Test that we can handle a PHA CertificateRequest after we sent close_notify

Even though we already sent close_notify the server may not have recieved
it yet and could issue a CertificateRequest to us. Since we've already
sent close_notify we can't send any reasonable response so we just ignore
it.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7114)
This commit is contained in:
Matt Caswell 2018-09-06 12:06:24 +01:00
parent 80eff008ec
commit 57d7b988b4

View file

@ -5343,7 +5343,9 @@ static int test_ticket_callbacks(int tst)
* Test 3: TLSv1.3, pending NewSessionTicket messages
* Test 4: TLSv1.3, server continues to read/write after client shutdown, server
* sends key update, client reads it
* Test 5: TLSv1.3, server continues to read/write after client shutdown, client
* Test 5: TLSv1.3, server continues to read/write after client shutdown, server
* sends CertificateRequest, client reads and ignores it
* Test 6: TLSv1.3, server continues to read/write after client shutdown, client
* doesn't read it
*/
static int test_shutdown(int tst)
@ -5370,8 +5372,13 @@ static int test_shutdown(int tst)
TLS1_VERSION,
(tst <= 1) ? TLS1_2_VERSION
: TLS1_3_VERSION,
&sctx, &cctx, cert, privkey))
|| !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
&sctx, &cctx, cert, privkey)))
goto end;
if (tst == 5)
SSL_CTX_set_post_handshake_auth(cctx, 1);
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL)))
goto end;
@ -5407,13 +5414,21 @@ static int test_shutdown(int tst)
*/
|| !TEST_true(SSL_write(serverssl, msg, sizeof(msg))))
goto end;
if (tst == 4 &&
(!TEST_true(SSL_key_update(serverssl, SSL_KEY_UPDATE_REQUESTED))
|| !TEST_true(SSL_write(serverssl, msg, sizeof(msg)))))
if (tst == 4
&& !TEST_true(SSL_key_update(serverssl,
SSL_KEY_UPDATE_REQUESTED)))
goto end;
if (tst == 5) {
SSL_set_verify(serverssl, SSL_VERIFY_PEER, NULL);
if (!TEST_true(SSL_verify_client_post_handshake(serverssl)))
goto end;
}
if ((tst == 4 || tst == 5)
&& !TEST_true(SSL_write(serverssl, msg, sizeof(msg))))
goto end;
if (!TEST_int_eq(SSL_shutdown(serverssl), 1))
goto end;
if (tst == 4) {
if (tst == 4 || tst == 5) {
/* Should still be able to read data from server */
if (!TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf),
&readbytes))
@ -5448,7 +5463,7 @@ static int test_shutdown(int tst)
|| !TEST_true(SSL_SESSION_is_resumable(sess))
|| !TEST_int_eq(SSL_shutdown(serverssl), 1))
goto end;
} else if (tst == 4) {
} else if (tst == 4 || tst == 5) {
/*
* In this test the client has sent close_notify and it has been
* received by the server which has responded with a close_notify. The
@ -5460,7 +5475,7 @@ static int test_shutdown(int tst)
goto end;
} else {
/*
* tst == 5
* tst == 6
*
* The client has sent close_notify and is expecting a close_notify
* back, but instead there is application data first. The shutdown
@ -5583,7 +5598,7 @@ int setup_tests(void)
ADD_ALL_TESTS(test_ssl_pending, 2);
ADD_ALL_TESTS(test_ssl_get_shared_ciphers, OSSL_NELEM(shared_ciphers_data));
ADD_ALL_TESTS(test_ticket_callbacks, 12);
ADD_ALL_TESTS(test_shutdown, 6);
ADD_ALL_TESTS(test_shutdown, 7);
return 1;
}