Add DTLS renegotiation tests (f9b1b664) · Commits · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

test/recipes/80-test_ssl_new.t

+2 −1

Original line number	Diff line number	Diff line
		@@ -29,7 +29,7 @@ map { s/\.in// } @conf_files;

		# We hard-code the number of tests to double-check that the globbing above
		# finds all files as expected.
		plan tests => 17; # = scalar @conf_srcs
		plan tests => 18; # = scalar @conf_srcs

		# Some test results depend on the configuration of enabled protocols. We only
		# verify generated sources in the default configuration.
		@@ -73,6 +73,7 @@ my %skip = (
		"14-curves.conf" => disabled("tls1_2") \|\| $no_ec \|\| $no_ec2m,
		"15-certstatus.conf" => $no_ocsp,
		"16-dtls-certstatus.conf" => $no_dtls \|\| $no_ocsp,
		"18-dtls-renegotiate.conf" => $no_dtls,
		);

		foreach my $conf (@conf_files) {

test/ssl-tests/18-dtls-renegotiate.conf

0 → 100644

+86 −0

Original line number	Diff line number	Diff line
		# Generated with generate_ssl_tests.pl

		num_tests = 3

		test-0 = 0-renegotiate-client-no-resume
		test-1 = 1-renegotiate-client-resume
		test-2 = 2-renegotiate-server-resume
		# ===========================================================

		[0-renegotiate-client-no-resume]
		ssl_conf = 0-renegotiate-client-no-resume-ssl

		[0-renegotiate-client-no-resume-ssl]
		server = 0-renegotiate-client-no-resume-server
		client = 0-renegotiate-client-no-resume-client

		[0-renegotiate-client-no-resume-server]
		Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
		CipherString = DEFAULT
		Options = NoResumptionOnRenegotiation
		PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

		[0-renegotiate-client-no-resume-client]
		CipherString = DEFAULT
		VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
		VerifyMode = Peer

		[test-0]
		ExpectedResult = Success
		HandshakeMode = RenegotiateClient
		Method = DTLS
		ResumptionExpected = No


		# ===========================================================

		[1-renegotiate-client-resume]
		ssl_conf = 1-renegotiate-client-resume-ssl

		[1-renegotiate-client-resume-ssl]
		server = 1-renegotiate-client-resume-server
		client = 1-renegotiate-client-resume-client

		[1-renegotiate-client-resume-server]
		Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
		CipherString = DEFAULT
		PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

		[1-renegotiate-client-resume-client]
		CipherString = DEFAULT
		VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
		VerifyMode = Peer

		[test-1]
		ExpectedResult = Success
		HandshakeMode = RenegotiateClient
		Method = DTLS
		ResumptionExpected = Yes


		# ===========================================================

		[2-renegotiate-server-resume]
		ssl_conf = 2-renegotiate-server-resume-ssl

		[2-renegotiate-server-resume-ssl]
		server = 2-renegotiate-server-resume-server
		client = 2-renegotiate-server-resume-client

		[2-renegotiate-server-resume-server]
		Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
		CipherString = DEFAULT
		PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

		[2-renegotiate-server-resume-client]
		CipherString = DEFAULT
		VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
		VerifyMode = Peer

		[test-2]
		ExpectedResult = Success
		HandshakeMode = RenegotiateServer
		Method = DTLS
		ResumptionExpected = No

test/ssl-tests/18-dtls-renegotiate.conf.in

0 → 100644

+63 −0

Original line number	Diff line number	Diff line
		# -- mode: perl; --
		# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
		#
		# Licensed under the OpenSSL license (the "License"). You may not use
		# this file except in compliance with the License. You can obtain a copy
		# in the file LICENSE in the source distribution or at
		# https://www.openssl.org/source/license.html


		## Test Renegotiation

		use strict;
		use warnings;

		package ssltests;


		our @tests = (
		{
		name => "renegotiate-client-no-resume",
		server => {
		"Options" => "NoResumptionOnRenegotiation"
		},
		client => {},
		test => {
		"Method" => "DTLS",
		"HandshakeMode" => "RenegotiateClient",
		"ResumptionExpected" => "No",
		"ExpectedResult" => "Success"
		}
		},
		{
		name => "renegotiate-client-resume",
		server => {},
		client => {},
		test => {
		"Method" => "DTLS",
		"HandshakeMode" => "RenegotiateClient",
		"ResumptionExpected" => "Yes",
		"ExpectedResult" => "Success"
		}
		},
		# Note: Unlike the TLS tests, we will never do resumption with server
		# initiated reneg. This is because an OpenSSL DTLS client will always do a full
		# handshake (i.e. it doesn't supply a session id) when it receives a
		# HelloRequest. This is different to the OpenSSL TLS implementation where an
		# OpenSSL client will always try an abbreviated handshake (i.e. it will supply
		# the session id). This goes all the way to commit 48ae85b6f when abbreviated
		# handshake support was first added. Neither behaviour is wrong, but the
		# discrepancy is strange. TODO: Should we harmonise the TLS and DTLS behaviour,
		# and if so, what to?
		{
		name => "renegotiate-server-resume",
		server => {},
		client => {},
		test => {
		"Method" => "DTLS",
		"HandshakeMode" => "RenegotiateServer",
		"ResumptionExpected" => "No",
		"ExpectedResult" => "Success"
		}
		},
		);