diff options
author | Emilia Kasper <emilia@openssl.org> | 2016-07-05 19:06:23 +0200 |
---|---|---|
committer | Emilia Kasper <emilia@openssl.org> | 2016-07-20 13:55:53 +0200 |
commit | 590ed3d7ea555b877859f6b491020112588fe1be (patch) | |
tree | 0461027d23e45e0e29fdaed81e92fbe4b324c065 /test/ssl-tests | |
parent | 23dd0c9f8dc6f7edf4b872d13e5644dfbbee585b (diff) |
SSL test framework: port resumption tests
Systematically test every server-side version downgrade or upgrade.
Client version upgrade or downgrade could be tested analogously but will
be done in a later change.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'test/ssl-tests')
-rw-r--r-- | test/ssl-tests/02-protocol-version.conf.in | 2 | ||||
-rw-r--r-- | test/ssl-tests/05-sni.conf.in | 5 | ||||
-rw-r--r-- | test/ssl-tests/07-dtls-protocol-version.conf.in | 2 | ||||
-rw-r--r-- | test/ssl-tests/10-resumption.conf | 652 | ||||
-rw-r--r-- | test/ssl-tests/10-resumption.conf.in | 19 | ||||
-rw-r--r-- | test/ssl-tests/11-dtls_resumption.conf | 300 | ||||
-rw-r--r-- | test/ssl-tests/11-dtls_resumption.conf.in | 19 | ||||
-rw-r--r-- | test/ssl-tests/protocol_version.pm | 69 |
8 files changed, 1056 insertions, 12 deletions
diff --git a/test/ssl-tests/02-protocol-version.conf.in b/test/ssl-tests/02-protocol-version.conf.in index 46851c94fb..26d64b5f88 100644 --- a/test/ssl-tests/02-protocol-version.conf.in +++ b/test/ssl-tests/02-protocol-version.conf.in @@ -16,4 +16,4 @@ use warnings; use protocol_version; -our @tests = generate_tests("TLS"); +our @tests = generate_version_tests("TLS"); diff --git a/test/ssl-tests/05-sni.conf.in b/test/ssl-tests/05-sni.conf.in index 635ce9ae47..0a8378e7a0 100644 --- a/test/ssl-tests/05-sni.conf.in +++ b/test/ssl-tests/05-sni.conf.in @@ -18,7 +18,6 @@ our @tests = ( { name => "SNI-switch-context", server => { }, - server2 => { }, client => { }, test => { "ServerName" => "server2", "ExpectedServerName" => "server2", @@ -28,7 +27,6 @@ our @tests = ( { name => "SNI-keep-context", server => { }, - server2 => { }, client => { }, test => { "ServerName" => "server1", "ExpectedServerName" => "server1", @@ -45,7 +43,6 @@ our @tests = ( { name => "SNI-no-client-support", server => { }, - server2 => { }, client => { }, test => { # We expect that the callback is still called @@ -59,7 +56,6 @@ our @tests = ( { name => "SNI-bad-sni-ignore-mismatch", server => { }, - server2 => { }, client => { }, test => { "ServerName" => "invalid", "ExpectedServerName" => "server1", @@ -69,7 +65,6 @@ our @tests = ( { name => "SNI-bad-sni-reject-mismatch", server => { }, - server2 => { }, client => { }, test => { "ServerName" => "invalid", "ServerNameCallback" => "RejectMismatch", diff --git a/test/ssl-tests/07-dtls-protocol-version.conf.in b/test/ssl-tests/07-dtls-protocol-version.conf.in index 965ed3ed0c..fb3c44a53c 100644 --- a/test/ssl-tests/07-dtls-protocol-version.conf.in +++ b/test/ssl-tests/07-dtls-protocol-version.conf.in @@ -16,4 +16,4 @@ use warnings; use protocol_version; -our @tests = generate_tests("DTLS"); +our @tests = generate_version_tests("DTLS"); diff --git a/test/ssl-tests/10-resumption.conf b/test/ssl-tests/10-resumption.conf new file mode 100644 index 0000000000..899f32166f --- /dev/null +++ b/test/ssl-tests/10-resumption.conf @@ -0,0 +1,652 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 18 + +test-0 = 0-resumption +test-1 = 1-resumption +test-2 = 2-resumption +test-3 = 3-resumption +test-4 = 4-resumption +test-5 = 5-resumption +test-6 = 6-resumption +test-7 = 7-resumption +test-8 = 8-resumption +test-9 = 9-resumption +test-10 = 10-resumption +test-11 = 11-resumption +test-12 = 12-resumption +test-13 = 13-resumption +test-14 = 14-resumption +test-15 = 15-resumption +test-16 = 16-resumption +test-17 = 17-resumption +# =========================================================== + +[0-resumption] +ssl_conf = 0-resumption-ssl + +[0-resumption-ssl] +server = 0-resumption-server +resume-server = 0-resumption-resume-server +client = 0-resumption-client + +[0-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +HandshakeMode = Resume +Protocol = TLSv1 +ResumptionExpected = Yes + + +# =========================================================== + +[1-resumption] +ssl_conf = 1-resumption-ssl + +[1-resumption-ssl] +server = 1-resumption-server +resume-server = 1-resumption-resume-server +client = 1-resumption-client + +[1-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +HandshakeMode = Resume +Protocol = TLSv1 +ResumptionExpected = Yes + + +# =========================================================== + +[2-resumption] +ssl_conf = 2-resumption-ssl + +[2-resumption-ssl] +server = 2-resumption-server +resume-server = 2-resumption-resume-server +client = 2-resumption-client + +[2-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +HandshakeMode = Resume +Protocol = TLSv1.1 +ResumptionExpected = No + + +# =========================================================== + +[3-resumption] +ssl_conf = 3-resumption-ssl + +[3-resumption-ssl] +server = 3-resumption-server +resume-server = 3-resumption-resume-server +client = 3-resumption-client + +[3-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +HandshakeMode = Resume +Protocol = TLSv1.1 +ResumptionExpected = No + + +# =========================================================== + +[4-resumption] +ssl_conf = 4-resumption-ssl + +[4-resumption-ssl] +server = 4-resumption-server +resume-server = 4-resumption-resume-server +client = 4-resumption-client + +[4-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +HandshakeMode = Resume +Protocol = TLSv1.2 +ResumptionExpected = No + + +# =========================================================== + +[5-resumption] +ssl_conf = 5-resumption-ssl + +[5-resumption-ssl] +server = 5-resumption-server +resume-server = 5-resumption-resume-server +client = 5-resumption-client + +[5-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +HandshakeMode = Resume +Protocol = TLSv1.2 +ResumptionExpected = No + + +# =========================================================== + +[6-resumption] +ssl_conf = 6-resumption-ssl + +[6-resumption-ssl] +server = 6-resumption-server +resume-server = 6-resumption-resume-server +client = 6-resumption-client + +[6-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +HandshakeMode = Resume +Protocol = TLSv1 +ResumptionExpected = No + + +# =========================================================== + +[7-resumption] +ssl_conf = 7-resumption-ssl + +[7-resumption-ssl] +server = 7-resumption-server +resume-server = 7-resumption-resume-server +client = 7-resumption-client + +[7-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +HandshakeMode = Resume +Protocol = TLSv1 +ResumptionExpected = No + + +# =========================================================== + +[8-resumption] +ssl_conf = 8-resumption-ssl + +[8-resumption-ssl] +server = 8-resumption-server +resume-server = 8-resumption-resume-server +client = 8-resumption-client + +[8-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +HandshakeMode = Resume +Protocol = TLSv1.1 +ResumptionExpected = Yes + + +# =========================================================== + +[9-resumption] +ssl_conf = 9-resumption-ssl + +[9-resumption-ssl] +server = 9-resumption-server +resume-server = 9-resumption-resume-server +client = 9-resumption-client + +[9-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +HandshakeMode = Resume +Protocol = TLSv1.1 +ResumptionExpected = Yes + + +# =========================================================== + +[10-resumption] +ssl_conf = 10-resumption-ssl + +[10-resumption-ssl] +server = 10-resumption-server +resume-server = 10-resumption-resume-server +client = 10-resumption-client + +[10-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +HandshakeMode = Resume +Protocol = TLSv1.2 +ResumptionExpected = No + + +# =========================================================== + +[11-resumption] +ssl_conf = 11-resumption-ssl + +[11-resumption-ssl] +server = 11-resumption-server +resume-server = 11-resumption-resume-server +client = 11-resumption-client + +[11-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +HandshakeMode = Resume +Protocol = TLSv1.2 +ResumptionExpected = No + + +# =========================================================== + +[12-resumption] +ssl_conf = 12-resumption-ssl + +[12-resumption-ssl] +server = 12-resumption-server +resume-server = 12-resumption-resume-server +client = 12-resumption-client + +[12-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +HandshakeMode = Resume +Protocol = TLSv1 +ResumptionExpected = No + + +# =========================================================== + +[13-resumption] +ssl_conf = 13-resumption-ssl + +[13-resumption-ssl] +server = 13-resumption-server +resume-server = 13-resumption-resume-server +client = 13-resumption-client + +[13-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +HandshakeMode = Resume +Protocol = TLSv1 +ResumptionExpected = No + + +# =========================================================== + +[14-resumption] +ssl_conf = 14-resumption-ssl + +[14-resumption-ssl] +server = 14-resumption-server +resume-server = 14-resumption-resume-server +client = 14-resumption-client + +[14-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +HandshakeMode = Resume +Protocol = TLSv1.1 +ResumptionExpected = No + + +# =========================================================== + +[15-resumption] +ssl_conf = 15-resumption-ssl + +[15-resumption-ssl] +server = 15-resumption-server +resume-server = 15-resumption-resume-server +client = 15-resumption-client + +[15-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +HandshakeMode = Resume +Protocol = TLSv1.1 +ResumptionExpected = No + + +# =========================================================== + +[16-resumption] +ssl_conf = 16-resumption-ssl + +[16-resumption-ssl] +server = 16-resumption-server +resume-server = 16-resumption-resume-server +client = 16-resumption-client + +[16-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-16] +HandshakeMode = Resume +Protocol = TLSv1.2 +ResumptionExpected = Yes + + +# =========================================================== + +[17-resumption] +ssl_conf = 17-resumption-ssl + +[17-resumption-ssl] +server = 17-resumption-server +resume-server = 17-resumption-resume-server +client = 17-resumption-client + +[17-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[17-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[17-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-17] +HandshakeMode = Resume +Protocol = TLSv1.2 +ResumptionExpected = Yes + + diff --git a/test/ssl-tests/10-resumption.conf.in b/test/ssl-tests/10-resumption.conf.in new file mode 100644 index 0000000000..989135f2fb --- /dev/null +++ b/test/ssl-tests/10-resumption.conf.in @@ -0,0 +1,19 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test version negotiation upon resumption. + +use strict; +use warnings; + +package ssltests; + +use protocol_version; + +our @tests = generate_resumption_tests("TLS"); diff --git a/test/ssl-tests/11-dtls_resumption.conf b/test/ssl-tests/11-dtls_resumption.conf new file mode 100644 index 0000000000..34339448f8 --- /dev/null +++ b/test/ssl-tests/11-dtls_resumption.conf @@ -0,0 +1,300 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 8 + +test-0 = 0-resumption +test-1 = 1-resumption +test-2 = 2-resumption +test-3 = 3-resumption +test-4 = 4-resumption +test-5 = 5-resumption +test-6 = 6-resumption +test-7 = 7-resumption +# =========================================================== + +[0-resumption] +ssl_conf = 0-resumption-ssl + +[0-resumption-ssl] +server = 0-resumption-server +resume-server = 0-resumption-resume-server +client = 0-resumption-client + +[0-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +HandshakeMode = Resume +Method = DTLS +Protocol = DTLSv1 +ResumptionExpected = Yes + + +# =========================================================== + +[1-resumption] +ssl_conf = 1-resumption-ssl + +[1-resumption-ssl] +server = 1-resumption-server +resume-server = 1-resumption-resume-server +client = 1-resumption-client + +[1-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +HandshakeMode = Resume +Method = DTLS +Protocol = DTLSv1 +ResumptionExpected = Yes + + +# =========================================================== + +[2-resumption] +ssl_conf = 2-resumption-ssl + +[2-resumption-ssl] +server = 2-resumption-server +resume-server = 2-resumption-resume-server +client = 2-resumption-client + +[2-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +HandshakeMode = Resume +Method = DTLS +Protocol = DTLSv1.2 +ResumptionExpected = No + + +# =========================================================== + +[3-resumption] +ssl_conf = 3-resumption-ssl + +[3-resumption-ssl] +server = 3-resumption-server +resume-server = 3-resumption-resume-server +client = 3-resumption-client + +[3-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +HandshakeMode = Resume +Method = DTLS +Protocol = DTLSv1.2 +ResumptionExpected = No + + +# =========================================================== + +[4-resumption] +ssl_conf = 4-resumption-ssl + +[4-resumption-ssl] +server = 4-resumption-server +resume-server = 4-resumption-resume-server +client = 4-resumption-client + +[4-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +HandshakeMode = Resume +Method = DTLS +Protocol = DTLSv1 +ResumptionExpected = No + + +# =========================================================== + +[5-resumption] +ssl_conf = 5-resumption-ssl + +[5-resumption-ssl] +server = 5-resumption-server +resume-server = 5-resumption-resume-server +client = 5-resumption-client + +[5-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +HandshakeMode = Resume +Method = DTLS +Protocol = DTLSv1 +ResumptionExpected = No + + +# =========================================================== + +[6-resumption] +ssl_conf = 6-resumption-ssl + +[6-resumption-ssl] +server = 6-resumption-server +resume-server = 6-resumption-resume-server +client = 6-resumption-client + +[6-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +HandshakeMode = Resume +Method = DTLS +Protocol = DTLSv1.2 +ResumptionExpected = Yes + + +# =========================================================== + +[7-resumption] +ssl_conf = 7-resumption-ssl + +[7-resumption-ssl] +server = 7-resumption-server +resume-server = 7-resumption-resume-server +client = 7-resumption-client + +[7-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +HandshakeMode = Resume +Method = DTLS +Protocol = DTLSv1.2 +ResumptionExpected = Yes + + diff --git a/test/ssl-tests/11-dtls_resumption.conf.in b/test/ssl-tests/11-dtls_resumption.conf.in new file mode 100644 index 0000000000..16dec1d56f --- /dev/null +++ b/test/ssl-tests/11-dtls_resumption.conf.in @@ -0,0 +1,19 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test version negotiation upon resumption. + +use strict; +use warnings; + +package ssltests; + +use protocol_version; + +our @tests = generate_resumption_tests("DTLS"); diff --git a/test/ssl-tests/protocol_version.pm b/test/ssl-tests/protocol_version.pm index cb9975678e..276adfd44d 100644 --- a/test/ssl-tests/protocol_version.pm +++ b/test/ssl-tests/protocol_version.pm @@ -71,12 +71,18 @@ foreach my $i (0..$#dtls_protocols) { } } -sub generate_tests { +sub no_tests { + my ($dtls) = @_; + return $dtls ? alldisabled("dtls1", "dtls1_2") : + alldisabled("ssl3", "tls1", "tls1_1", "tls1_2"); +} + +sub generate_version_tests { my ($method) = @_; my $dtls = $method eq "DTLS"; # Don't write the redundant "Method = TLS" into the configuration. - undef $method if !$dtls; + undef $method if !$dtls; my @protocols = $dtls ? @dtls_protocols : @tls_protocols; my @min_protocols = $dtls ? @min_dtls_protocols : @min_tls_protocols; @@ -84,9 +90,7 @@ sub generate_tests { my $min_enabled = $dtls ? $min_dtl |