diff options
| author | Matt Caswell <matt@openssl.org> | 2021-09-20 14:36:42 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2021-10-11 11:18:05 +0100 |
| commit | 549675c54686b8fb0527720abf760313a78a1ae7 (patch) | |
| tree | d124aed093da9e9ab2f1a4d75c04cb0523d41c0f /test | |
| parent | e164577e720e9377b4f5ae4c726f47878547e616 (diff) | |
Extend custom extension testing
Test the scenario where we add a custom extension to a cetificate
request and expect a response in the client's certificate message.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16634)
(cherry picked from commit 0db3a9904fa00569905be130854a31dab7b8f49d)
Diffstat (limited to 'test')
| -rw-r--r-- | test/sslapitest.c | 37 |
1 files changed, 28 insertions, 9 deletions
diff --git a/test/sslapitest.c b/test/sslapitest.c index 7af0eab3fc..68907923e8 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -5544,6 +5544,11 @@ static int sni_cb(SSL *s, int *al, void *arg) return SSL_TLSEXT_ERR_OK; } +static int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx) +{ + return 1; +} + /* * Custom call back tests. * Test 0: Old style callbacks in TLSv1.2 @@ -5551,6 +5556,7 @@ static int sni_cb(SSL *s, int *al, void *arg) * Test 2: New style callbacks in TLSv1.2 with SNI * Test 3: New style callbacks in TLSv1.3. Extensions in CH and EE * Test 4: New style callbacks in TLSv1.3. Extensions in CH, SH, EE, Cert + NST + * Test 5: New style callbacks in TLSv1.3. Extensions in CR + Client Cert */ static int test_custom_exts(int tst) { @@ -5592,7 +5598,19 @@ static int test_custom_exts(int tst) SSL_CTX_set_options(sctx2, SSL_OP_NO_TLSv1_3); } - if (tst == 4) { + if (tst == 5) { + context = SSL_EXT_TLS1_3_CERTIFICATE_REQUEST + | SSL_EXT_TLS1_3_CERTIFICATE; + SSL_CTX_set_verify(sctx, + SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, + verify_cb); + if (!TEST_int_eq(SSL_CTX_use_certificate_file(cctx, cert, + SSL_FILETYPE_PEM), 1) + || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(cctx, privkey, + SSL_FILETYPE_PEM), 1) + || !TEST_int_eq(SSL_CTX_check_private_key(cctx), 1)) + goto end; + } else if (tst == 4) { context = SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO @@ -5688,6 +5706,12 @@ static int test_custom_exts(int tst) || (tst != 2 && snicb != 0) || (tst == 2 && snicb != 1)) goto end; + } else if (tst == 5) { + if (clntaddnewcb != 1 + || clntparsenewcb != 1 + || srvaddnewcb != 1 + || srvparsenewcb != 1) + goto end; } else { /* In this case there 2 NewSessionTicket messages created */ if (clntaddnewcb != 1 @@ -5704,8 +5728,8 @@ static int test_custom_exts(int tst) SSL_free(clientssl); serverssl = clientssl = NULL; - if (tst == 3) { - /* We don't bother with the resumption aspects for this test */ + if (tst == 3 || tst == 5) { + /* We don't bother with the resumption aspects for these tests */ testresult = 1; goto end; } @@ -8134,11 +8158,6 @@ err: return 0; } -static int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx) -{ - return 1; -} - static int test_client_cert_cb(int tst) { SSL_CTX *cctx = NULL, *sctx = NULL; @@ -9659,7 +9678,7 @@ int setup_tests(void) /* Test with only TLSv1.3 versions */ ADD_ALL_TESTS(test_key_exchange, 12); # endif - ADD_ALL_TESTS(test_custom_exts, 5); + ADD_ALL_TESTS(test_custom_exts, 6); ADD_TEST(test_stateless); ADD_TEST(test_pha_key_update); #else |