLARE_USAGE("provider config\n")
int setup_tests(void)
ADD_ALL_TESTS(test_quic_write_read, 2);
ADD_TEST(test_ciphersuites);
+ ADD_TEST(test_version);
return 1;
err:
}
#endif /* !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DYNAMIC_ENGINE) */
+static int check_version_string(SSL *s, int version)
+{
+ const char *verstr = NULL;
+
+ switch (version) {
+ case SSL3_VERSION:
+ verstr = "SSLv3";
+ break;
+ case TLS1_VERSION:
+ verstr = "TLSv1";
+ break;
+ case TLS1_1_VERSION:
+ verstr = "TLSv1.1";
+ break;
+ case TLS1_2_VERSION:
+ verstr = "TLSv1.2";
+ break;
+ case TLS1_3_VERSION:
+ verstr = "TLSv1.3";
+ break;
+ case DTLS1_VERSION:
+ verstr = "DTLSv1";
+ break;
+ case DTLS1_2_VERSION:
+ verstr = "DTLSv1.2";
+ }
+
+ return TEST_str_eq(verstr, SSL_get_version(s));
+}
+
+/*
+ * Test that SSL_version, SSL_get_version, SSL_is_quic, SSL_is_tls and
+ * SSL_is_dtls return the expected results for a (D)TLS connection. Compare with
+ * test_version() in quicapitest.c which does the same thing for QUIC
+ * connections.
+ */
+static int test_version(int idx)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0, version;
+ const SSL_METHOD *servmeth = TLS_server_method();
+ const SSL_METHOD *clientmeth = TLS_client_method();
+
+ switch (idx) {
+#if !defined(OPENSSL_NO_SSL3)
+ case 0:
+ version = SSL3_VERSION;
+ break;
+#endif
+#if !defined(OPENSSL_NO_TLS1)
+ case 1:
+ version = TLS1_VERSION;
+ break;
+#endif
+#if !defined(OPENSSL_NO_TLS1_2)
+ case 2:
+ version = TLS1_2_VERSION;
+ break;
+#endif
+#if !defined(OSSL_NO_USABLE_TLS1_3)
+ case 3:
+ version = TLS1_3_VERSION;
+ break;
+#endif
+#if !defined(OPENSSL_NO_DTLS1)
+ case 4:
+ version = DTLS1_VERSION;
+ break;
+#endif
+#if !defined(OPENSSL_NO_DTLS1_2)
+ case 5:
+ version = DTLS1_2_VERSION;
+ break;
+#endif
+ /*
+ * NB we do not support QUIC in this test. That is covered by quicapitest.c
+ * We also don't support DTLS1_BAD_VER since we have no server support for
+ * that.
+ */
+ default:
+ TEST_skip("Unsupported protocol version");
+ return 1;
+ }
+
+ if (is_fips
+ && (version == SSL3_VERSION
+ || version == TLS1_VERSION
+ || version == DTLS1_VERSION)) {
+ TEST_skip("Protocol version not supported with FIPS");
+ return 1;
+ }
+
+#if !defined(OPENSSL_NO_DTLS)
+ if (version == DTLS1_VERSION || version == DTLS1_2_VERSION) {
+ servmeth = DTLS_server_method();
+ clientmeth = DTLS_client_method();
+ }
+#endif
+
+ if (!TEST_true(create_ssl_ctx_pair(libctx, servmeth, clientmeth, version,
+ version, &sctx, &cctx, cert, privkey)))
+ goto end;
+
+ if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0"))
+ || !TEST_true(SSL_CTX_set_cipher_list(cctx,
+ "DEFAULT:@SECLEVEL=0")))
+ goto end;
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
+ &clientssl, NULL, NULL)))
+ goto end;
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ goto end;
+
+ if (!TEST_int_eq(SSL_version(serverssl), version)
+ || !TEST_int_eq(SSL_version(clientssl), version)
+ || !TEST_true(check_version_string(serverssl, version))
+ || !TEST_true(check_version_string(clientssl, version)))
+ goto end;
+
+ if (version == DTLS1_VERSION || version == DTLS1_2_VERSION) {
+ if (!TEST_true(SSL_is_dtls(serverssl))
+ || !TEST_true(SSL_is_dtls(clientssl))
+ || !TEST_false(SSL_is_tls(serverssl))
+ || !TEST_false(SSL_is_tls(clientssl))
+ || !TEST_false(SSL_is_quic(serverssl))
+ || !TEST_false(SSL_is_quic(clientssl)))
+ goto end;
+ } else {
+ if (!TEST_true(SSL_is_tls(serverssl))
+ || !TEST_true(SSL_is_tls(clientssl))
+ || !TEST_false(SSL_is_dtls(serverssl))
+ || !TEST_false(SSL_is_dtls(clientssl))
+ || !TEST_false(SSL_is_quic(serverssl))
+ || !TEST_false(SSL_is_quic(clientssl)))
+ goto end;
+ }
+
+ testresult = 1;
+end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+ return testresult;
+}
+
OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile provider config dhfile\n")
int setup_tests(void)
#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DYNAMIC_ENGINE)
ADD_ALL_TESTS(test_pipelining, 6);
#endif
+ ADD_ALL_TESTS(test_version, 6);
return 1;
err:
projects / openssl.git / commitdiff