- InternalError - some other error
* ExpectedClientAlert, ExpectedServerAlert - expected alert. See
- `ssl_test_ctx.c` for known values. Note: the expected alert is currently
+ `test/helpers/ssl_test_ctx.c` for known values. Note: the expected alert is currently
matched against the _last_ received alert (i.e., a fatal alert or a
`close_notify`). Warning alert expectations are not yet supported. (A warning
alert will not be correctly matched, if followed by a `close_notify` or
OpenSSL directory, do
$ CTLOG_FILE=test/ct/log_list.cnf TEST_CERTS_DIR=test/certs test/ssl_test \
- test/ssl-tests/01-simple.cnf
+ test/ssl-tests/01-simple.cnf default
or for shared builds
$ CTLOG_FILE=test/ct/log_list.cnf TEST_CERTS_DIR=test/certs \
- util/wrap.pl test/ssl_test test/ssl-tests/01-simple.cnf
+ util/wrap.pl test/ssl_test test/ssl-tests/01-simple.cnf default
+
+In the above examples, `default` is the provider to use.
Note that the test expectations sometimes depend on the Configure settings. For
example, the negotiated protocol depends on the set of available (enabled)
#Input file may be relative to cwd, but setup below changes the cwd, so
#figure out the absolute path first
$input_file = abs_path(shift);
- $provider = shift;
+ $provider = shift // '';
OpenSSL::Test::setup("no_test_here", quiet => 1);
}
{"UnknownCA", SSL_AD_UNKNOWN_CA},
{"HandshakeFailure", SSL_AD_HANDSHAKE_FAILURE},
{"UnrecognizedName", SSL_AD_UNRECOGNIZED_NAME},
+ {"NoRenegotiation", SSL_AD_NO_RENEGOTIATION},
{"BadCertificate", SSL_AD_BAD_CERTIFICATE},
{"NoApplicationProtocol", SSL_AD_NO_APPLICATION_PROTOCOL},
{"CertificateRequired", SSL_AD_CERTIFICATE_REQUIRED},
plan skip_all => "$test_name needs TLS <= 1.2 enabled"
if alldisabled(("ssl3", "tls1", "tls1_1", "tls1_2"));
-plan tests => 6;
+plan tests => 5;
$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
my $proxy = TLSProxy::Proxy->new(
"Check client renegotiation failed");
}
-SKIP: {
- skip "TLSv1.2 and TLSv1.1 disabled", 1
- if disabled("tls1_2") && disabled("tls1_1");
- #Test 6: Server can do renegotiation
- $proxy->clear();
- $proxy->filter(undef);
- $proxy->serverflags("-no_tls1_3 -immediate_renegotiation");
- $proxy->clientflags("-no_tls1_3");
- $proxy->start();
- ok(TLSProxy::Message->success(),
- "Check server renegotiation succeeded");
-}
-
sub reneg_filter
{
my $proxy = shift;
# Generated with generate_ssl_tests.pl
-num_tests = 15
+num_tests = 17
test-0 = 0-renegotiate-client-no-resume
test-1 = 1-renegotiate-client-resume
test-12 = 12-no-renegotiation-client-by-server
test-13 = 13-no-renegotiation-client-by-client
test-14 = 14-no-extms-on-renegotiation
+test-15 = 15-allow-client-renegotiation
+test-16 = 16-no-client-renegotiation
# ===========================================================
[0-renegotiate-client-no-resume]
RenegotiateNoExtms = Yes
+# ===========================================================
+
+[15-allow-client-renegotiation]
+ssl_conf = 15-allow-client-renegotiation-ssl
+
+[15-allow-client-renegotiation-ssl]
+server = 15-allow-client-renegotiation-server
+client = 15-allow-client-renegotiation-client
+
+[15-allow-client-renegotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[15-allow-client-renegotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-15]
+ExpectedResult = Success
+HandshakeMode = RenegotiateClient
+Method = TLS
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[16-no-client-renegotiation]
+ssl_conf = 16-no-client-renegotiation-ssl
+
+[16-no-client-renegotiation-ssl]
+server = 16-no-client-renegotiation-server
+client = 16-no-client-renegotiation-client
+
+[16-no-client-renegotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = -ClientRenegotiation
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[16-no-client-renegotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-16]
+ExpectedResult = ClientFail
+ExpectedServerAlert = NoRenegotiation
+HandshakeMode = RenegotiateClient
+Method = TLS
+ResumptionExpected = No
+
+
"ResumptionExpected" => "No",
"ExpectedResult" => "ServerFail"
}
+ },
+ {
+ name => "allow-client-renegotiation",
+ server => {
+ "MaxProtocol" => "TLSv1.2",
+ },
+ client => {
+ "MaxProtocol" => "TLSv1.2"
+ },
+ test => {
+ "Method" => "TLS",
+ "HandshakeMode" => "RenegotiateClient",
+ "ResumptionExpected" => "Yes",
+ "ExpectedResult" => "Success"
+ }
+ },
+ {
+ name => "no-client-renegotiation",
+ server => {
+ "MaxProtocol" => "TLSv1.2",
+ "Options" => "-ClientRenegotiation"
+ },
+ client => {
+ "MaxProtocol" => "TLSv1.2",
+ },
+ test => {
+ "Method" => "TLS",
+ "HandshakeMode" => "RenegotiateClient",
+ "ResumptionExpected" => "No",
+ "ExpectedResult" => "ClientFail",
+ "ExpectedServerAlert" => "NoRenegotiation"
+ }
}
);