diff options
author | Matt Caswell <matt@openssl.org> | 2016-09-27 12:24:47 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-09-28 09:15:07 +0100 |
commit | f9b1b6644a3a8fc6d617625ad979ee61cb67d381 (patch) | |
tree | 9c42b292e125666f2cb5d0753928a81c190aaae2 /test/ssl-tests | |
parent | fe7dd5534176d1b04be046fcbaad24430c8727e0 (diff) |
Add DTLS renegotiation tests
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'test/ssl-tests')
-rw-r--r-- | test/ssl-tests/18-dtls-renegotiate.conf | 86 | ||||
-rw-r--r-- | test/ssl-tests/18-dtls-renegotiate.conf.in | 63 |
2 files changed, 149 insertions, 0 deletions
diff --git a/test/ssl-tests/18-dtls-renegotiate.conf b/test/ssl-tests/18-dtls-renegotiate.conf new file mode 100644 index 0000000000..32eeaf0443 --- /dev/null +++ b/test/ssl-tests/18-dtls-renegotiate.conf @@ -0,0 +1,86 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 3 + +test-0 = 0-renegotiate-client-no-resume +test-1 = 1-renegotiate-client-resume +test-2 = 2-renegotiate-server-resume +# =========================================================== + +[0-renegotiate-client-no-resume] +ssl_conf = 0-renegotiate-client-no-resume-ssl + +[0-renegotiate-client-no-resume-ssl] +server = 0-renegotiate-client-no-resume-server +client = 0-renegotiate-client-no-resume-client + +[0-renegotiate-client-no-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-renegotiate-client-no-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[1-renegotiate-client-resume] +ssl_conf = 1-renegotiate-client-resume-ssl + +[1-renegotiate-client-resume-ssl] +server = 1-renegotiate-client-resume-server +client = 1-renegotiate-client-resume-client + +[1-renegotiate-client-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-renegotiate-client-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = DTLS +ResumptionExpected = Yes + + +# =========================================================== + +[2-renegotiate-server-resume] +ssl_conf = 2-renegotiate-server-resume-ssl + +[2-renegotiate-server-resume-ssl] +server = 2-renegotiate-server-resume-server +client = 2-renegotiate-server-resume-client + +[2-renegotiate-server-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-renegotiate-server-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success +HandshakeMode = RenegotiateServer +Method = DTLS +ResumptionExpected = No + + diff --git a/test/ssl-tests/18-dtls-renegotiate.conf.in b/test/ssl-tests/18-dtls-renegotiate.conf.in new file mode 100644 index 0000000000..440fb2514a --- /dev/null +++ b/test/ssl-tests/18-dtls-renegotiate.conf.in @@ -0,0 +1,63 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test Renegotiation + +use strict; +use warnings; + +package ssltests; + + +our @tests = ( + { + name => "renegotiate-client-no-resume", + server => { + "Options" => "NoResumptionOnRenegotiation" + }, + client => {}, + test => { + "Method" => "DTLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-client-resume", + server => {}, + client => {}, + test => { + "Method" => "DTLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "Yes", + "ExpectedResult" => "Success" + } + }, +# Note: Unlike the TLS tests, we will never do resumption with server +# initiated reneg. This is because an OpenSSL DTLS client will always do a full +# handshake (i.e. it doesn't supply a session id) when it receives a +# HelloRequest. This is different to the OpenSSL TLS implementation where an +# OpenSSL client will always try an abbreviated handshake (i.e. it will supply +# the session id). This goes all the way to commit 48ae85b6f when abbreviated +# handshake support was first added. Neither behaviour is wrong, but the +# discrepancy is strange. TODO: Should we harmonise the TLS and DTLS behaviour, +# and if so, what to? + { + name => "renegotiate-server-resume", + server => {}, + client => {}, + test => { + "Method" => "DTLS", + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, +); |