diff options
| author | Matt Caswell <matt@openssl.org> | 2016-11-08 16:10:21 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2016-11-23 15:31:21 +0000 |
| commit | 9362c93ebc5b14bf18e82cdebf380ccc52f3d92f (patch) | |
| tree | b678e7fc85f02c32520c6aa9e3089d660d684121 /test/ssl-tests | |
| parent | 82c9c030173898b9536a1c8da4e49b4b19251dbd (diff) | |
Remove old style NewSessionTicket from TLSv1.3
TLSv1.3 has a NewSessionTicket message, but it is *completely* different to
the TLSv1.2 one and may as well have been called something else. This commit
removes the old style NewSessionTicket from TLSv1.3. We will have to add the
new style one back in later.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'test/ssl-tests')
| -rw-r--r-- | test/ssl-tests/06-sni-ticket.conf | 17 | ||||
| -rw-r--r-- | test/ssl-tests/06-sni-ticket.conf.in | 33 |
2 files changed, 36 insertions, 14 deletions
diff --git a/test/ssl-tests/06-sni-ticket.conf b/test/ssl-tests/06-sni-ticket.conf index 9620e015a1..ce0f63bc83 100644 --- a/test/ssl-tests/06-sni-ticket.conf +++ b/test/ssl-tests/06-sni-ticket.conf @@ -43,6 +43,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [0-sni-session-ticket-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 Options = SessionTicket VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -84,6 +85,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [1-sni-session-ticket-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 Options = SessionTicket VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -126,6 +128,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [2-sni-session-ticket-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 Options = SessionTicket VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -168,6 +171,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [3-sni-session-ticket-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 Options = SessionTicket VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -210,6 +214,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [4-sni-session-ticket-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 Options = SessionTicket VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -252,6 +257,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [5-sni-session-ticket-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 Options = SessionTicket VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -294,6 +300,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [6-sni-session-ticket-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 Options = SessionTicket VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -336,6 +343,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [7-sni-session-ticket-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 Options = SessionTicket VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -378,6 +386,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [8-sni-session-ticket-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 Options = SessionTicket VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -420,6 +429,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [9-sni-session-ticket-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 Options = -SessionTicket VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -462,6 +472,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [10-sni-session-ticket-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 Options = -SessionTicket VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -504,6 +515,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [11-sni-session-ticket-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 Options = -SessionTicket VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -546,6 +558,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [12-sni-session-ticket-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 Options = -SessionTicket VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -588,6 +601,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [13-sni-session-ticket-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 Options = -SessionTicket VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -630,6 +644,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [14-sni-session-ticket-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 Options = -SessionTicket VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -672,6 +687,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [15-sni-session-ticket-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 Options = -SessionTicket VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -714,6 +730,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [16-sni-session-ticket-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 Options = -SessionTicket VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer diff --git a/test/ssl-tests/06-sni-ticket.conf.in b/test/ssl-tests/06-sni-ticket.conf.in index ccb9cbdb7b..9c5266f268 100644 --- a/test/ssl-tests/06-sni-ticket.conf.in +++ b/test/ssl-tests/06-sni-ticket.conf.in @@ -7,7 +7,7 @@ # https://www.openssl.org/source/license.html -## Test version negotiation +## Test SNI/Session tickets use strict; use warnings; @@ -17,12 +17,15 @@ package ssltests; our @tests = (); +#Note: MaxProtocol is set to TLSv1.2 as session tickets work differently in +#TLSv1.3. +#TODO(TLS1.3): Implement TLSv1.3 style session tickets sub generate_tests() { foreach my $c ("SessionTicket", "-SessionTicket") { - foreach my $s1 ("SessionTicket", "-SessionTicket") { - foreach my $s2 ("SessionTicket", "-SessionTicket") { - foreach my $n ("server1", "server2") { - my $result = expected_result($c, $s1, $s2, $n); + foreach my $s1 ("SessionTicket", "-SessionTicket") { + foreach my $s2 ("SessionTicket", "-SessionTicket") { + foreach my $n ("server1", "server2") { + my $result = expected_result($c, $s1, $s2, $n); push @tests, { "name" => "sni-session-ticket", "client" => { @@ -30,6 +33,7 @@ sub generate_tests() { "extra" => { "ServerName" => $n, }, + "MaxProtocol" => "TLSv1.2" }, "server" => { "Options" => $s1, @@ -38,13 +42,13 @@ sub generate_tests() { "ServerNameCallback" => "IgnoreMismatch", }, }, - "server2" => { - "Options" => $s2, - }, + "server2" => { + "Options" => $s2, + }, "test" => { "ExpectedServerName" => $n, "ExpectedResult" => "Success", - "SessionTicketExpected" => $result, + "SessionTicketExpected" => $result, } }; } @@ -72,23 +76,24 @@ sub expected_result { push @tests, { "name" => "sni-session-ticket", "client" => { - "Options" => "SessionTicket", + "MaxProtocol" => "TLSv1.2", + "Options" => "SessionTicket", "extra" => { "ServerName" => "server1", } }, "server" => { - "Options" => "SessionTicket", + "Options" => "SessionTicket", "extra" => { "BrokenSessionTicket" => "Yes", }, }, "server2" => { - "Options" => "SessionTicket", + "Options" => "SessionTicket", }, "test" => { - "ExpectedResult" => "Success", - "SessionTicketExpected" => "No", + "ExpectedResult" => "Success", + "SessionTicketExpected" => "No", } }; |