|| !TEST_ptr(sess2 = SSL_get1_session(serverssl1)))
goto end;
- /* Should fail because it should already be in the cache */
- if (use_int_cache && !TEST_false(SSL_CTX_add_session(sctx, sess2)))
- goto end;
+ if (use_int_cache) {
+ if (maxprot == TLS1_3_VERSION && !use_ext_cache) {
+ /*
+ * In TLSv1.3 it should not have been added to the internal cache,
+ * except in the case where we also have an external cache (in that
+ * case it gets added to the cache in order to generate remove
+ * events after timeout).
+ */
+ if (!TEST_false(SSL_CTX_remove_session(sctx, sess2)))
+ goto end;
+ } else {
+ /* Should fail because it should already be in the cache */
+ if (!TEST_false(SSL_CTX_add_session(sctx, sess2)))
+ goto end;
+ }
+ }
if (use_ext_cache) {
SSL_SESSION *tmp = sess2;
* the external cache. We take a copy first because
* SSL_CTX_remove_session() also marks the session as non-resumable.
*/
- if (use_int_cache) {
+ if (use_int_cache && maxprot != TLS1_3_VERSION) {
if (!TEST_ptr(tmp = SSL_SESSION_dup(sess2))
|| !TEST_true(SSL_CTX_remove_session(sctx, sess2)))
goto end;
#endif
}
-SSL_SESSION *sesscache[9];
+static SSL_SESSION *sesscache[6];
+static int do_cache;
static int new_cachesession_cb(SSL *ssl, SSL_SESSION *sess)
{
- sesscache[new_called++] = sess;
+ if (do_cache) {
+ sesscache[new_called] = sess;
+ } else {
+ /* We don't need the reference to the session, so free it */
+ SSL_SESSION_free(sess);
+ }
+ new_called++;
+
+ return 1;
+}
+
+static int post_handshake_verify(SSL *sssl, SSL *cssl)
+{
+ SSL_set_verify(sssl, SSL_VERIFY_PEER, NULL);
+ if (!TEST_true(SSL_verify_client_post_handshake(sssl)))
+ return 0;
+
+ /* Start handshake on the server and client */
+ if (!TEST_int_eq(SSL_do_handshake(sssl), 1)
+ || !TEST_int_le(SSL_read(cssl, NULL, 0), 0)
+ || !TEST_int_le(SSL_read(sssl, NULL, 0), 0)
+ || !TEST_true(create_ssl_connection(sssl, cssl,
+ SSL_ERROR_NONE)))
+ return 0;
return 1;
}
/* idx is the test number, but also the number of tickets we want */
new_called = 0;
+ do_cache = 1;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
TLS1_VERSION, TLS_MAX_VERSION, &sctx,
goto end;
/* After a post-handshake authentication we should get new tickets issued */
- SSL_set_verify(serverssl, SSL_VERIFY_PEER, NULL);
- if (!TEST_true(SSL_verify_client_post_handshake(serverssl)))
- goto end;
-
- /* Start handshake on the server and client */
- if (!TEST_int_eq(SSL_do_handshake(serverssl), 1)
- || !TEST_int_le(SSL_read(clientssl, NULL, 0), 0)
- || !TEST_int_le(SSL_read(serverssl, NULL, 0), 0)
- || !TEST_true(create_ssl_connection(serverssl, clientssl,
- SSL_ERROR_NONE))
+ if (!post_handshake_verify(serverssl, clientssl)
|| !TEST_int_eq(idx * 2, new_called))
goto end;
- SSL_CTX_sess_set_new_cb(cctx, NULL);
SSL_shutdown(clientssl);
SSL_shutdown(serverssl);
SSL_free(serverssl);
SSL_free(clientssl);
serverssl = clientssl = NULL;
+ /* Stop caching sessions - just count them */
+ do_cache = 0;
+
/* Test that we can resume with all the tickets we got given */
- for (i = 0; i < new_called; i++) {
+ for (i = 0; i < idx * 2; i++) {
+ new_called = 0;
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
&clientssl, NULL, NULL))
- || !TEST_true(SSL_set_session(clientssl, sesscache[i]))
- || !TEST_true(create_ssl_connection(serverssl, clientssl,
+ || !TEST_true(SSL_set_session(clientssl, sesscache[i])))
+ goto end;
+
+ SSL_force_post_handshake_auth(clientssl);
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE))
- || !TEST_true(SSL_session_reused(clientssl)))
+ || !TEST_true(SSL_session_reused(clientssl))
+ /* Following a resumption we only get 1 ticket */
+ || !TEST_int_eq(new_called, 1))
+ goto end;
+
+ new_called = 0;
+ /* After a post-handshake authentication we should get 1 new ticket */
+ if (!post_handshake_verify(serverssl, clientssl)
+ || !TEST_int_eq(new_called, 1))
goto end;
SSL_shutdown(clientssl);
end:
SSL_free(serverssl);
SSL_free(clientssl);
- for (j = 0; j < OSSL_NELEM(sesscache); j++)
+ for (j = 0; j < OSSL_NELEM(sesscache); j++) {
SSL_SESSION_free(sesscache[j]);
+ sesscache[j] = NULL;
+ }
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
|| !TEST_size_t_eq(written, strlen(MSG2)))
goto end;
- /*
- * Should block due to the NewSessionTicket arrival unless we're using
- * read_ahead, or PSKs
- */
- if (idx != 1 && idx != 2) {
- if (!TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)))
- goto end;
- }
-
if (!TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
|| !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
goto end;
int tlsvers;
if (tst < 2) {
-#ifndef OPENSSL_NO_TLS1_2
+/* We need either ECDHE or DHE for the TLSv1.2 test to work */
+#if !defined(OPENSSL_NO_TLS1_2) && (!defined(OPENSSL_NO_EC) \
+ || !defined(OPENSSL_NO_DH))
tlsvers = TLS1_2_VERSION;
#else
return 1;