Add a test to verify the ClientHello version is the same in a reneg
authorMatt Caswell <matt@openssl.org>
Mon, 23 Apr 2018 16:40:10 +0000 (17:40 +0100)
committerMatt Caswell <matt@openssl.org>
Tue, 24 Apr 2018 08:54:31 +0000 (09:54 +0100)
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6059)

test/recipes/70-test_renegotiation.t

index 0951487..734f1cd 100644 (file)
@@ -38,7 +38,7 @@ my $proxy = TLSProxy::Proxy->new(
 $proxy->clientflags("-no_tls1_3");
 $proxy->reneg(1);
 $proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
-plan tests => 2;
+plan tests => 3;
 ok(TLSProxy::Message->success(), "Basic renegotiation");
 
 #Test 2: Client does not send the Reneg SCSV. Reneg should fail
@@ -49,6 +49,34 @@ $proxy->reneg(1);
 $proxy->start();
 ok(TLSProxy::Message->fail(), "No client SCSV");
 
+SKIP: {
+    skip "TLSv1.2 or TLSv1.1 disabled", 1
+        if disabled("tls1_2") || disabled("tls1_1");
+    #Test 3: Check that the ClientHello version remains the same in the reneg
+    #        handshake
+    $proxy->clear();
+    $proxy->filter(undef);
+    $proxy->clientflags("-no_tls1_3");
+    $proxy->serverflags("-no_tls1_3 -no_tls1_2");
+    $proxy->reneg(1);
+    $proxy->start();
+    my $chversion;
+    my $chmatch = 0;
+    foreach my $message (@{$proxy->message_list}) {
+        if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) {
+            if (!defined $chversion) {
+                $chversion = $message->client_version;
+            } else {
+                if ($chversion == $message->client_version) {
+                    $chmatch = 1;
+                }
+            }
+        }
+    }
+    ok(TLSProxy::Message->success() && $chmatch,
+       "Check ClientHello version is the same");
+}
+
 sub reneg_filter
 {
     my $proxy = shift;