diff options
author | Matt Caswell <matt@openssl.org> | 2018-09-06 12:06:24 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-09-07 11:15:20 +0100 |
commit | 57d7b988b498ed34e98d1957fbbded8342f2a952 (patch) | |
tree | c25760f1a51660f417622b2ec642a652b94403ea /test | |
parent | 80eff008ec8767f844534d28a7c252cd23c08835 (diff) |
Test that we can handle a PHA CertificateRequest after we sent close_notify
Even though we already sent close_notify the server may not have recieved
it yet and could issue a CertificateRequest to us. Since we've already
sent close_notify we can't send any reasonable response so we just ignore
it.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7114)
Diffstat (limited to 'test')
-rw-r--r-- | test/sslapitest.c | 35 |
1 files changed, 25 insertions, 10 deletions
diff --git a/test/sslapitest.c b/test/sslapitest.c index 78c378bb66..bb518857c8 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -5343,7 +5343,9 @@ static int test_ticket_callbacks(int tst) * Test 3: TLSv1.3, pending NewSessionTicket messages * Test 4: TLSv1.3, server continues to read/write after client shutdown, server * sends key update, client reads it - * Test 5: TLSv1.3, server continues to read/write after client shutdown, client + * Test 5: TLSv1.3, server continues to read/write after client shutdown, server + * sends CertificateRequest, client reads and ignores it + * Test 6: TLSv1.3, server continues to read/write after client shutdown, client * doesn't read it */ static int test_shutdown(int tst) @@ -5370,8 +5372,13 @@ static int test_shutdown(int tst) TLS1_VERSION, (tst <= 1) ? TLS1_2_VERSION : TLS1_3_VERSION, - &sctx, &cctx, cert, privkey)) - || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + &sctx, &cctx, cert, privkey))) + goto end; + + if (tst == 5) + SSL_CTX_set_post_handshake_auth(cctx, 1); + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL))) goto end; @@ -5407,13 +5414,21 @@ static int test_shutdown(int tst) */ || !TEST_true(SSL_write(serverssl, msg, sizeof(msg)))) goto end; - if (tst == 4 && - (!TEST_true(SSL_key_update(serverssl, SSL_KEY_UPDATE_REQUESTED)) - || !TEST_true(SSL_write(serverssl, msg, sizeof(msg))))) + if (tst == 4 + && !TEST_true(SSL_key_update(serverssl, + SSL_KEY_UPDATE_REQUESTED))) + goto end; + if (tst == 5) { + SSL_set_verify(serverssl, SSL_VERIFY_PEER, NULL); + if (!TEST_true(SSL_verify_client_post_handshake(serverssl))) + goto end; + } + if ((tst == 4 || tst == 5) + && !TEST_true(SSL_write(serverssl, msg, sizeof(msg)))) goto end; if (!TEST_int_eq(SSL_shutdown(serverssl), 1)) goto end; - if (tst == 4) { + if (tst == 4 || tst == 5) { /* Should still be able to read data from server */ if (!TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)) @@ -5448,7 +5463,7 @@ static int test_shutdown(int tst) || !TEST_true(SSL_SESSION_is_resumable(sess)) || !TEST_int_eq(SSL_shutdown(serverssl), 1)) goto end; - } else if (tst == 4) { + } else if (tst == 4 || tst == 5) { /* * In this test the client has sent close_notify and it has been * received by the server which has responded with a close_notify. The @@ -5460,7 +5475,7 @@ static int test_shutdown(int tst) goto end; } else { /* - * tst == 5 + * tst == 6 * * The client has sent close_notify and is expecting a close_notify * back, but instead there is application data first. The shutdown @@ -5583,7 +5598,7 @@ int setup_tests(void) ADD_ALL_TESTS(test_ssl_pending, 2); ADD_ALL_TESTS(test_ssl_get_shared_ciphers, OSSL_NELEM(shared_ciphers_data)); ADD_ALL_TESTS(test_ticket_callbacks, 12); - ADD_ALL_TESTS(test_shutdown, 6); + ADD_ALL_TESTS(test_shutdown, 7); return 1; } |