diff options
author | Emilia Kasper <emilia@openssl.org> | 2016-07-21 14:04:00 +0200 |
---|---|---|
committer | Emilia Kasper <emilia@openssl.org> | 2016-07-21 15:44:36 +0200 |
commit | 11279b13f586441a8fcc5109ee1907f33eb0cc24 (patch) | |
tree | 9dbd063fa7147e9854aeba640f9d7dff859b11bb | |
parent | 2980ae2e78169b3b4d0b140c0c5796c441c5902c (diff) |
Test client-side resumption
Add tests for resuming with a different client version.
This happens in reality when clients persist sessions on disk through
upgrades.
Reviewed-by: Rich Salz <rsalz@openssl.org>
-rw-r--r-- | test/README.ssltest.md | 7 | ||||
-rw-r--r-- | test/generate_ssl_tests.pl | 10 | ||||
-rw-r--r-- | test/handshake_helper.c | 5 | ||||
-rw-r--r-- | test/handshake_helper.h | 1 | ||||
-rw-r--r-- | test/ssl-tests/10-resumption.conf | 884 | ||||
-rw-r--r-- | test/ssl-tests/11-dtls_resumption.conf | 402 | ||||
-rw-r--r-- | test/ssl-tests/protocol_version.pm | 32 | ||||
-rw-r--r-- | test/ssl_test.c | 15 | ||||
-rw-r--r-- | test/ssl_test.tmpl | 9 |
9 files changed, 1352 insertions, 13 deletions
diff --git a/test/README.ssltest.md b/test/README.ssltest.md index 8cd55ed2c3..445fda997c 100644 --- a/test/README.ssltest.md +++ b/test/README.ssltest.md @@ -124,8 +124,13 @@ The following sections may optionally be defined: matches server. * resume_server - this section configures the client to resume its session against a different server. This context is used whenever HandshakeMode is - Resume. If the resume-server section is not present, then the configuration + Resume. If the resume_server section is not present, then the configuration matches server. +* resume_client - this section configures the client to resume its session with + a different configuration. In practice this may occur when, for example, + upgraded clients reuse sessions persisted on disk. This context is used + whenever HandshakeMode is Resume. If the resume_client section is not present, + then the configuration matches client. ### Default server and client configurations diff --git a/test/generate_ssl_tests.pl b/test/generate_ssl_tests.pl index a2f4714587..951421bb2c 100644 --- a/test/generate_ssl_tests.pl +++ b/test/generate_ssl_tests.pl @@ -63,6 +63,16 @@ sub print_templates { $test->{"resume_server"} = { }; } $test->{"client"} = { (%ssltests::base_client, %{$test->{"client"}}) }; + if (defined $test->{"resume_client"}) { + $test->{"resume_client"} = { (%ssltests::base_client, %{$test->{"resume_client"}}) }; + } elsif (defined $test->{"test"}->{"HandshakeMode"} && + $test->{"test"}->{"HandshakeMode"} eq "Resume") { + # Default is the same as client. + $test->{"resume_client"} = { (%ssltests::base_client, %{$test->{"client"}}) }; + } else { + # Do not emit an empty "resume-client" section. + $test->{"resume_client"} = { }; + } } # ssl_test expects to find a diff --git a/test/handshake_helper.c b/test/handshake_helper.c index c4f298e945..eecc6f762c 100644 --- a/test/handshake_helper.c +++ b/test/handshake_helper.c @@ -673,6 +673,7 @@ static HANDSHAKE_RESULT *do_handshake_internal( HANDSHAKE_RESULT *do_handshake(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, SSL_CTX *client_ctx, SSL_CTX *resume_server_ctx, + SSL_CTX *resume_client_ctx, const SSL_TEST_CTX *test_ctx) { HANDSHAKE_RESULT *result; @@ -692,8 +693,8 @@ HANDSHAKE_RESULT *do_handshake(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, HANDSHAKE_RESULT_free(result); /* We don't support SNI on second handshake yet, so server2_ctx is NULL. */ - result = do_handshake_internal(resume_server_ctx, NULL, client_ctx, test_ctx, - session, NULL); + result = do_handshake_internal(resume_server_ctx, NULL, resume_client_ctx, + test_ctx, session, NULL); end: SSL_SESSION_free(session); return result; diff --git a/test/handshake_helper.h b/test/handshake_helper.h index 5027bef025..2fb8ac03d4 100644 --- a/test/handshake_helper.h +++ b/test/handshake_helper.h @@ -47,6 +47,7 @@ void HANDSHAKE_RESULT_free(HANDSHAKE_RESULT *result); /* Do a handshake and report some information about the result. */ HANDSHAKE_RESULT *do_handshake(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, SSL_CTX *client_ctx, SSL_CTX *resume_server_ctx, + SSL_CTX *resume_client_ctx, const SSL_TEST_CTX *test_ctx); #endif /* HEADER_HANDSHAKE_HELPER_H */ diff --git a/test/ssl-tests/10-resumption.conf b/test/ssl-tests/10-resumption.conf index 899f32166f..bea91fecc0 100644 --- a/test/ssl-tests/10-resumption.conf +++ b/test/ssl-tests/10-resumption.conf @@ -1,6 +1,6 @@ # Generated with generate_ssl_tests.pl -num_tests = 18 +num_tests = 36 test-0 = 0-resumption test-1 = 1-resumption @@ -20,6 +20,24 @@ test-14 = 14-resumption test-15 = 15-resumption test-16 = 16-resumption test-17 = 17-resumption +test-18 = 18-resumption +test-19 = 19-resumption +test-20 = 20-resumption +test-21 = 21-resumption +test-22 = 22-resumption +test-23 = 23-resumption +test-24 = 24-resumption +test-25 = 25-resumption +test-26 = 26-resumption +test-27 = 27-resumption +test-28 = 28-resumption +test-29 = 29-resumption +test-30 = 30-resumption +test-31 = 31-resumption +test-32 = 32-resumption +test-33 = 33-resumption +test-34 = 34-resumption +test-35 = 35-resumption # =========================================================== [0-resumption] @@ -28,6 +46,7 @@ ssl_conf = 0-resumption-ssl [0-resumption-ssl] server = 0-resumption-server resume-server = 0-resumption-resume-server +resume-client = 0-resumption-resume-client client = 0-resumption-client [0-resumption-server] @@ -49,6 +68,11 @@ CipherString = DEFAULT VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer +[0-resumption-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + [test-0] HandshakeMode = Resume Protocol = TLSv1 @@ -63,6 +87,7 @@ ssl_conf = 1-resumption-ssl [1-resumption-ssl] server = 1-resumption-server resume-server = 1-resumption-resume-server +resume-client = 1-resumption-resume-client client = 1-resumption-client [1-resumption-server] @@ -84,6 +109,11 @@ CipherString = DEFAULT VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer +[1-resumption-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + [test-1] HandshakeMode = Resume Protocol = TLSv1 @@ -98,6 +128,7 @@ ssl_conf = 2-resumption-ssl [2-resumption-ssl] server = 2-resumption-server resume-server = 2-resumption-resume-server +resume-client = 2-resumption-resume-client client = 2-resumption-client [2-resumption-server] @@ -119,6 +150,11 @@ CipherString = DEFAULT VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer +[2-resumption-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + [test-2] HandshakeMode = Resume Protocol = TLSv1.1 @@ -133,6 +169,7 @@ ssl_conf = 3-resumption-ssl [3-resumption-ssl] server = 3-resumption-server resume-server = 3-resumption-resume-server +resume-client = 3-resumption-resume-client client = 3-resumption-client [3-resumption-server] @@ -154,6 +191,11 @@ CipherString = DEFAULT VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer +[3-resumption-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + [test-3] HandshakeMode = Resume Protocol = TLSv1.1 @@ -168,6 +210,7 @@ ssl_conf = 4-resumption-ssl [4-resumption-ssl] server = 4-resumption-server resume-server = 4-resumption-resume-server +resume-client = 4-resumption-resume-client client = 4-resumption-client [4-resumption-server] @@ -189,6 +232,11 @@ CipherString = DEFAULT VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer +[4-resumption-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + [test-4] HandshakeMode = Resume Protocol = TLSv1.2 @@ -203,6 +251,7 @@ ssl_conf = 5-resumption-ssl [5-resumption-ssl] server = 5-resumption-server resume-server = 5-resumption-resume-server +resume-client = 5-resumption-resume-client client = 5-resumption-client [5-resumption-server] @@ -224,6 +273,11 @@ CipherString = DEFAULT VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer +[5-resumption-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + [test-5] HandshakeMode = Resume Protocol = TLSv1.2 @@ -238,6 +292,7 @@ ssl_conf = 6-resumption-ssl [6-resumption-ssl] server = 6-resumption-server resume-server = 6-resumption-resume-server +resume-client = 6-resumption-resume-client client = 6-resumption-client [6-resumption-server] @@ -259,6 +314,11 @@ CipherString = DEFAULT VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer +[6-resumption-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + [test-6] HandshakeMode = Resume Protocol = TLSv1 @@ -273,6 +333,7 @@ ssl_conf = 7-resumption-ssl [7-resumption-ssl] server = 7-resumption-server resume-server = 7-resumption-resume-server +resume-client = 7-resumption-resume-client client = 7-resumption-client [7-resumption-server] @@ -294,6 +355,11 @@ CipherString = DEFAULT VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer +[7-resumption-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + [test-7] HandshakeMode = Resume Protocol = TLSv1 @@ -308,6 +374,7 @@ ssl_conf = 8-resumption-ssl [8-resumption-ssl] server = 8-resumption-server resume-server = 8-resumption-resume-server +resume-client = 8-resumption-resume-client client = 8-resumption-client [8-resumption-server] @@ -329,6 +396,11 @@ CipherString = DEFAULT VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer +[8-resumption-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + [test-8] HandshakeMode = Resume Protocol = TLSv1.1 @@ -343,6 +415,7 @@ ssl_conf = 9-resumption-ssl [9-resumption-ssl] server = 9-resumption-server resume-server = 9-resumption-resume-server +resume-client = 9-resumption-resume-client client = 9-resumption-client [9-resumption-server] @@ -364,6 +437,11 @@ CipherString = DEFAULT VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer +[9-resumption-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + [test-9] HandshakeMode = Resume Protocol = TLSv1.1 @@ -378,6 +456,7 @@ ssl_conf = 10-resumption-ssl [10-resumption-ssl] server = 10-resumption-server resume-server = 10-resumption-resume-server +resume-client = 10-resumption-resume-client client = 10-resumption-client [10-resumption-server] @@ -399,6 +478,11 @@ CipherString = DEFAULT VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer +[10-resumption-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + [test-10] HandshakeMode = Resume Protocol = TLSv1.2 @@ -413,6 +497,7 @@ ssl_conf = 11-resumption-ssl [11-resumption-ssl] server = 11-resumption-server resume-server = 11-resumption-resume-server +resume-client = 11-resumption-resume-client client = 11-resumption-client [11-resumption-server] @@ -434,6 +519,11 @@ CipherString = DEFAULT VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer +[11-resumption-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + [test-11] HandshakeMode = Resume Protocol = TLSv1.2 @@ -448,6 +538,7 @@ ssl_conf = 12-resumption-ssl [12-resumption-ssl] server = 12-resumption-server resume-server = 12-resumption-resume-server +resume-client = 12-resumption-resume-client client = 12-resumption-client [12-resumption-server] @@ -469,6 +560,11 @@ CipherString = DEFAULT VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer +[12-resumption-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + [test-12] HandshakeMode = Resume Protocol = TLSv1 @@ -483,6 +579,7 @@ ssl_conf = 13-resumption-ssl [13-resumption-ssl] server = 13-resumption-server resume-server = 13-resumption-resume-server +resume-client = 13-resumption-resume-client client = 13-resumption-client [13-resumption-server] @@ -504,6 +601,11 @@ CipherString = DEFAULT VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer +[13-resumption-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + [test-13] HandshakeMode = Resume Protocol = TLSv1 @@ -518,6 +620,7 @@ ssl_conf = 14-resumption-ssl [14-resumption-ssl] server = 14-resumption-server resume-server = 14-resumption-resume-server +resume-client = 14-resumption-resume-client client = 14-resumption-client [14-resumption-server] @@ -539,6 +642,11 @@ CipherString = DEFAULT VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer +[14-resumption-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + [test-14] HandshakeMode = Resume Protocol = TLSv1.1 @@ -553,6 +661,7 @@ ssl_conf = 15-resumption-ssl [15-resumption-ssl] server = 15-resumption-server resume-server = 15-resumption-resume-server +resume-client = 15-resumption-resume-client client = 15-resumption-client [15-resumption-server] @@ -574,6 +683,11 @@ CipherString = DEFAULT VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer +[15-resumption-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + [test-15] HandshakeMode = Resume Protocol = TLSv1.1 @@ -588,6 +702,7 @@ ssl_conf = 16-resumption-ssl [16-resumption-ssl] server = 16-resumption-server resume-server = 16-resumption-resume-server +resume-client = 16-resumption-resume-client client = 16-resumption-client [16-resumption-server] @@ -609,6 +724,11 @@ CipherString = DEFAULT VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer +[16-resumption-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + [test-16] HandshakeMode = Resume Protocol = TLSv1.2 @@ -623,6 +743,7 @@ ssl_conf = 17-resumption-ssl [17-resumption-ssl] server = 17-resumption-server resume-server = 17-resumption-resume-server +resume-client = 17-resumption-resume-client client = 17-resumption-client [17-resumption-server] @@ -644,9 +765,770 @@ CipherString = DEFAULT VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer +[17-resumption-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + [test-17] HandshakeMode = Resume Protocol = TLSv1.2 ResumptionExpected = Yes +# =========================================================== + +[18-resumption] +ssl_conf = 18-resumption-ssl + +[18-resumption-ssl] +server = 18-resumption-server +resume-server = 18-resumption-resume-server +resume-client = 18-resumption-resume-client +client = 18-resumption-client + +[18-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[18-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[18-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[18-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-18] +HandshakeMode = Resume +Protocol = TLSv1 +ResumptionExpected = Yes + + +# =========================================================== + +[19-resumption] +ssl_conf = 19-resumption-ssl + +[19-resumption-ssl] +server = 19-resumption-server +resume-server = 19-resumption-resume-server +resume-client = 19-resumption-resume-client +client = 19-resumption-client + +[19-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[19-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[19-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[19-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-19] +HandshakeMode = Resume +Protocol = TLSv1 +ResumptionExpected = Yes + + +# =========================================================== + +[20-resumption] +ssl_conf = 20-resumption-ssl + +[20-resumption-ssl] +server = 20-resumption-server +resume-server = 20-resumption-resume-server +resume-client = 20-resumption-resume-client +client = 20-resumption-client + +[20-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[20-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[20-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[20-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-20] +HandshakeMode = Resume +Protocol = TLSv1.1 +ResumptionExpected = No + + +# =========================================================== + +[21-resumption] +ssl_conf = 21-resumption-ssl + +[21-resumption-ssl] +server = 21-resumption-server +resume-server = 21-resumption-resume-server +resume-client = 21-resumption-resume-client +client = 21-resumption-client + +[21-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[21-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[21-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[21-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-21] +HandshakeMode = Resume +Protocol = TLSv1.1 +ResumptionExpected = No + + +# =========================================================== + +[22-resumption] +ssl_conf = 22-resumption-ssl + +[22-resumption-ssl] +server = 22-resumption-server +resume-server = 22-resumption-resume-server +resume-client = 22-resumption-resume-client +client = 22-resumption-client + +[22-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[22-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[22-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[22-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-22] +HandshakeMode = Resume +Protocol = TLSv1.2 +ResumptionExpected = No + + +# =========================================================== + +[23-resumption] +ssl_conf = 23-resumption-ssl + +[23-resumption-ssl] +server = 23-resumption-server +resume-server = 23-resumption-resume-server +resume-client = 23-resumption-resume-client +client = 23-resumption-client + +[23-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[23-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[23-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[23-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-23] +HandshakeMode = Resume +Protocol = TLSv1.2 +ResumptionExpected = No + + +# =========================================================== + +[24-resumption] +ssl_conf = 24-resumption-ssl + +[24-resumption-ssl] +server = 24-resumption-server +resume-server = 24-resumption-resume-server +resume-client = 24-resumption-resume-client +client = 24-resumption-client + +[24-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[24-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[24-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[24-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-24] +HandshakeMode = Resume +Protocol = TLSv1 +ResumptionExpected = No + + +# =========================================================== + +[25-resumption] +ssl_conf = 25-resumption-ssl + +[25-resumption-ssl] +server = 25-resumption-server +resume-server = 25-resumption-resume-server +resume-client = 25-resumption-resume-client +client = 25-resumption-client + +[25-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[25-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[25-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[25-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-25] +HandshakeMode = Resume +Protocol = TLSv1 +ResumptionExpected = No + + +# =========================================================== + +[26-resumption] +ssl_conf = 26-resumption-ssl + +[26-resumption-ssl] +server = 26-resumption-server +resume-server = 26-resumption-resume-server +resume-client = 26-resumption-resume-client +client = 26-resumption-client + +[26-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[26-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[26-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[26-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-26] +HandshakeMode = Resume +Protocol = TLSv1.1 +ResumptionExpected = Yes + + +# =========================================================== + +[27-resumption] +ssl_conf = 27-resumption-ssl + +[27-resumption-ssl] +server = 27-resumption-server +resume-server = 27-resumption-resume-server +resume-client = 27-resumption-resume-client +client = 27-resumption-client + +[27-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[27-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[27-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[27-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-27] +HandshakeMode = Resume +Protocol = TLSv1.1 +ResumptionExpected = Yes + + +# =========================================================== + +[28-resumption] +ssl_conf = 28-resumption-ssl + +[28-resumption-ssl] +server = 28-resumption-server +resume-server = 28-resumption-resume-server +resume-client = 28-resumption-resume-client +client = 28-resumption-client + +[28-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[28-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[28-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[28-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-28] +HandshakeMode = Resume +Protocol = TLSv1.2 +ResumptionExpected = No + + +# =========================================================== + +[29-resumption] +ssl_conf = 29-resumption-ssl + +[29-resumption-ssl] +server = 29-resumption-server +resume-server = 29-resumption-resume-server +resume-client = 29-resumption-resume-client +client = 29-resumption-client + +[29-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[29-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[29-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[29-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-29] +HandshakeMode = Resume +Protocol = TLSv1.2 +ResumptionExpected = No + + +# =========================================================== + +[30-resumption] +ssl_conf = 30-resumption-ssl + +[30-resumption-ssl] +server = 30-resumption-server +resume-server = 30-resumption-resume-server +resume-client = 30-resumption-resume-client +client = 30-resumption-client + +[30-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[30-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[30-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[30-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-30] +HandshakeMode = Resume +Protocol = TLSv1 +ResumptionExpected = No + + +# =========================================================== + +[31-resumption] +ssl_conf = 31-resumption-ssl + +[31-resumption-ssl] +server = 31-resumption-server +resume-server = 31-resumption-resume-server +resume-client = 31-resumption-resume-client +client = 31-resumption-client + +[31-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[31-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[31-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[31-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-31] +HandshakeMode = Resume +Protocol = TLSv1 +ResumptionExpected = No + + +# =========================================================== + +[32-resumption] +ssl_conf = 32-resumption-ssl + +[32-resumption-ssl] +server = 32-resumption-server +resume-server = 32-resumption-resume-server +resume-client = 32-resumption-resume-client +client = 32-resumption-client + +[ |