Test atexit handlers

[openssl.git] / test / recipes / 70-test_tls13psk.t

diff --git a/test/recipes/70-test_tls13psk.t b/test/recipes/70-test_tls13psk.t
index 48d1dde9980bbf49f2dcce61fded6c80a16bc0ac..40e6ed105bc27759e5f3a6a2e07471b9480dd264 100644 (file)
--- a/test/recipes/70-test_tls13psk.t
+++ b/test/recipes/70-test_tls13psk.t
@@ -1,7 +1,7 @@
 #! /usr/bin/env perl
-# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
 #
-# Licensed under the OpenSSL license (the "License").  You may not use
+# Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
 # in the file LICENSE in the source distribution or at
 # https://www.openssl.org/source/license.html
@@ -16,7 +16,7 @@ my $test_name = "test_tls13psk";
 setup($test_name);
 
 plan skip_all => "TLSProxy isn't usable on $^O"
-    if $^O =~ /^(VMS|MSWin32)$/;
+    if $^O =~ /^(VMS)$/;
 
 plan skip_all => "$test_name needs the dynamic engine feature enabled"
     if disabled("engine") || disabled("dynamic-engine");
@@ -42,15 +42,16 @@ use constant {
     ILLEGAL_EXT_SECOND_CH => 1
 };
 
-#Most PSK tests are done in test_ssl_new. This just checks sending a PSK
-#extension when it isn't in the last place in a ClientHello
+#Most PSK tests are done in test_ssl_new. This tests various failure scenarios
+#around PSK
 
 #Test 1: First get a session
 (undef, my $session) = tempfile();
 $proxy->clientflags("-sess_out ".$session);
+$proxy->serverflags("-servername localhost");
 $proxy->sessionfile($session);
 $proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
-plan tests => 4;
+plan tests => 5;
 ok(TLSProxy::Message->success(), "Initial connection");
 
 #Test 2: Attempt a resume with PSK not in last place. Should fail
@@ -62,7 +63,7 @@ $proxy->start();
 ok(TLSProxy::Message->fail(), "PSK not last");
 
 #Test 3: Attempt a resume after an HRR where PSK hash matches selected
-#        ciperhsuite. Should see PSK on second ClientHello
+#        ciphersuite. Should see PSK on second ClientHello
 $proxy->clear();
 $proxy->clientflags("-sess_in ".$session);
 $proxy->serverflags("-curves P-256");
@@ -81,10 +82,10 @@ $proxy->clear();
 $proxy->clientflags("-sess_in ".$session);
 $proxy->filter(\&modify_psk_filter);
 $proxy->serverflags("-curves P-256");
-$proxy->cipherc("TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384");
-$proxy->ciphers("TLS13-AES-256-GCM-SHA384");
+$proxy->ciphersuitesc("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384");
+$proxy->ciphersuitess("TLS_AES_256_GCM_SHA384");
 #We force an early failure because TLS Proxy doesn't actually support
-#TLS13-AES-256-GCM-SHA384. That doesn't matter for this test though.
+#TLS_AES_256_GCM_SHA384. That doesn't matter for this test though.
 $testtype = ILLEGAL_EXT_SECOND_CH;
 $proxy->start();
 #Check if the PSK is present in the second ClientHello
@@ -94,6 +95,13 @@ $pskseen = $ch2seen
            && defined ${$ch2->extension_data}{TLSProxy::Message::EXT_PSK};
 ok($ch2seen && !$pskseen, "PSK hash does not match");
 
+#Test 5: Attempt a resume without a sig agls extension. Should succeed because
+#        sig algs is not needed in a resumption.
+$proxy->clear();
+$proxy->clientflags("-sess_in ".$session);
+$proxy->filter(\&remove_sig_algs_filter);
+$proxy->start();
+ok(TLSProxy::Message->success(), "Remove sig algs");
 
 unlink $session;
 
@@ -129,3 +137,16 @@ sub modify_psk_filter
     }
     $message->repack();
 }
+
+sub remove_sig_algs_filter
+{
+    my $proxy = shift;
+    my $message;
+
+    # Only look at the first ClientHello
+    return if $proxy->flight != 0;
+
+    $message = ${$proxy->message_list}[0];
+    $message->delete_extension(TLSProxy::Message::EXT_SIG_ALGS);
+    $message->repack();
+}