Commit 11279b13 authored by Emilia Kasper's avatar Emilia Kasper
Browse files

Test client-side resumption 



Add tests for resuming with a different client version.

This happens in reality when clients persist sessions on disk through
upgrades.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent 2980ae2e

test/README.ssltest.md

+6 −1
Original line number Diff line number Diff line
@@ -124,8 +124,13 @@ The following sections may optionally be defined: 
  matches server.

* resume_server - this section configures the client to resume its session

  against a different server. This context is used whenever HandshakeMode is

  Resume. If the resume-server section is not present, then the configuration

  Resume. If the resume_server section is not present, then the configuration

  matches server.

* resume_client - this section configures the client to resume its session with

  a different configuration. In practice this may occur when, for example,

  upgraded clients reuse sessions persisted on disk.  This context is used

  whenever HandshakeMode is Resume. If the resume_client section is not present,

  then the configuration matches client.



### Default server and client configurations

test/generate_ssl_tests.pl

+10 −0
Original line number Diff line number Diff line
@@ -63,6 +63,16 @@ sub print_templates { 
            $test->{"resume_server"} = { };

        }

        $test->{"client"} = { (%ssltests::base_client, %{$test->{"client"}}) };

        if (defined $test->{"resume_client"}) {

            $test->{"resume_client"} = { (%ssltests::base_client, %{$test->{"resume_client"}}) };

        } elsif (defined $test->{"test"}->{"HandshakeMode"} &&

                 $test->{"test"}->{"HandshakeMode"} eq "Resume") {

            # Default is the same as client.

            $test->{"resume_client"} = { (%ssltests::base_client, %{$test->{"client"}}) };

        } else {

            # Do not emit an empty "resume-client" section.

            $test->{"resume_client"} = { };

        }

    }



    # ssl_test expects to find a

test/handshake_helper.c

+3 −2
Original line number Diff line number Diff line
@@ -673,6 +673,7 @@ static HANDSHAKE_RESULT *do_handshake_internal( 


HANDSHAKE_RESULT *do_handshake(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,

                               SSL_CTX *client_ctx, SSL_CTX *resume_server_ctx,

                               SSL_CTX *resume_client_ctx,

                               const SSL_TEST_CTX *test_ctx)

{

    HANDSHAKE_RESULT *result;
@@ -692,8 +693,8 @@ HANDSHAKE_RESULT *do_handshake(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, 


    HANDSHAKE_RESULT_free(result);

    /* We don't support SNI on second handshake yet, so server2_ctx is NULL. */

    result = do_handshake_internal(resume_server_ctx, NULL, client_ctx, test_ctx,

                                   session, NULL);

    result = do_handshake_internal(resume_server_ctx, NULL, resume_client_ctx,

                                   test_ctx, session, NULL);

 end:

    SSL_SESSION_free(session);

    return result;

test/handshake_helper.h

+1 −0
Original line number Diff line number Diff line
@@ -47,6 +47,7 @@ void HANDSHAKE_RESULT_free(HANDSHAKE_RESULT *result); 
/* Do a handshake and report some information about the result. */

HANDSHAKE_RESULT *do_handshake(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,

                               SSL_CTX *client_ctx, SSL_CTX *resume_server_ctx,

                               SSL_CTX *resume_client_ctx,

                               const SSL_TEST_CTX *test_ctx);



#endif  /* HEADER_HANDSHAKE_HELPER_H */

test/ssl-tests/10-resumption.conf

+883 −1

File changed.

Preview size limit exceeded, changes collapsed.