Add DTLS renegotiation tests

Reviewed-by: Rich Salz <rsalz@openssl.org>
author: Matt Caswell <matt@openssl.org> 2016-09-27 12:24:47 +0100
committer: Matt Caswell <matt@openssl.org> 2016-09-28 09:15:07 +0100
commit: f9b1b6644a3a8fc6d617625ad979ee61cb67d381 (patch)
tree: 9c42b292e125666f2cb5d0753928a81c190aaae2 /test/ssl-tests
parent: fe7dd5534176d1b04be046fcbaad24430c8727e0 (diff)
2 files changed, 149 insertions, 0 deletions
diff --git a/test/ssl-tests/18-dtls-renegotiate.conf b/test/ssl-tests/18-dtls-renegotiate.conf
new file mode 100644
index 0000000000..32eeaf0443
--- /dev/null
+++ b/test/ssl-tests/18-dtls-renegotiate.conf
@@ -0,0 +1,86 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 3
+
+test-0 = 0-renegotiate-client-no-resume
+test-1 = 1-renegotiate-client-resume
+test-2 = 2-renegotiate-server-resume
+# ===========================================================
+
+[0-renegotiate-client-no-resume]
+ssl_conf = 0-renegotiate-client-no-resume-ssl
+
+[0-renegotiate-client-no-resume-ssl]
+server = 0-renegotiate-client-no-resume-server
+client = 0-renegotiate-client-no-resume-client
+
+[0-renegotiate-client-no-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = NoResumptionOnRenegotiation
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-renegotiate-client-no-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedResult = Success
+HandshakeMode = RenegotiateClient
+Method = DTLS
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[1-renegotiate-client-resume]
+ssl_conf = 1-renegotiate-client-resume-ssl
+
+[1-renegotiate-client-resume-ssl]
+server = 1-renegotiate-client-resume-server
+client = 1-renegotiate-client-resume-client
+
+[1-renegotiate-client-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-renegotiate-client-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedResult = Success
+HandshakeMode = RenegotiateClient
+Method = DTLS
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[2-renegotiate-server-resume]
+ssl_conf = 2-renegotiate-server-resume-ssl
+
+[2-renegotiate-server-resume-ssl]
+server = 2-renegotiate-server-resume-server
+client = 2-renegotiate-server-resume-client
+
+[2-renegotiate-server-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-renegotiate-server-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedResult = Success
+HandshakeMode = RenegotiateServer
+Method = DTLS
+ResumptionExpected = No
+
+
diff --git a/test/ssl-tests/18-dtls-renegotiate.conf.in b/test/ssl-tests/18-dtls-renegotiate.conf.in
new file mode 100644
index 0000000000..440fb2514a
--- /dev/null
+++ b/test/ssl-tests/18-dtls-renegotiate.conf.in
@@ -0,0 +1,63 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## Test Renegotiation
+
+use strict;
+use warnings;
+
+package ssltests;
+
+
+our @tests = (
+    {
+        name => "renegotiate-client-no-resume",
+        server => {
+            "Options" => "NoResumptionOnRenegotiation"
+        },
+        client => {},
+        test => {
+            "Method" => "DTLS",
+            "HandshakeMode" => "RenegotiateClient",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "renegotiate-client-resume",
+        server => {},
+        client => {},
+        test => {
+            "Method" => "DTLS",
+            "HandshakeMode" => "RenegotiateClient",
+            "ResumptionExpected" => "Yes",
+            "ExpectedResult" => "Success"
+        }
+    },
+# Note: Unlike the TLS tests, we will never do resumption with server
+# initiated reneg. This is because an OpenSSL DTLS client will always do a full
+# handshake (i.e. it doesn't supply a session id) when it receives a
+# HelloRequest. This is different to the OpenSSL TLS implementation where an
+# OpenSSL client will always try an abbreviated handshake (i.e. it will supply
+# the session id). This goes all the way to commit 48ae85b6f when abbreviated
+# handshake support was first added. Neither behaviour is wrong, but the
+# discrepancy is strange. TODO: Should we harmonise the TLS and DTLS behaviour,
+# and if so, what to?
+    {
+        name => "renegotiate-server-resume",
+        server => {},
+        client => {},
+        test => {
+            "Method" => "DTLS",
+            "HandshakeMode" => "RenegotiateServer",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    },
+);
author	Matt Caswell <matt@openssl.org>	2016-09-27 12:24:47 +0100
committer	Matt Caswell <matt@openssl.org>	2016-09-28 09:15:07 +0100
commit	f9b1b6644a3a8fc6d617625ad979ee61cb67d381 (patch)
tree	9c42b292e125666f2cb5d0753928a81c190aaae2 /test/ssl-tests
parent	fe7dd5534176d1b04be046fcbaad24430c8727e0 (diff)