diff options
| author | Matt Caswell <matt@openssl.org> | 2017-04-13 16:55:45 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2017-05-03 14:37:42 +0100 |
| commit | c3a48c7b1d19fe884f727713b341d6ffb1530942 (patch) | |
| tree | ab5fe4c38de10ddccf98d62c0e3e66154c59fc3c | |
| parent | b878afae4ba4a1470a26fcdbaa57d9f76159f8df (diff) | |
Add a test for CT in TLSv1.3
This also tests the SERVERINFO2 file format.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3298)
| -rw-r--r-- | test/recipes/70-test_tls13messages.t | 44 |
1 files changed, 25 insertions, 19 deletions
diff --git a/test/recipes/70-test_tls13messages.t b/test/recipes/70-test_tls13messages.t index c4e20b7614..c9603de56f 100644 --- a/test/recipes/70-test_tls13messages.t +++ b/test/recipes/70-test_tls13messages.t @@ -126,6 +126,8 @@ $ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); [TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_STATUS_REQUEST, checkhandshake::STATUS_REQUEST_SRV_EXTENSION], + [TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_SCT, + checkhandshake::SCT_SRV_EXTENSION], [0,0,0] ); @@ -257,25 +259,29 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, | checkhandshake::ALPN_SRV_EXTENSION, "ALPN handshake test"); -#Test 13: SCT handshake (client request only) -#TODO(TLS1.3): This only checks that the client side extension appears. The -#SCT extension is unusual in that we have no built-in server side implementation -#The server side implementation can nomrally be added using the custom -#extensions framework (e.g. by using the "-serverinfo" s_server option). However -#currently we only support <= TLS1.2 for custom extensions because the existing -#framework and API has no knowledge of the TLS1.3 messages -$proxy->clear(); -#Note: -ct also sends status_request -$proxy->clientflags("-ct"); -$proxy->serverflags("-status_file " - .srctop_file("test", "recipes", "ocsp-response.der")); -$proxy->start(); -checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, - checkhandshake::DEFAULT_EXTENSIONS - | checkhandshake::SCT_CLI_EXTENSION - | checkhandshake::STATUS_REQUEST_CLI_EXTENSION - | checkhandshake::STATUS_REQUEST_SRV_EXTENSION, - "SCT handshake test"); +SKIP: { + skip "No CT, EC or OCSP support in this OpenSSL build", 1 + if disabled("ct") || disabled("ec") || disabled("ocsp"); + + #Test 13: SCT handshake (client request only) + $proxy->clear(); + #Note: -ct also sends status_request + $proxy->clientflags("-ct"); + $proxy->serverflags("-status_file " + .srctop_file("test", "recipes", "ocsp-response.der") + ." -serverinfo ".srctop_file("test", "serverinfo2.pem")); + $proxy->start(); + checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + | checkhandshake::SCT_CLI_EXTENSION + | checkhandshake::SCT_SRV_EXTENSION + | checkhandshake::STATUS_REQUEST_CLI_EXTENSION + | checkhandshake::STATUS_REQUEST_SRV_EXTENSION, + "SCT handshake test"); +} + + + #Test 14: HRR Handshake $proxy->clear(); |