diff options
author | Matt Caswell <matt@openssl.org> | 2016-11-07 13:50:43 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-12-08 17:16:23 +0000 |
commit | 71728dd8aa3acc0bc9d621f8c4a4032aa3325fe4 (patch) | |
tree | 4b1a34bee452b160332b4453e33fc9df939061f9 /test/ssl-tests | |
parent | c901bccec6f747467e1af31473655c8290e32309 (diff) |
Send and Receive a TLSv1.3 format ServerHello
There are some minor differences in the format of a ServerHello in TLSv1.3.
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'test/ssl-tests')
-rw-r--r-- | test/ssl-tests/09-alpn.conf | 8 | ||||
-rw-r--r-- | test/ssl-tests/09-alpn.conf.in | 19 | ||||
-rw-r--r-- | test/ssl-tests/12-ct.conf | 3 | ||||
-rw-r--r-- | test/ssl-tests/12-ct.conf.in | 113 | ||||
-rw-r--r-- | test/ssl-tests/protocol_version.pm | 16 |
5 files changed, 106 insertions, 53 deletions
diff --git a/test/ssl-tests/09-alpn.conf b/test/ssl-tests/09-alpn.conf index e7e6cb9534..fc3c8da154 100644 --- a/test/ssl-tests/09-alpn.conf +++ b/test/ssl-tests/09-alpn.conf @@ -383,6 +383,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [10-alpn-simple-resumption-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -425,6 +426,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [11-alpn-server-switch-resumption-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -465,11 +467,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [12-alpn-client-switch-resumption-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [12-alpn-client-switch-resumption-resume-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -515,6 +519,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [13-alpn-alert-on-mismatch-resumption-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -560,6 +565,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [14-alpn-no-server-support-resumption-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -595,11 +601,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [15-alpn-no-client-support-resumption-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [15-alpn-no-client-support-resumption-resume-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer diff --git a/test/ssl-tests/09-alpn.conf.in b/test/ssl-tests/09-alpn.conf.in index 18560e1801..ff931a9425 100644 --- a/test/ssl-tests/09-alpn.conf.in +++ b/test/ssl-tests/09-alpn.conf.in @@ -204,6 +204,8 @@ our @tests = ( }, }, client => { + #TODO(TLS1.3): Temporary until we support TLSv1.3 resumption + MaxProtocol => "TLSv1.2", extra => { "ALPNProtocols" => "foo", }, @@ -227,6 +229,8 @@ our @tests = ( }, }, client => { + #TODO(TLS1.3): Temporary until we support TLSv1.3 resumption + MaxProtocol => "TLSv1.2", extra => { "ALPNProtocols" => "foo,bar,baz", }, @@ -245,11 +249,15 @@ our @tests = ( }, }, client => { + #TODO(TLS1.3): Temporary until we support TLSv1.3 resumption + MaxProtocol => "TLSv1.2", extra => { "ALPNProtocols" => "foo,baz", }, }, resume_client => { + #TODO(TLS1.3): Temporary until we support TLSv1.3 resumption + MaxProtocol => "TLSv1.2", extra => { "ALPNProtocols" => "bar,baz", }, @@ -273,6 +281,8 @@ our @tests = ( }, }, client => { + #TODO(TLS1.3): Temporary until we support TLSv1.3 resumption + MaxProtocol => "TLSv1.2", extra => { "ALPNProtocols" => "foo,bar", }, @@ -292,6 +302,8 @@ our @tests = ( }, resume_server => { }, client => { + #TODO(TLS1.3): Temporary until we support TLSv1.3 resumption + MaxProtocol => "TLSv1.2", extra => { "ALPNProtocols" => "foo", }, @@ -310,11 +322,16 @@ our @tests = ( }, }, client => { + #TODO(TLS1.3): Temporary until we support TLSv1.3 resumption + MaxProtocol => "TLSv1.2", extra => { "ALPNProtocols" => "foo", }, }, - resume_client => { }, + resume_client => { + #TODO(TLS1.3): Temporary until we support TLSv1.3 resumption + MaxProtocol => "TLSv1.2" + }, test => { "HandshakeMode" => "Resume", "ResumptionExpected" => "Yes", diff --git a/test/ssl-tests/12-ct.conf b/test/ssl-tests/12-ct.conf index 22fa18dd45..14b8e938c0 100644 --- a/test/ssl-tests/12-ct.conf +++ b/test/ssl-tests/12-ct.conf @@ -79,6 +79,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [2-ct-permissive-resumption-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -111,11 +112,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [3-ct-strict-resumption-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [3-ct-strict-resumption-resume-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer diff --git a/test/ssl-tests/12-ct.conf.in b/test/ssl-tests/12-ct.conf.in index 9964d013c2..e7fe1b93d2 100644 --- a/test/ssl-tests/12-ct.conf.in +++ b/test/ssl-tests/12-ct.conf.in @@ -18,63 +18,72 @@ package ssltests; our @tests = ( # Currently only have tests for certs without SCTs. { - name => "ct-permissive", - server => { }, - client => { - extra => { - "CTValidation" => "Permissive", - }, - }, - test => { - "ExpectedResult" => "Success", - }, + name => "ct-permissive", + server => { }, + client => { + extra => { + "CTValidation" => "Permissive", + }, + }, + test => { + "ExpectedResult" => "Success", + }, }, { - name => "ct-strict", - server => { }, - client => { - extra => { - "CTValidation" => "Strict", - }, - }, - test => { - "ExpectedResult" => "ClientFail", - "ExpectedClientAlert" => "HandshakeFailure", - }, + name => "ct-strict", + server => { }, + client => { + extra => { + "CTValidation" => "Strict", + }, + }, + test => { + "ExpectedResult" => "ClientFail", + "ExpectedClientAlert" => "HandshakeFailure", + }, }, { - name => "ct-permissive-resumption", - server => { }, - client => { - extra => { - "CTValidation" => "Permissive", - }, - }, - test => { - "HandshakeMode" => "Resume", - "ResumptionExpected" => "Yes", - "ExpectedResult" => "Success", - }, + name => "ct-permissive-resumption", + server => { }, + client => { + #TODO(TLS1.3): Temporarily set to TLSv1.2 until we implement TLS1.3 + # resumption + MaxProtocol => "TLSv1.2", + extra => { + "CTValidation" => "Permissive", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedResult" => "Success", + }, }, { - name => "ct-strict-resumption", - server => { }, - client => { - extra => { - "CTValidation" => "Permissive", - }, - }, - # SCTs are not present during resumption, so the resumption - # should succeed. - resume_client => { - extra => { - "CTValidation" => "Strict", - }, - }, - test => { - "HandshakeMode" => "Resume", - "ResumptionExpected" => "Yes", - "ExpectedResult" => "Success", - }, + name => "ct-strict-resumption", + server => { }, + client => { + #TODO(TLS1.3): Temporarily set to TLSv1.2 until we implement TLS1.3 + # resumption + MaxProtocol => "TLSv1.2", + extra => { + "CTValidation" => "Permissive", + }, + }, + # SCTs are not present during resumption, so the resumption + # should succeed. + resume_client => { + #TODO(TLS1.3): Temporarily set to TLSv1.2 until we implement TLS1.3 + # resumption + MaxProtocol => "TLSv1.2", + extra => { + "CTValidation" => "Strict", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedResult" => "Success", + }, }, ); diff --git a/test/ssl-tests/protocol_version.pm b/test/ssl-tests/protocol_version.pm index cc39c757c4..a41ffc4b7a 100644 --- a/test/ssl-tests/protocol_version.pm +++ b/test/ssl-tests/protocol_version.pm @@ -135,6 +135,22 @@ sub generate_resumption_tests { # Don't write the redundant "Method = TLS" into the configuration. undef $method if !$dtls; + + #TODO(TLS1.3): This is temporary code while we do not have support for + # TLS1.3 resumption. We recalculate min_tls_enabled and + # max_tls_enabled, ignoring TLS1.3 + foreach my $i (0..($#tls_protocols - 1)) { + if (!$is_tls_disabled[$i]) { + $min_tls_enabled = $i; + last; + } + } + foreach my $i (0..($#tls_protocols - 1)) { + if (!$is_tls_disabled[$i]) { + $max_tls_enabled = $i; + } + } + my @protocols = $dtls ? @dtls_protocols : @tls_protocols; my $min_enabled = $dtls ? $min_dtls_enabled : $min_tls_enabled; my $max_enabled = $dtls ? $max_dtls_enabled : $max_tls_enabled; |