Test that the peers send at most one fatal alert (dd8e5a57) · Commits · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

test/README.ssltest.md

+5 −1

Original line number	Diff line number	Diff line
		@@ -82,7 +82,11 @@ handshake.
		- InternalError - some other error

		* ExpectedClientAlert, ExpectedServerAlert - expected alert. See
		`ssl_test_ctx.c` for known values.
		`ssl_test_ctx.c` for known values. Note: the expected alert is currently
		matched against the _last_ received alert (i.e., a fatal alert or a
		`close_notify`). Warning alert expectations are not yet supported. (A warning
		alert will not be correctly matched, if followed by a `close_notify` or
		another alert.)

		* ExpectedProtocol - expected negotiated protocol. One of
		SSLv3, TLSv1, TLSv1.1, TLSv1.2.

+6 −0

Original line number	Diff line number	Diff line
		@@ -41,6 +41,7 @@ void HANDSHAKE_RESULT_free(HANDSHAKE_RESULT *result)
		*/
		typedef struct handshake_ex_data_st {
		int alert_sent;
		int num_fatal_alerts_sent;
		int alert_received;
		int session_ticket_do_not_call;
		ssl_servername_t servername;
		@@ -71,6 +72,9 @@ static void info_cb(const SSL *s, int where, int ret)
		(HANDSHAKE_EX_DATA*)(SSL_get_ex_data(s, ex_data_idx));
		if (where & SSL_CB_WRITE) {
		ex_data->alert_sent = ret;
		if (strcmp(SSL_alert_type_string(ret), "F") == 0
		\|\| strcmp(SSL_alert_desc_string(ret), "CN") == 0)
		ex_data->num_fatal_alerts_sent++;
		} else {
		ex_data->alert_received = ret;
		}
		@@ -840,8 +844,10 @@ static HANDSHAKE_RESULT *do_handshake_internal(
		}
		err:
		ret->server_alert_sent = server_ex_data.alert_sent;
		ret->server_num_fatal_alerts_sent = server_ex_data.num_fatal_alerts_sent;
		ret->server_alert_received = client_ex_data.alert_received;
		ret->client_alert_sent = client_ex_data.alert_sent;
		ret->client_num_fatal_alerts_sent = client_ex_data.num_fatal_alerts_sent;
		ret->client_alert_received = server_ex_data.alert_received;
		ret->server_protocol = SSL_version(server.ssl);
		ret->client_protocol = SSL_version(client.ssl);

+8 −4

Original line number	Diff line number	Diff line
		@@ -15,13 +15,17 @@
		typedef struct handshake_result {
		ssl_test_result_t result;
		/* These alerts are in the 2-byte format returned by the info_callback. */
		/* Alert sent by the client; 0 if no alert. */
		/* (Latest) alert sent by the client; 0 if no alert. */
		int client_alert_sent;
		/* Alert received by the server; 0 if no alert. */
		/* Number of fatal or close_notify alerts sent. */
		int client_num_fatal_alerts_sent;
		/* (Latest) alert received by the server; 0 if no alert. */
		int client_alert_received;
		/* Alert sent by the server; 0 if no alert. */
		/* (Latest) alert sent by the server; 0 if no alert. */
		int server_alert_sent;
		/* Alert received by the client; 0 if no alert. */
		/* Number of fatal or close_notify alerts sent. */
		int server_num_fatal_alerts_sent;
		/* (Latest) alert received by the client; 0 if no alert. */
		int server_alert_received;
		/* Negotiated protocol. On success, these should always match. */
		int server_protocol;

+10 −0

Original line number	Diff line number	Diff line
		@@ -100,6 +100,16 @@ static int check_alerts(HANDSHAKE_RESULT result, SSL_TEST_CTX test_ctx)
		return 0;
		}

		if (result->client_num_fatal_alerts_sent > 1) {
		fprintf(stderr, "Client sent %d fatal alerts.\n",
		result->client_num_fatal_alerts_sent);
		return 0;
		}
		if (result->server_num_fatal_alerts_sent > 1) {
		fprintf(stderr, "Server sent %d alerts.\n",
		result->server_num_fatal_alerts_sent);
		return 0;
		}
		return 1;
		}