Commit 6f34a16e authored by Matt Caswell's avatar Matt Caswell
Browse files

Teach TLSProxy how to parse CertificateRequest messages 



We also use this in test_tls13messages to check that the extensions we
expect to see in a CertificateRequest are there.

Reviewed-by: default avatarTomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9780)

(cherry picked from commit dc5bcb88d819de55eb37460c122e02fec91c6d86)
parent f8affa29

test/recipes/70-test_sslmessages.t

+24 −1
Original line number Diff line number Diff line
@@ -95,58 +95,81 @@ my $proxy = TLSProxy::Proxy->new( 


@extensions = (

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME,

        TLSProxy::Message::CLIENT,

        checkhandshake::SERVER_NAME_CLI_EXTENSION],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,

        TLSProxy::Message::CLIENT,

        checkhandshake::STATUS_REQUEST_CLI_EXTENSION],

    (disabled("ec") ? () :

                      [TLSProxy::Message::MT_CLIENT_HELLO,

                       TLSProxy::Message::EXT_SUPPORTED_GROUPS,

                       TLSProxy::Message::CLIENT,

                       checkhandshake::DEFAULT_EXTENSIONS]),

    (disabled("ec") ? () :

                      [TLSProxy::Message::MT_CLIENT_HELLO,

                       TLSProxy::Message::EXT_EC_POINT_FORMATS,

                       TLSProxy::Message::CLIENT,

                       checkhandshake::DEFAULT_EXTENSIONS]),

    (disabled("tls1_2") ? () :

     [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS,

        TLSProxy::Message::CLIENT,

         checkhandshake::DEFAULT_EXTENSIONS]),

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN,

        TLSProxy::Message::CLIENT,

        checkhandshake::ALPN_CLI_EXTENSION],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT,

        TLSProxy::Message::CLIENT,

        checkhandshake::SCT_CLI_EXTENSION],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC,

        TLSProxy::Message::CLIENT,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET,

        TLSProxy::Message::CLIENT,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET,

        TLSProxy::Message::CLIENT,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_RENEGOTIATE,

        TLSProxy::Message::CLIENT,

        checkhandshake::RENEGOTIATE_CLI_EXTENSION],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_NPN,

        TLSProxy::Message::CLIENT,

        checkhandshake::NPN_CLI_EXTENSION],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SRP,

        TLSProxy::Message::CLIENT,

        checkhandshake::SRP_CLI_EXTENSION],



    [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_RENEGOTIATE,

        TLSProxy::Message::SERVER,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC,

        TLSProxy::Message::SERVER,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET,

        TLSProxy::Message::SERVER,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SESSION_TICKET,

        TLSProxy::Message::SERVER,

        checkhandshake::SESSION_TICKET_SRV_EXTENSION],

    [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SERVER_NAME,

        TLSProxy::Message::SERVER,

        checkhandshake::SERVER_NAME_SRV_EXTENSION],

    [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,

        TLSProxy::Message::SERVER,

        checkhandshake::STATUS_REQUEST_SRV_EXTENSION],

    [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_ALPN,

        TLSProxy::Message::SERVER,

        checkhandshake::ALPN_SRV_EXTENSION],

    [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SCT,

        TLSProxy::Message::SERVER,

        checkhandshake::SCT_SRV_EXTENSION],

    [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_NPN,

        TLSProxy::Message::SERVER,

        checkhandshake::NPN_SRV_EXTENSION],

    [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS,

        TLSProxy::Message::SERVER,

        checkhandshake::EC_POINT_FORMAT_SRV_EXTENSION],

    [0,0,0]

    [0,0,0,0]

);



#Test 1: Check we get all the right messages for a default handshake

test/recipes/70-test_tls13kexmodes.t

+35 −1
Original line number Diff line number Diff line
@@ -62,78 +62,112 @@ $ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); 


@extensions = (

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME,

        TLSProxy::Message::CLIENT,

        checkhandshake::SERVER_NAME_CLI_EXTENSION],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,

        TLSProxy::Message::CLIENT,

        checkhandshake::STATUS_REQUEST_CLI_EXTENSION],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS,

        TLSProxy::Message::CLIENT,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS,

        TLSProxy::Message::CLIENT,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS,

        TLSProxy::Message::CLIENT,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN,

        TLSProxy::Message::CLIENT,

        checkhandshake::ALPN_CLI_EXTENSION],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT,

        TLSProxy::Message::CLIENT,

        checkhandshake::SCT_CLI_EXTENSION],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC,

        TLSProxy::Message::CLIENT,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET,

        TLSProxy::Message::CLIENT,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET,

        TLSProxy::Message::CLIENT,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE,

        TLSProxy::Message::CLIENT,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,

        TLSProxy::Message::CLIENT,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES,

        TLSProxy::Message::CLIENT,

        checkhandshake::PSK_KEX_MODES_EXTENSION],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK,

        TLSProxy::Message::CLIENT,

        checkhandshake::PSK_CLI_EXTENSION],



    [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,

        TLSProxy::Message::SERVER,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE,

        TLSProxy::Message::SERVER,

        checkhandshake::KEY_SHARE_HRR_EXTENSION],



    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME,

        TLSProxy::Message::CLIENT,

        checkhandshake::SERVER_NAME_CLI_EXTENSION],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,

        TLSProxy::Message::CLIENT,

        checkhandshake::STATUS_REQUEST_CLI_EXTENSION],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS,

        TLSProxy::Message::CLIENT,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS,

        TLSProxy::Message::CLIENT,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS,

        TLSProxy::Message::CLIENT,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN,

        TLSProxy::Message::CLIENT,

        checkhandshake::ALPN_CLI_EXTENSION],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT,

        TLSProxy::Message::CLIENT,

        checkhandshake::SCT_CLI_EXTENSION],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC,

        TLSProxy::Message::CLIENT,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET,

        TLSProxy::Message::CLIENT,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET,

        TLSProxy::Message::CLIENT,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE,

        TLSProxy::Message::CLIENT,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,

        TLSProxy::Message::CLIENT,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES,

        TLSProxy::Message::CLIENT,

        checkhandshake::PSK_KEX_MODES_EXTENSION],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK,

        TLSProxy::Message::CLIENT,

        checkhandshake::PSK_CLI_EXTENSION],



    [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,

        TLSProxy::Message::SERVER,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE,

        TLSProxy::Message::SERVER,

        checkhandshake::KEY_SHARE_SRV_EXTENSION],

    [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_PSK,

        TLSProxy::Message::SERVER,

        checkhandshake::PSK_SRV_EXTENSION],



    [TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_STATUS_REQUEST,

        TLSProxy::Message::SERVER,

        checkhandshake::STATUS_REQUEST_SRV_EXTENSION],

    [0,0,0]

    [0,0,0,0]

);



use constant {

test/recipes/70-test_tls13messages.t

+72 −17
Original line number Diff line number Diff line
@@ -62,92 +62,136 @@ $ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); 


@extensions = (

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME,

        TLSProxy::Message::CLIENT,

        checkhandshake::SERVER_NAME_CLI_EXTENSION],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,

        TLSProxy::Message::CLIENT,

        checkhandshake::STATUS_REQUEST_CLI_EXTENSION],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS,

        TLSProxy::Message::CLIENT,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS,

        TLSProxy::Message::CLIENT,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS,

        TLSProxy::Message::CLIENT,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN,

        TLSProxy::Message::CLIENT,

        checkhandshake::ALPN_CLI_EXTENSION],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT,

        TLSProxy::Message::CLIENT,

        checkhandshake::SCT_CLI_EXTENSION],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC,

        TLSProxy::Message::CLIENT,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET,

        TLSProxy::Message::CLIENT,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET,

        TLSProxy::Message::CLIENT,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE,

        TLSProxy::Message::CLIENT,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,

        TLSProxy::Message::CLIENT,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES,

        TLSProxy::Message::CLIENT,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK,

        TLSProxy::Message::CLIENT,

        checkhandshake::PSK_CLI_EXTENSION],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_POST_HANDSHAKE_AUTH,

        TLSProxy::Message::CLIENT,

        checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION],



    [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,

        TLSProxy::Message::SERVER,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE,

        TLSProxy::Message::SERVER,

        checkhandshake::KEY_SHARE_HRR_EXTENSION],



    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME,

        TLSProxy::Message::CLIENT,

        checkhandshake::SERVER_NAME_CLI_EXTENSION],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,

        TLSProxy::Message::CLIENT,

        checkhandshake::STATUS_REQUEST_CLI_EXTENSION],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS,

        TLSProxy::Message::CLIENT,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS,

        TLSProxy::Message::CLIENT,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS,

        TLSProxy::Message::CLIENT,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN,

        TLSProxy::Message::CLIENT,

        checkhandshake::ALPN_CLI_EXTENSION],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT,

        TLSProxy::Message::CLIENT,

        checkhandshake::SCT_CLI_EXTENSION],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC,

        TLSProxy::Message::CLIENT,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET,

        TLSProxy::Message::CLIENT,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET,

        TLSProxy::Message::CLIENT,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE,

        TLSProxy::Message::CLIENT,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,

        TLSProxy::Message::CLIENT,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES,

        TLSProxy::Message::CLIENT,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK,

        TLSProxy::Message::CLIENT,

        checkhandshake::PSK_CLI_EXTENSION],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_POST_HANDSHAKE_AUTH,

        TLSProxy::Message::CLIENT,

        checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION],



    [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,

        TLSProxy::Message::SERVER,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE,

        TLSProxy::Message::SERVER,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_PSK,

        TLSProxy::Message::SERVER,

        checkhandshake::PSK_SRV_EXTENSION],



    [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_SERVER_NAME,

        TLSProxy::Message::SERVER,

        checkhandshake::SERVER_NAME_SRV_EXTENSION],

    [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_ALPN,

        TLSProxy::Message::SERVER,

        checkhandshake::ALPN_SRV_EXTENSION],

    [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_SUPPORTED_GROUPS,

        TLSProxy::Message::SERVER,

        checkhandshake::SUPPORTED_GROUPS_SRV_EXTENSION],



    [TLSProxy::Message::MT_CERTIFICATE_REQUEST, TLSProxy::Message::EXT_SIG_ALGS,

        TLSProxy::Message::SERVER,

        checkhandshake::DEFAULT_EXTENSIONS],



    [TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_STATUS_REQUEST,

        TLSProxy::Message::SERVER,

        checkhandshake::STATUS_REQUEST_SRV_EXTENSION],

    [TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_SCT,

        TLSProxy::Message::SERVER,

        checkhandshake::SCT_SRV_EXTENSION],



    [0,0,0]

    [0,0,0,0]

);



my $proxy = TLSProxy::Proxy->new(
@@ -163,7 +207,7 @@ $proxy->serverconnects(2); 
$proxy->clientflags("-sess_out ".$session);

$proxy->sessionfile($session);

$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";

plan tests => 16;

plan tests => 17;

checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,

               checkhandshake::DEFAULT_EXTENSIONS,

               "Default handshake test");
@@ -179,7 +223,7 @@ checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, 
               "Resumption handshake test");



SKIP: {

    skip "No OCSP support in this OpenSSL build", 3

    skip "No OCSP support in this OpenSSL build", 4

        if disabled("ct") || disabled("ec") || disabled("ocsp");

    #Test 3: A status_request handshake (client request only)

    $proxy->clear();
@@ -210,9 +254,23 @@ SKIP: { 
                   | checkhandshake::STATUS_REQUEST_CLI_EXTENSION

                   | checkhandshake::STATUS_REQUEST_SRV_EXTENSION,

                   "status_request handshake test");



    #Test 6: A status_request handshake (client and server) with client auth

    $proxy->clear();

    $proxy->clientflags("-status -enable_pha -cert "

                        .srctop_file("apps", "server.pem"));

    $proxy->serverflags("-Verify 5 -status_file "

                        .srctop_file("test", "recipes", "ocsp-response.der"));

    $proxy->start();

    checkhandshake($proxy, checkhandshake::CLIENT_AUTH_HANDSHAKE,

                   checkhandshake::DEFAULT_EXTENSIONS

                   | checkhandshake::STATUS_REQUEST_CLI_EXTENSION

                   | checkhandshake::STATUS_REQUEST_SRV_EXTENSION

                   | checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION,

                   "status_request handshake with client auth test");

}



#Test 6: A client auth handshake

#Test 7: A client auth handshake

$proxy->clear();

$proxy->clientflags("-enable_pha -cert ".srctop_file("apps", "server.pem"));

$proxy->serverflags("-Verify 5");
@@ -222,7 +280,7 @@ checkhandshake($proxy, checkhandshake::CLIENT_AUTH_HANDSHAKE, 
               checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION,

               "Client auth handshake test");



#Test 7: Server name handshake (no client request)

#Test 8: Server name handshake (no client request)

$proxy->clear();

$proxy->clientflags("-noservername");

$proxy->start();
@@ -231,7 +289,7 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 
               & ~checkhandshake::SERVER_NAME_CLI_EXTENSION,

               "Server name handshake test (client)");



#Test 8: Server name handshake (server support only)

#Test 9: Server name handshake (server support only)

$proxy->clear();

$proxy->clientflags("-noservername");

$proxy->serverflags("-servername testhost");
@@ -241,7 +299,7 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 
               & ~checkhandshake::SERVER_NAME_CLI_EXTENSION,

               "Server name handshake test (server)");



#Test 9: Server name handshake (client and server)

#Test 10: Server name handshake (client and server)

$proxy->clear();

$proxy->clientflags("-servername testhost");

$proxy->serverflags("-servername testhost");
@@ -251,7 +309,7 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 
               | checkhandshake::SERVER_NAME_SRV_EXTENSION,

               "Server name handshake test");



#Test 10: ALPN handshake (client request only)

#Test 11: ALPN handshake (client request only)

$proxy->clear();

$proxy->clientflags("-alpn test");

$proxy->start();
@@ -260,7 +318,7 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 
               | checkhandshake::ALPN_CLI_EXTENSION,

               "ALPN handshake test (client)");



#Test 11: ALPN handshake (server support only)

#Test 12: ALPN handshake (server support only)

$proxy->clear();

$proxy->serverflags("-alpn test");

$proxy->start();
@@ -268,7 +326,7 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 
               checkhandshake::DEFAULT_EXTENSIONS,

               "ALPN handshake test (server)");



#Test 12: ALPN handshake (client and server)

#Test 13: ALPN handshake (client and server)

$proxy->clear();

$proxy->clientflags("-alpn test");

$proxy->serverflags("-alpn test");
@@ -283,7 +341,7 @@ SKIP: { 
    skip "No CT, EC or OCSP support in this OpenSSL build", 1

        if disabled("ct") || disabled("ec") || disabled("ocsp");



    #Test 13: SCT handshake (client request only)

    #Test 14: SCT handshake (client request only)

    $proxy->clear();

    #Note: -ct also sends status_request

    $proxy->clientflags("-ct");
@@ -300,10 +358,7 @@ SKIP: { 
                   "SCT handshake test");

}









#Test 14: HRR Handshake

#Test 15: HRR Handshake

$proxy->clear();

$proxy->serverflags("-curves P-256");

$proxy->start();
@@ -312,7 +367,7 @@ checkhandshake($proxy, checkhandshake::HRR_HANDSHAKE, 
               | checkhandshake::KEY_SHARE_HRR_EXTENSION,

               "HRR handshake test");



#Test 15: Resumption handshake with HRR

#Test 16: Resumption handshake with HRR

$proxy->clear();

$proxy->clientflags("-sess_in ".$session);

$proxy->serverflags("-curves P-256");
@@ -324,7 +379,7 @@ checkhandshake($proxy, checkhandshake::HRR_RESUME_HANDSHAKE, 
                | checkhandshake::PSK_SRV_EXTENSION),

               "Resumption handshake with HRR test");



#Test 16: Acceptable but non preferred key_share

#Test 17: Acceptable but non preferred key_share

$proxy->clear();

$proxy->clientflags("-curves P-256");

$proxy->start();

util/perl/TLSProxy/CertificateRequest.pm

0 → 100644
+105 −0
Original line number Diff line number Diff line 
# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

#

# Licensed under the Apache License 2.0 (the "License").  You may not use

# this file except in compliance with the License.  You can obtain a copy

# in the file LICENSE in the source distribution or at

# https://www.openssl.org/source/license.html



use strict;



package TLSProxy::CertificateRequest;



use vars '@ISA';

push @ISA, 'TLSProxy::Message';



sub new

{

    my $class = shift;

    my ($server,

        $data,

        $records,

        $startoffset,

        $message_frag_lens) = @_;



    my $self = $class->SUPER::new(

        $server,

        TLSProxy::Message::MT_CERTIFICATE_REQUEST,

        $data,

        $records,

        $startoffset,

        $message_frag_lens);



    $self->{extension_data} = "";



    return $self;

}



sub parse

{

    my $self = shift;

    my $ptr = 1;



    if (TLSProxy::Proxy->is_tls13()) {

        my $request_ctx_len = unpack('C', $self->data);

        my $request_ctx = substr($self->data, $ptr, $request_ctx_len);

        $ptr += $request_ctx_len;



        my $extensions_len = unpack('n', substr($self->data, $ptr));

        $ptr += 2;

        my $extension_data = substr($self->data, $ptr);

        if (length($extension_data) != $extensions_len) {

            die "Invalid extension length\n";

        }

        my %extensions = ();

        while (length($extension_data) >= 4) {

            my ($type, $size) = unpack("nn", $extension_data);

            my $extdata = substr($extension_data, 4, $size);

            $extension_data = substr($extension_data, 4 + $size);

            $extensions{$type} = $extdata;

        }

        $self->extension_data(\%extensions);



        print "    Extensions Len:".$extensions_len."\n";

    }

    # else parse TLSv1.2 version - we don't support that at the moment

}



#Reconstruct the on-the-wire message data following changes

sub set_message_contents

{

    my $self = shift;

    my $data;

    my $extensions = "";



    foreach my $key (keys %{$self->extension_data}) {

        my $extdata = ${$self->extension_data}{$key};

        $extensions .= pack("n", $key);

        $extensions .= pack("n", length($extdata));

        $extensions .= $extdata;

    }



    $data = pack('n', length($extensions));

    $data .= $extensions;

    $self->data($data);

}



#Read/write accessors

sub extension_data

{

    my $self = shift;

    if (@_) {

        $self->{extension_data} = shift;

    }

    return $self->{extension_data};

}

sub set_extension

{

    my ($self, $ext_type, $ext_data) = @_;

    $self->{extension_data}{$ext_type} = $ext_data;

}

sub delete_extension

{

    my ($self, $ext_type) = @_;

    delete $self->{extension_data}{$ext_type};

}

1;

util/perl/TLSProxy/Message.pm

+14 −0
Original line number Diff line number Diff line
@@ -129,6 +129,11 @@ use constant { 
    CIPHER_TLS13_AES_256_GCM_SHA384 => 0x1302

};



use constant {

    CLIENT => 0,

    SERVER => 1

};



my $payload = "";

my $messlen = -1;

my $mt;
@@ -338,6 +343,15 @@ sub create_message 
            [@message_frag_lens]

        );

        $message->parse();

    } elsif ($mt == MT_CERTIFICATE_REQUEST) {

        $message = TLSProxy::CertificateRequest->new(

            $server,

            $data,

            [@message_rec_list],

            $startoffset,

            [@message_frag_lens]

        );

        $message->parse();

    } elsif ($mt == MT_CERTIFICATE_VERIFY) {

        $message = TLSProxy::CertificateVerify->new(

            $server,