diff options
author | Benjamin Kaduk <bkaduk@akamai.com> | 2017-10-04 12:09:16 -0500 |
---|---|---|
committer | Ben Kaduk <kaduk@mit.edu> | 2018-01-03 09:43:54 -0600 |
commit | 767938fae99777c84818bdebae239934b8558a74 (patch) | |
tree | cc232fb9cb43da8e98dc73a7f7479956cf6d0ece /test/recipes/70-test_sslextension.t | |
parent | 7bc2bddb14246f78da5d314e034359d44e55ce69 (diff) | |
download | openssl-767938fae99777c84818bdebae239934b8558a74.zip openssl-767938fae99777c84818bdebae239934b8558a74.tar.gz openssl-767938fae99777c84818bdebae239934b8558a74.tar.bz2 |
Test that supported_groups is permitted in ServerHello
Add a regression test for the functionality enabled in the
previous commit.
[extended tests]
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4463)
Diffstat (limited to 'test/recipes/70-test_sslextension.t')
-rw-r--r-- | test/recipes/70-test_sslextension.t | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/test/recipes/70-test_sslextension.t b/test/recipes/70-test_sslextension.t index 0622e4d..5382d2e 100644 --- a/test/recipes/70-test_sslextension.t +++ b/test/recipes/70-test_sslextension.t @@ -29,7 +29,8 @@ plan skip_all => "$test_name needs TLS enabled" use constant { UNSOLICITED_SERVER_NAME => 0, UNSOLICITED_SERVER_NAME_TLS13 => 1, - UNSOLICITED_SCT => 2 + UNSOLICITED_SCT => 2, + NONCOMPLIANT_SUPPORTED_GROUPS => 3 }; my $testtype; @@ -44,7 +45,7 @@ my $proxy = TLSProxy::Proxy->new( # Test 1: Sending a zero length extension block should pass $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; -plan tests => 6; +plan tests => 7; ok(TLSProxy::Message->success, "Zero extension length test"); sub extension_filter @@ -154,13 +155,15 @@ sub inject_unsolicited_extension $type = TLSProxy::Message::EXT_SERVER_NAME; } elsif ($testtype == UNSOLICITED_SCT) { $type = TLSProxy::Message::EXT_SCT; + } elsif ($testtype == NONCOMPLIANT_SUPPORTED_GROUPS) { + $type = TLSProxy::Message::EXT_SUPPORTED_GROUPS; } $message->set_extension($type, $ext); $message->repack(); } SKIP: { - skip "TLS <= 1.2 disabled", 1 if alldisabled(("tls1", "tls1_1", "tls1_2")); + skip "TLS <= 1.2 disabled", 2 if alldisabled(("tls1", "tls1_1", "tls1_2")); #Test 4: Inject an unsolicited extension (<= TLSv1.2) $proxy->clear(); $proxy->filter(\&inject_unsolicited_extension); @@ -168,12 +171,20 @@ SKIP: { $proxy->clientflags("-no_tls1_3 -noservername"); $proxy->start(); ok(TLSProxy::Message->fail(), "Unsolicited server name extension"); + + #Test 5: Inject a noncompliant supported_groups extension (<= TLSv1.2) + $proxy->clear(); + $proxy->filter(\&inject_unsolicited_extension); + $testtype = NONCOMPLIANT_SUPPORTED_GROUPS; + $proxy->clientflags("-no_tls1_3"); + $proxy->start(); + ok(TLSProxy::Message->success(), "Noncompliant supported_groups extension"); } SKIP: { skip "TLS <= 1.2 or CT disabled", 1 if alldisabled(("tls1", "tls1_1", "tls1_2")) || disabled("ct"); - #Test 5: Same as above for the SCT extension which has special handling + #Test 6: Same as above for the SCT extension which has special handling $proxy->clear(); $testtype = UNSOLICITED_SCT; $proxy->clientflags("-no_tls1_3"); @@ -183,7 +194,7 @@ SKIP: { SKIP: { skip "TLS 1.3 disabled", 1 if disabled("tls1_3"); - #Test 6: Inject an unsolicited extension (TLSv1.3) + #Test 7: Inject an unsolicited extension (TLSv1.3) $proxy->clear(); $proxy->filter(\&inject_unsolicited_extension); $testtype = UNSOLICITED_SERVER_NAME_TLS13; |