diff options
author | Matt Caswell <matt@openssl.org> | 2018-04-23 17:40:10 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-04-24 09:54:31 +0100 |
commit | 6862de63d469f3148a2ff5a04a6b9ab6413bd5ac (patch) | |
tree | e9a2302ee296f2422b9f02b9d13599ea329d173e /test | |
parent | 447cc0ad732858f3ab80b2dc52f15fd045b25363 (diff) |
Add a test to verify the ClientHello version is the same in a reneg
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6059)
Diffstat (limited to 'test')
-rw-r--r-- | test/recipes/70-test_renegotiation.t | 30 |
1 files changed, 29 insertions, 1 deletions
diff --git a/test/recipes/70-test_renegotiation.t b/test/recipes/70-test_renegotiation.t index 0951487446..734f1cd21e 100644 --- a/test/recipes/70-test_renegotiation.t +++ b/test/recipes/70-test_renegotiation.t @@ -38,7 +38,7 @@ my $proxy = TLSProxy::Proxy->new( $proxy->clientflags("-no_tls1_3"); $proxy->reneg(1); $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; -plan tests => 2; +plan tests => 3; ok(TLSProxy::Message->success(), "Basic renegotiation"); #Test 2: Client does not send the Reneg SCSV. Reneg should fail @@ -49,6 +49,34 @@ $proxy->reneg(1); $proxy->start(); ok(TLSProxy::Message->fail(), "No client SCSV"); +SKIP: { + skip "TLSv1.2 or TLSv1.1 disabled", 1 + if disabled("tls1_2") || disabled("tls1_1"); + #Test 3: Check that the ClientHello version remains the same in the reneg + # handshake + $proxy->clear(); + $proxy->filter(undef); + $proxy->clientflags("-no_tls1_3"); + $proxy->serverflags("-no_tls1_3 -no_tls1_2"); + $proxy->reneg(1); + $proxy->start(); + my $chversion; + my $chmatch = 0; + foreach my $message (@{$proxy->message_list}) { + if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { + if (!defined $chversion) { + $chversion = $message->client_version; + } else { + if ($chversion == $message->client_version) { + $chmatch = 1; + } + } + } + } + ok(TLSProxy::Message->success() && $chmatch, + "Check ClientHello version is the same"); +} + sub reneg_filter { my $proxy = shift; |