Deleted Added
sdiff udiff text old ( 1.1.1.3 ) new ( 1.1.1.1 )
full compact
70-test_sslsessiontick.t (1.1.1.3) 70-test_sslsessiontick.t (1.1.1.1)
1#! /usr/bin/env perl
1#! /usr/bin/env perl
2# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
2# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
3#
4# Licensed under the OpenSSL license (the "License"). You may not use
5# this file except in compliance with the License. You can obtain a copy
6# in the file LICENSE in the source distribution or at
7# https://www.openssl.org/source/license.html
8
9use strict;
10use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/;
11use OpenSSL::Test::Utils;
12use TLSProxy::Proxy;
13use File::Temp qw(tempfile);
14
15my $test_name = "test_sslsessiontick";
16setup($test_name);
17
18plan skip_all => "TLSProxy isn't usable on $^O"
3#
4# Licensed under the OpenSSL license (the "License"). You may not use
5# this file except in compliance with the License. You can obtain a copy
6# in the file LICENSE in the source distribution or at
7# https://www.openssl.org/source/license.html
8
9use strict;
10use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/;
11use OpenSSL::Test::Utils;
12use TLSProxy::Proxy;
13use File::Temp qw(tempfile);
14
15my $test_name = "test_sslsessiontick";
16setup($test_name);
17
18plan skip_all => "TLSProxy isn't usable on $^O"
19 if $^O =~ /^(VMS)$/;
19 if $^O =~ /^(VMS|MSWin32)$/;
20
21plan skip_all => "$test_name needs the dynamic engine feature enabled"
22 if disabled("engine") || disabled("dynamic-engine");
23
24plan skip_all => "$test_name needs the sock feature enabled"
25 if disabled("sock");
26
20
21plan skip_all => "$test_name needs the dynamic engine feature enabled"
22 if disabled("engine") || disabled("dynamic-engine");
23
24plan skip_all => "$test_name needs the sock feature enabled"
25 if disabled("sock");
26
27plan skip_all => "$test_name needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled"
28 if alldisabled(("ssl3", "tls1", "tls1_1", "tls1_2"));
27plan skip_all => "$test_name needs TLS enabled"
28 if alldisabled(available_protocols("tls"));
29
30$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
31
32sub checkmessages($$$$$$);
33sub clearclient();
34sub clearall();
35
36my $chellotickext = 0;

--- 6 unchanged lines hidden (view full) ---

43 cmdstr(app(["openssl"]), display => 1),
44 srctop_file("apps", "server.pem"),
45 (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
46);
47
48#Test 1: By default with no existing session we should get a session ticket
49#Expected result: ClientHello extension seen; ServerHello extension seen
50# NewSessionTicket message seen; Full handshake
29
30$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
31
32sub checkmessages($$$$$$);
33sub clearclient();
34sub clearall();
35
36my $chellotickext = 0;

--- 6 unchanged lines hidden (view full) ---

43 cmdstr(app(["openssl"]), display => 1),
44 srctop_file("apps", "server.pem"),
45 (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
46);
47
48#Test 1: By default with no existing session we should get a session ticket
49#Expected result: ClientHello extension seen; ServerHello extension seen
50# NewSessionTicket message seen; Full handshake
51$proxy->clientflags("-no_tls1_3");
52$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
53plan tests => 10;
54checkmessages(1, "Default session ticket test", 1, 1, 1, 1);
55
56#Test 2: If the server does not accept tickets we should get a normal handshake
57#with no session tickets
58#Expected result: ClientHello extension seen; ServerHello extension not seen
59# NewSessionTicket message not seen; Full handshake
60clearall();
51$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
52plan tests => 10;
53checkmessages(1, "Default session ticket test", 1, 1, 1, 1);
54
55#Test 2: If the server does not accept tickets we should get a normal handshake
56#with no session tickets
57#Expected result: ClientHello extension seen; ServerHello extension not seen
58# NewSessionTicket message not seen; Full handshake
59clearall();
61$proxy->clientflags("-no_tls1_3");
62$proxy->serverflags("-no_ticket");
63$proxy->start();
64checkmessages(2, "No server support session ticket test", 1, 0, 0, 1);
65
66#Test 3: If the client does not accept tickets we should get a normal handshake
67#with no session tickets
68#Expected result: ClientHello extension not seen; ServerHello extension not seen
69# NewSessionTicket message not seen; Full handshake
70clearall();
60$proxy->serverflags("-no_ticket");
61$proxy->start();
62checkmessages(2, "No server support session ticket test", 1, 0, 0, 1);
63
64#Test 3: If the client does not accept tickets we should get a normal handshake
65#with no session tickets
66#Expected result: ClientHello extension not seen; ServerHello extension not seen
67# NewSessionTicket message not seen; Full handshake
68clearall();
71$proxy->clientflags("-no_tls1_3 -no_ticket");
69$proxy->clientflags("-no_ticket");
72$proxy->start();
73checkmessages(3, "No client support session ticket test", 0, 0, 0, 1);
74
75#Test 4: Test session resumption with session ticket
76#Expected result: ClientHello extension seen; ServerHello extension not seen
77# NewSessionTicket message not seen; Abbreviated handshake
78clearall();
79(undef, my $session) = tempfile();
80$proxy->serverconnects(2);
70$proxy->start();
71checkmessages(3, "No client support session ticket test", 0, 0, 0, 1);
72
73#Test 4: Test session resumption with session ticket
74#Expected result: ClientHello extension seen; ServerHello extension not seen
75# NewSessionTicket message not seen; Abbreviated handshake
76clearall();
77(undef, my $session) = tempfile();
78$proxy->serverconnects(2);
81$proxy->clientflags("-no_tls1_3 -sess_out ".$session);
79$proxy->clientflags("-sess_out ".$session);
82$proxy->start();
83$proxy->clearClient();
80$proxy->start();
81$proxy->clearClient();
84$proxy->clientflags("-no_tls1_3 -sess_in ".$session);
82$proxy->clientflags("-sess_in ".$session);
85$proxy->clientstart();
86checkmessages(4, "Session resumption session ticket test", 1, 0, 0, 0);
87unlink $session;
88
89#Test 5: Test session resumption with ticket capable client without a ticket
90#Expected result: ClientHello extension seen; ServerHello extension seen
91# NewSessionTicket message seen; Abbreviated handshake
92clearall();
93(undef, $session) = tempfile();
94$proxy->serverconnects(2);
83$proxy->clientstart();
84checkmessages(4, "Session resumption session ticket test", 1, 0, 0, 0);
85unlink $session;
86
87#Test 5: Test session resumption with ticket capable client without a ticket
88#Expected result: ClientHello extension seen; ServerHello extension seen
89# NewSessionTicket message seen; Abbreviated handshake
90clearall();
91(undef, $session) = tempfile();
92$proxy->serverconnects(2);
95$proxy->clientflags("-no_tls1_3 -sess_out ".$session." -no_ticket");
93$proxy->clientflags("-sess_out ".$session." -no_ticket");
96$proxy->start();
97$proxy->clearClient();
94$proxy->start();
95$proxy->clearClient();
98$proxy->clientflags("-no_tls1_3 -sess_in ".$session);
96$proxy->clientflags("-sess_in ".$session);
99$proxy->clientstart();
100checkmessages(5, "Session resumption with ticket capable client without a "
101 ."ticket", 1, 1, 1, 0);
102unlink $session;
103
104#Test 6: Client accepts empty ticket.
105#Expected result: ClientHello extension seen; ServerHello extension seen;
106# NewSessionTicket message seen; Full handshake.
107clearall();
108$proxy->filter(\&ticket_filter);
97$proxy->clientstart();
98checkmessages(5, "Session resumption with ticket capable client without a "
99 ."ticket", 1, 1, 1, 0);
100unlink $session;
101
102#Test 6: Client accepts empty ticket.
103#Expected result: ClientHello extension seen; ServerHello extension seen;
104# NewSessionTicket message seen; Full handshake.
105clearall();
106$proxy->filter(\&ticket_filter);
109$proxy->clientflags("-no_tls1_3");
110$proxy->start();
111checkmessages(6, "Empty ticket test", 1, 1, 1, 1);
112
113#Test 7-8: Client keeps existing ticket on empty ticket.
114clearall();
115(undef, $session) = tempfile();
116$proxy->serverconnects(3);
117$proxy->filter(undef);
107$proxy->start();
108checkmessages(6, "Empty ticket test", 1, 1, 1, 1);
109
110#Test 7-8: Client keeps existing ticket on empty ticket.
111clearall();
112(undef, $session) = tempfile();
113$proxy->serverconnects(3);
114$proxy->filter(undef);
118$proxy->clientflags("-no_tls1_3 -sess_out ".$session);
115$proxy->clientflags("-sess_out ".$session);
119$proxy->start();
120$proxy->clearClient();
116$proxy->start();
117$proxy->clearClient();
121$proxy->clientflags("-no_tls1_3 -sess_in ".$session." -sess_out ".$session);
118$proxy->clientflags("-sess_in ".$session." -sess_out ".$session);
122$proxy->filter(\&inject_empty_ticket_filter);
123$proxy->clientstart();
124#Expected result: ClientHello extension seen; ServerHello extension seen;
125# NewSessionTicket message seen; Abbreviated handshake.
126checkmessages(7, "Empty ticket resumption test", 1, 1, 1, 0);
127clearclient();
119$proxy->filter(\&inject_empty_ticket_filter);
120$proxy->clientstart();
121#Expected result: ClientHello extension seen; ServerHello extension seen;
122# NewSessionTicket message seen; Abbreviated handshake.
123checkmessages(7, "Empty ticket resumption test", 1, 1, 1, 0);
124clearclient();
128$proxy->clientflags("-no_tls1_3 -sess_in ".$session);
125$proxy->clientflags("-sess_in ".$session);
129$proxy->filter(undef);
130$proxy->clientstart();
131#Expected result: ClientHello extension seen; ServerHello extension not seen;
132# NewSessionTicket message not seen; Abbreviated handshake.
133checkmessages(8, "Empty ticket resumption test", 1, 0, 0, 0);
134unlink $session;
135
136#Test 9: Bad server sends the ServerHello extension but does not send a
137#NewSessionTicket
138#Expected result: Connection failure
139clearall();
126$proxy->filter(undef);
127$proxy->clientstart();
128#Expected result: ClientHello extension seen; ServerHello extension not seen;
129# NewSessionTicket message not seen; Abbreviated handshake.
130checkmessages(8, "Empty ticket resumption test", 1, 0, 0, 0);
131unlink $session;
132
133#Test 9: Bad server sends the ServerHello extension but does not send a
134#NewSessionTicket
135#Expected result: Connection failure
136clearall();
140$proxy->clientflags("-no_tls1_3");
141$proxy->serverflags("-no_ticket");
142$proxy->filter(\&inject_ticket_extension_filter);
143$proxy->start();
144ok(TLSProxy::Message->fail, "Server sends ticket extension but no ticket test");
145
146#Test10: Bad server does not send the ServerHello extension but does send a
147#NewSessionTicket
148#Expected result: Connection failure
149clearall();
137$proxy->serverflags("-no_ticket");
138$proxy->filter(\&inject_ticket_extension_filter);
139$proxy->start();
140ok(TLSProxy::Message->fail, "Server sends ticket extension but no ticket test");
141
142#Test10: Bad server does not send the ServerHello extension but does send a
143#NewSessionTicket
144#Expected result: Connection failure
145clearall();
150$proxy->clientflags("-no_tls1_3");
151$proxy->serverflags("-no_ticket");
152$proxy->filter(\&inject_empty_ticket_filter);
153$proxy->start();
154ok(TLSProxy::Message->fail, "No server ticket extension but ticket sent test");
155
156sub ticket_filter
157{
158 my $proxy = shift;

--- 70 unchanged lines hidden (view full) ---

229 if (defined
230 $extensions{TLSProxy::Message::EXT_SESSION_TICKET}) {
231 if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) {
232 $chellotickext = 1;
233 } else {
234 $shellotickext = 1;
235 }
236 }
146$proxy->serverflags("-no_ticket");
147$proxy->filter(\&inject_empty_ticket_filter);
148$proxy->start();
149ok(TLSProxy::Message->fail, "No server ticket extension but ticket sent test");
150
151sub ticket_filter
152{
153 my $proxy = shift;

--- 70 unchanged lines hidden (view full) ---

224 if (defined
225 $extensions{TLSProxy::Message::EXT_SESSION_TICKET}) {
226 if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) {
227 $chellotickext = 1;
228 } else {
229 $shellotickext = 1;
230 }
231 }
237 } elsif ($message->mt == TLSProxy::Message::MT_CERTIFICATE) {
232 } elsif ($message->mt == TLSProxy::Message::MT_CLIENT_KEY_EXCHANGE) {
238 #Must be doing a full handshake
239 $fullhand = 1;
240 } elsif ($message->mt == TLSProxy::Message::MT_NEW_SESSION_TICKET) {
241 $ticketseen = 1;
242 }
243 }
244
245 plan tests => 5;

--- 28 unchanged lines hidden --- 		233 #Must be doing a full handshake
234 $fullhand = 1;
235 } elsif ($message->mt == TLSProxy::Message::MT_NEW_SESSION_TICKET) {
236 $ticketseen = 1;
237 }
238 }
239
240 plan tests => 5;

--- 28 unchanged lines hidden ---