diff options
author | Benjamin Kaduk <bkaduk@akamai.com> | 2021-03-29 23:05:22 -0700 |
---|---|---|
committer | Benjamin Kaduk <bkaduk@akamai.com> | 2021-05-14 11:40:21 -0700 |
commit | b743b16113ca0e30c383191c804de37dbfc4f12e (patch) | |
tree | 454faf0677b5b76bd04810defba5fb5e8475e36f /test | |
parent | df1fd3c986f5a58b6dc87d2c4bb565a8f1e688fa (diff) |
Update expected results for tls13kexmodes tests
One of the scenarios constructed in these tests was erroneously
producing successful handshakes until the previous commits, but should
have been failing. Update our expected behavior to match the
specification requirements, and adjust the commentary slightly for
a test case relevant for the other preceding commit.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(cherry picked from commit 80c25611abd7067815943187f36f5e1879201678)
(Merged from https://github.com/openssl/openssl/pull/15255)
Diffstat (limited to 'test')
-rw-r--r-- | test/recipes/70-test_tls13kexmodes.t | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/test/recipes/70-test_tls13kexmodes.t b/test/recipes/70-test_tls13kexmodes.t index 98989b4703..e8ab25f190 100644 --- a/test/recipes/70-test_tls13kexmodes.t +++ b/test/recipes/70-test_tls13kexmodes.t @@ -195,17 +195,14 @@ $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; plan tests => 11; ok(TLSProxy::Message->success(), "Initial connection"); -#Test 2: Attempt a resume with no kex modes extension. Should not resume +#Test 2: Attempt a resume with no kex modes extension. Should fail (server +# MUST abort handshake with pre_shared key and no psk_kex_modes) $proxy->clear(); $proxy->clientflags("-sess_in ".$session); my $testtype = DELETE_EXTENSION; $proxy->filter(\&modify_kex_modes_filter); $proxy->start(); -checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, - checkhandshake::DEFAULT_EXTENSIONS - | checkhandshake::KEY_SHARE_SRV_EXTENSION - | checkhandshake::PSK_CLI_EXTENSION, - "Resume with no kex modes"); +ok(TLSProxy::Message->fail(), "Resume with no kex modes"); #Test 3: Attempt a resume with empty kex modes extension. Should fail (empty # extension is invalid) @@ -243,6 +240,7 @@ checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, "Resume with non-dhe kex mode"); #Test 6: Attempt a resume with only unrecognised kex modes. Should not resume +# but rather fall back to full handshake $proxy->clear(); $proxy->clientflags("-sess_in ".$session); $testtype = UNKNOWN_KEX_MODES; @@ -252,7 +250,7 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, | checkhandshake::PSK_KEX_MODES_EXTENSION | checkhandshake::KEY_SHARE_SRV_EXTENSION | checkhandshake::PSK_CLI_EXTENSION, - "Resume with empty kex modes"); + "Resume with unrecognized kex mode"); #Test 7: Attempt a resume with both non-dhe and dhe kex mode. Should resume with # a key_share |