Add a test for the wrong version number in a record
Prior to TLS1.3 we check that the received record version number is correct. In TLS1.3 we need to ignore the record version number. This adds a test to make sure we do it correctly. Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Matt Caswell
parent
3c9539d294
commit
8e47ee18c8
2 changed files with 39 additions and 6 deletions
|
|
@ -39,10 +39,13 @@ my $content_type = TLSProxy::Record::RT_APPLICATION_DATA;
|
|||
my $inject_recs_num = 1;
|
||||
$proxy->serverflags("-tls1_2");
|
||||
$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
|
||||
my $num_tests = 10;
|
||||
my $num_tests = 11;
|
||||
if (!disabled("tls1_1")) {
|
||||
$num_tests++;
|
||||
}
|
||||
if (!disabled("tls1_3")) {
|
||||
$num_tests++;
|
||||
}
|
||||
plan tests => $num_tests;
|
||||
ok(TLSProxy::Message->fail(), "Out of context empty records test");
|
||||
|
||||
|
|
@ -137,6 +140,21 @@ if (!disabled("tls1_1")) {
|
|||
ok(TLSProxy::Message->fail(), "Unrecognised record type in TLS1.1");
|
||||
}
|
||||
|
||||
#Test 12: Sending a different record version in TLS1.2 should fail
|
||||
$proxy->clear();
|
||||
$proxy->clientflags("-tls1_2");
|
||||
$proxy->filter(\&change_version);
|
||||
$proxy->start();
|
||||
ok(TLSProxy::Message->fail(), "Changed record version in TLS1.2");
|
||||
|
||||
#Test 13: Sending a different record version in TLS1.3 should succeed
|
||||
if (!disabled("tls1_3")) {
|
||||
$proxy->clear();
|
||||
$proxy->filter(\&change_version);
|
||||
$proxy->start();
|
||||
ok(TLSProxy::Message->success(), "Changed record version in TLS1.3");
|
||||
}
|
||||
|
||||
sub add_empty_recs_filter
|
||||
{
|
||||
my $proxy = shift;
|
||||
|
|
@ -388,3 +406,15 @@ sub add_unknown_record_type
|
|||
|
||||
unshift @{$proxy->record_list}, $record;
|
||||
}
|
||||
|
||||
sub change_version
|
||||
{
|
||||
my $proxy = shift;
|
||||
|
||||
# We'll change a version after the initial version neg has taken place
|
||||
if ($proxy->flight != 2) {
|
||||
return;
|
||||
}
|
||||
|
||||
(${$proxy->record_list}[-1])->version(TLSProxy::Record::VERS_TLS_1_1);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -278,11 +278,6 @@ sub content_type
|
|||
my $self = shift;
|
||||
return $self->{content_type};
|
||||
}
|
||||
sub version
|
||||
{
|
||||
my $self = shift;
|
||||
return $self->{version};
|
||||
}
|
||||
sub sslv2
|
||||
{
|
||||
my $self = shift;
|
||||
|
|
@ -332,4 +327,12 @@ sub len
|
|||
}
|
||||
return $self->{len};
|
||||
}
|
||||
sub version
|
||||
{
|
||||
my $self = shift;
|
||||
if (@_) {
|
||||
$self->{version} = shift;
|
||||
}
|
||||
return $self->{version};
|
||||
}
|
||||
1;
|
||||
|
|
|
|||
Loading…
Reference in a new issue