diff options
| author | Todd Short <tshort@akamai.com> | 2016-03-05 08:47:55 -0500 |
|---|---|---|
| committer | Rich Salz <rsalz@openssl.org> | 2016-03-08 09:03:05 -0500 |
| commit | 817cd0d52f0462039d1fe60462150be7f59d2002 (patch) | |
| tree | dd075e91d6add68a3c4f493db1e66cce11c990a9 /test/recipes | |
| parent | f18ce934889a36db42b7988e8acca9ac4f23299f (diff) | |
GH787: Fix ALPN
* Perform ALPN after the SNI callback; the SSL_CTX may change due to
that processing
* Add flags to indicate that we actually sent ALPN, to properly error
out if unexpectedly received.
* clean up ssl3_free() no need to explicitly clear when doing memset
* document ALPN functions
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Diffstat (limited to 'test/recipes')
| -rw-r--r-- | test/recipes/80-test_ssl.t | 64 |
1 files changed, 50 insertions, 14 deletions
diff --git a/test/recipes/80-test_ssl.t b/test/recipes/80-test_ssl.t index 37237dc087..5412cb6832 100644 --- a/test/recipes/80-test_ssl.t +++ b/test/recipes/80-test_ssl.t @@ -64,7 +64,7 @@ my $P2intermediate="tmp_intP2.ss"; plan tests => 1 # For testss + 1 # For ssltest -test_cipherlist - + 11 # For the first testssl + + 13 # For the first testssl + 16 # For the first testsslproxy + 16 # For the second testsslproxy ; @@ -603,10 +603,29 @@ sub testssl { } }; + subtest 'SNI tests' => sub { + + plan tests => 7; + + SKIP: { + skip "TLSv1.x is not supported by this OpenSSL build", 7 + if $no_tls1 && $no_tls1_1 && $no_tls1_2; + + ok(run(test([@ssltest, "-bio_pair", "-sn_client", "foo"]))); + ok(run(test([@ssltest, "-bio_pair", "-sn_server1", "foo"]))); + ok(run(test([@ssltest, "-bio_pair", "-sn_client", "foo", "-sn_server1", "foo", "-sn_expect1"]))); + ok(run(test([@ssltest, "-bio_pair", "-sn_client", "foo", "-sn_server1", "bar", "-sn_expect1"]))); + ok(run(test([@ssltest, "-bio_pair", "-sn_client", "foo", "-sn_server1", "foo", "-sn_server2", "bar", "-sn_expect1"]))); + ok(run(test([@ssltest, "-bio_pair", "-sn_client", "bar", "-sn_server1", "foo", "-sn_server2", "bar", "-sn_expect2"]))); + # Negative test - make sure it doesn't crash, and doesn't switch contexts + ok(run(test([@ssltest, "-bio_pair", "-sn_client", "foobar", "-sn_server1", "foo", "-sn_server2", "bar", "-sn_expect1"]))); + } + }; + subtest 'ALPN tests' => sub { ###################################################################### - plan tests => 14; + plan tests => 12; SKIP: { skip "TLSv1.0 is not supported by this OpenSSL build", 12 @@ -626,22 +645,39 @@ sub testssl { is(run(test([@ssltest, "-bio_pair", "-tls1", "-alpn_client", "baz", "-alpn_server", "bar,foo"])), 0, "Testing ALPN with protocol mismatch, expecting failure"); - SKIP: { - skip "skipping SRP tests", 4 - if $no_srp; + # ALPN + SNI + ok(run(test([@ssltest, "-bio_pair", + "-alpn_client", "foo,bar", "-sn_client", "alice", + "-alpn_server1", "foo,123", "-sn_server1", "alice", + "-alpn_server2", "bar,456", "-sn_server2", "bob", + "-alpn_expected", "foo"]))); + ok(run(test([@ssltest, "-bio_pair", + "-alpn_client", "foo,bar", "-sn_client", "bob", + "-alpn_server1", "foo,123", "-sn_server1", "alice", + "-alpn_server2", "bar,456", "-sn_server2", "bob", + "-alpn_expected", "bar"]))); + } + }; - ok(run(test([@ssltest, "-tls1", "-cipher", "SRP", "-srpuser", "test", "-srppass", "abc123"])), - 'test tls1 with SRP'); + subtest 'SRP tests' => sub { - ok(run(test([@ssltest, "-bio_pair", "-tls1", "-cipher", "SRP", "-srpuser", "test", "-srppass", "abc123"])), - 'test tls1 with SRP via BIO pair'); + plan tests => 4; - ok(run(test([@ssltest, "-tls1", "-cipher", "aSRP", "-srpuser", "test", "-srppass", "abc123"])), - 'test tls1 with SRP auth'); + SKIP: { + skip "skipping SRP tests", 4 + if $no_srp; - ok(run(test([@ssltest, "-bio_pair", "-tls1", "-cipher", "aSRP", "-srpuser", "test", "-srppass", "abc123"])), - 'test tls1 with SRP auth via BIO pair'); - } + ok(run(test([@ssltest, "-tls1", "-cipher", "SRP", "-srpuser", "test", "-srppass", "abc123"])), + 'test tls1 with SRP'); + + ok(run(test([@ssltest, "-bio_pair", "-tls1", "-cipher", "SRP", "-srpuser", "test", "-srppass", "abc123"])), + 'test tls1 with SRP via BIO pair'); + + ok(run(test([@ssltest, "-tls1", "-cipher", "aSRP", "-srpuser", "test", "-srppass", "abc123"])), + 'test tls1 with SRP auth'); + + ok(run(test([@ssltest, "-bio_pair", "-tls1", "-cipher", "aSRP", "-srpuser", "test", "-srppass", "abc123"])), + 'test tls1 with SRP auth via BIO pair'); } }; |