X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=test%2Frecipes%2F70-test_tlsextms.t;h=dc6cf75cbe26580eb5270e29835403d03defd2d0;hp=1248594c068331fa71e324c534c6a9092aeb4aa3;hb=e41e5d1e73c878261560e4b122cf309a0ecb42b8;hpb=b02b57431718b74ddaf24cc3db004f145311abac

diff --git a/test/recipes/70-test_tlsextms.t b/test/recipes/70-test_tlsextms.t
index 1248594c06..dc6cf75cbe 100644
--- a/test/recipes/70-test_tlsextms.t
+++ b/test/recipes/70-test_tlsextms.t
@@ -24,8 +24,8 @@ plan skip_all => "$test_name needs the dynamic engine feature enabled"
 plan skip_all => "$test_name needs the sock feature enabled"
     if disabled("sock");
 
-plan skip_all => "$test_name needs TLS enabled"
-    if alldisabled(available_protocols("tls"));
+plan skip_all => "$test_name needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled"
+    if disabled("tls1") && disabled("tls1_1") && disabled("tls1_2");
 
 $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
 
@@ -46,14 +46,19 @@ my $proxy = TLSProxy::Proxy->new(
     (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
 );
 
+#Note that EXTMS is only relevant for <TLS1.3
+
 #Test 1: By default server and client should send extended master secret
 # extension.
 #Expected result: ClientHello extension seen; ServerHello extension seen
 #                 Full handshake
 
 setrmextms(0, 0);
+$proxy->clientflags("-no_tls1_3");
 $proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
-plan tests => 9;
+my $numtests = 9;
+$numtests++ if (!disabled("tls1_3"));
+plan tests => $numtests;
 checkmessages(1, "Default extended master secret test", 1, 1, 1);
 
 #Test 2: If client omits extended master secret extension, server should too.
@@ -62,6 +67,7 @@ checkmessages(1, "Default extended master secret test", 1, 1, 1);
 
 clearall();
 setrmextms(1, 0);
+$proxy->clientflags("-no_tls1_3");
 $proxy->start();
 checkmessages(2, "No client extension extended master secret test", 0, 0, 1);
 
@@ -69,7 +75,7 @@ checkmessages(2, "No client extension extended master secret test", 0, 0, 1);
 # Expected result: same as test 1.
 
 clearall();
-$proxy->clientflags("-no_ticket");
+$proxy->clientflags("-no_ticket -no_tls1_3");
 setrmextms(0, 0);
 $proxy->start();
 checkmessages(3, "No ticket extended master secret test", 1, 1, 1);
@@ -78,10 +84,10 @@ checkmessages(3, "No ticket extended master secret test", 1, 1, 1);
 # Expected result: same as test 2.
 
 clearall();
-$proxy->clientflags("-no_ticket");
+$proxy->clientflags("-no_ticket -no_tls1_3");
 setrmextms(1, 0);
 $proxy->start();
-checkmessages(2, "No ticket, no client extension extended master secret test", 0, 0, 1);
+checkmessages(4, "No ticket, no client extension extended master secret test", 0, 0, 1);
 
 #Test 5: Session resumption extended master secret test
 #
@@ -92,10 +98,10 @@ clearall();
 setrmextms(0, 0);
 (undef, my $session) = tempfile();
 $proxy->serverconnects(2);
-$proxy->clientflags("-sess_out ".$session);
+$proxy->clientflags("-no_tls1_3 -sess_out ".$session);
 $proxy->start();
 $proxy->clearClient();
-$proxy->clientflags("-sess_in ".$session);
+$proxy->clientflags("-no_tls1_3 -sess_in ".$session);
 $proxy->clientstart();
 checkmessages(5, "Session resumption extended master secret test", 1, 1, 0);
 unlink $session;
@@ -109,10 +115,10 @@ clearall();
 setrmextms(1, 0);
 (undef, $session) = tempfile();
 $proxy->serverconnects(2);
-$proxy->clientflags("-sess_out ".$session);
+$proxy->clientflags("-no_tls1_3 -sess_out ".$session);
 $proxy->start();
 $proxy->clearClient();
-$proxy->clientflags("-sess_in ".$session);
+$proxy->clientflags("-no_tls1_3 -sess_in ".$session);
 setrmextms(0, 0);
 $proxy->clientstart();
 checkmessages(6, "Session resumption extended master secret test", 1, 1, 1);
@@ -126,10 +132,10 @@ clearall();
 setrmextms(0, 0);
 (undef, $session) = tempfile();
 $proxy->serverconnects(2);
-$proxy->clientflags("-sess_out ".$session);
+$proxy->clientflags("-no_tls1_3 -sess_out ".$session);
 $proxy->start();
 $proxy->clearClient();
-$proxy->clientflags("-sess_in ".$session);
+$proxy->clientflags("-no_tls1_3 -sess_in ".$session);
 setrmextms(1, 0);
 $proxy->clientstart();
 ok(TLSProxy::Message->fail(), "Client inconsistent session resumption");
@@ -143,10 +149,10 @@ clearall();
 setrmextms(0, 0);
 (undef, $session) = tempfile();
 $proxy->serverconnects(2);
-$proxy->clientflags("-sess_out ".$session);
+$proxy->clientflags("-no_tls1_3 -sess_out ".$session);
 $proxy->start();
 $proxy->clearClient();
-$proxy->clientflags("-sess_in ".$session);
+$proxy->clientflags("-no_tls1_3 -sess_in ".$session);
 setrmextms(0, 1);
 $proxy->clientstart();
 ok(TLSProxy::Message->fail(), "Server inconsistent session resumption 1");
@@ -160,15 +166,27 @@ clearall();
 setrmextms(0, 1);
 (undef, $session) = tempfile();
 $proxy->serverconnects(2);
-$proxy->clientflags("-sess_out ".$session);
+$proxy->clientflags("-no_tls1_3 -sess_out ".$session);
 $proxy->start();
 $proxy->clearClient();
-$proxy->clientflags("-sess_in ".$session);
+$proxy->clientflags("-no_tls1_3 -sess_in ".$session);
 setrmextms(0, 0);
 $proxy->clientstart();
 ok(TLSProxy::Message->fail(), "Server inconsistent session resumption 2");
 unlink $session;
 
+#Test 10: In TLS1.3 we should not negotiate extended master secret
+#Expected result: ClientHello extension seen; ServerHello extension not seen
+#                 TLS1.3 handshake (will appear as abbreviated handshake
+#                 because of no CKE message)
+if (!disabled("tls1_3")) {
+    clearall();
+    setrmextms(0, 0);
+    $proxy->start();
+    checkmessages(10, "TLS1.3 extended master secret test", 1, 0, 0);
+}
+
+
 sub extms_filter
 {
     my $proxy = shift;