wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/test/recipes/70-test_sslcertstatus.t
Matt Caswell 3434f40b6f Split ServerHello extensions 
In TLS1.3 some ServerHello extensions remain in the ServerHello, while
others move to the EncryptedExtensions message. This commit performs that
move.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:19:11 +00:00

68 lines
2.3 KiB
Perl
Executable file
Raw Blame History

#! /usr/bin/env perl
# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
use strict;
use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/;
use OpenSSL::Test::Utils;
use TLSProxy::Proxy;
my $test_name = "test_sslcertstatus";
setup($test_name);
plan skip_all => "TLSProxy isn't usable on $^O"
if $^O =~ /^(VMS|MSWin32)$/;
plan skip_all => "$test_name needs the dynamic engine feature enabled"
if disabled("engine") || disabled("dynamic-engine");
plan skip_all => "$test_name needs the sock feature enabled"
if disabled("sock");
plan skip_all => "$test_name needs the ocsp feature enabled"
if disabled("ocsp");
plan skip_all => "$test_name needs TLS enabled"
if alldisabled(available_protocols("tls"));
$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
my $proxy = TLSProxy::Proxy->new(
\&certstatus_filter,
cmdstr(app(["openssl"]), display => 1),
srctop_file("apps", "server.pem"),
(!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
);
#Test 1: Sending a status_request extension in both ClientHello and
#ServerHello but then omitting the CertificateStatus message is valid
#TODO(TLS1.3): Temporarily disabling this test in TLS1.3 until we've completed
#the move the status request extension to the Certificate message.
$proxy->clientflags("-status -no_tls1_3");
$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
plan tests => 1;
ok(TLSProxy::Message->success, "Missing CertificateStatus message");
sub certstatus_filter
{
my $proxy = shift;
# We're only interested in the initial ServerHello
if ($proxy->flight != 1) {
return;
}
foreach my $message (@{$proxy->message_list}) {
if ($message->mt == TLSProxy::Message::MT_SERVER_HELLO) {
#Add the status_request to the ServerHello even though we are not
#going to send a CertificateStatus message
$message->set_extension(TLSProxy::Message::EXT_STATUS_REQUEST,
"");
$message->repack();
}
}
}
Reference in a new issue View git blame Copy permalink