Commit 2ac6bdc0 authored by Emilia Kasper's avatar Emilia Kasper
Browse files

NPN and ALPN: test resumption 



In NPN and ALPN, the protocol is renegotiated upon resumption. Test that
resumption picks up changes to the extension.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent 7b7cea6d

test/recipes/80-test_ssl_old.t

+1 −17
Original line number Diff line number Diff line
@@ -79,7 +79,7 @@ my $client_sess="client.ss"; 
# new format in ssl_test.c and add recipes to 80-test_ssl_new.t instead.

plan tests =>

    1				# For testss

    +9  			# For the first testssl

    +8  			# For the first testssl

    ;



subtest 'test_ss' => sub {
@@ -526,22 +526,6 @@ sub testssl { 


    };



    subtest 'Next Protocol Negotiation Tests' => sub {

	######################################################################



	plan tests => 2;



      SKIP: {

	  skip "TLSv1.0 is not supported by this OpenSSL build", 2

	      if $no_tls1;

	  skip "Next Protocol Negotiation is not supported by this OpenSSL build", 2

	      if disabled("nextprotoneg");



	  ok(run(test([@ssltest, "-bio_pair", "-tls1", "-npn_client", "-npn_server", "-num", "2"])));

	  ok(run(test([@ssltest, "-bio_pair", "-tls1", "-npn_client", "-npn_server", "-num", "2", "-reuse"])));

	}

    };



    subtest 'Custom Extension tests' => sub {

	######################################################################

test/ssl-tests/08-npn.conf

+355 −1
Original line number Diff line number Diff line 
# Generated with generate_ssl_tests.pl



num_tests = 12

num_tests = 20



test-0 = 0-npn-simple

test-1 = 1-npn-client-finds-match
@@ -14,6 +14,14 @@ test-8 = 8-npn-selected-sni-server-supports-npn 
test-9 = 9-npn-selected-sni-server-does-not-support-npn

test-10 = 10-alpn-preferred-over-npn

test-11 = 11-sni-npn-preferred-over-alpn

test-12 = 12-npn-simple-resumption

test-13 = 13-npn-server-switch-resumption

test-14 = 14-npn-client-switch-resumption

test-15 = 15-npn-client-first-pref-on-mismatch-resumption

test-16 = 16-npn-no-server-support-resumption

test-17 = 17-npn-no-client-support-resumption

test-18 = 18-alpn-preferred-over-npn-resumption

test-19 = 19-npn-used-if-alpn-not-supported-resumption

# ===========================================================



[0-npn-simple]
@@ -438,3 +446,349 @@ NPNProtocols = bar 
ServerName = server2





# ===========================================================



[12-npn-simple-resumption]

ssl_conf = 12-npn-simple-resumption-ssl



[12-npn-simple-resumption-ssl]

server = 12-npn-simple-resumption-server

client = 12-npn-simple-resumption-client

resume-server = 12-npn-simple-resumption-server

resume-client = 12-npn-simple-resumption-client



[12-npn-simple-resumption-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem



[12-npn-simple-resumption-client]

CipherString = DEFAULT

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer



[test-12]

ExpectedNPNProtocol = foo

HandshakeMode = Resume

ResumptionExpected = Yes

server = 12-npn-simple-resumption-server-extra

resume-server = 12-npn-simple-resumption-server-extra

client = 12-npn-simple-resumption-client-extra

resume-client = 12-npn-simple-resumption-client-extra



[12-npn-simple-resumption-server-extra]

NPNProtocols = foo



[12-npn-simple-resumption-client-extra]

NPNProtocols = foo





# ===========================================================



[13-npn-server-switch-resumption]

ssl_conf = 13-npn-server-switch-resumption-ssl



[13-npn-server-switch-resumption-ssl]

server = 13-npn-server-switch-resumption-server

client = 13-npn-server-switch-resumption-client

resume-server = 13-npn-server-switch-resumption-resume-server

resume-client = 13-npn-server-switch-resumption-client



[13-npn-server-switch-resumption-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem



[13-npn-server-switch-resumption-resume-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem



[13-npn-server-switch-resumption-client]

CipherString = DEFAULT

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer



[test-13]

ExpectedNPNProtocol = baz

HandshakeMode = Resume

ResumptionExpected = Yes

server = 13-npn-server-switch-resumption-server-extra

resume-server = 13-npn-server-switch-resumption-resume-server-extra

client = 13-npn-server-switch-resumption-client-extra

resume-client = 13-npn-server-switch-resumption-client-extra



[13-npn-server-switch-resumption-server-extra]

NPNProtocols = bar,foo



[13-npn-server-switch-resumption-resume-server-extra]

NPNProtocols = baz,foo



[13-npn-server-switch-resumption-client-extra]

NPNProtocols = foo,bar,baz





# ===========================================================



[14-npn-client-switch-resumption]

ssl_conf = 14-npn-client-switch-resumption-ssl



[14-npn-client-switch-resumption-ssl]

server = 14-npn-client-switch-resumption-server

client = 14-npn-client-switch-resumption-client

resume-server = 14-npn-client-switch-resumption-server

resume-client = 14-npn-client-switch-resumption-resume-client



[14-npn-client-switch-resumption-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem



[14-npn-client-switch-resumption-client]

CipherString = DEFAULT

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer



[14-npn-client-switch-resumption-resume-client]

CipherString = DEFAULT

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer



[test-14]

ExpectedNPNProtocol = bar

HandshakeMode = Resume

ResumptionExpected = Yes

server = 14-npn-client-switch-resumption-server-extra

resume-server = 14-npn-client-switch-resumption-server-extra

client = 14-npn-client-switch-resumption-client-extra

resume-client = 14-npn-client-switch-resumption-resume-client-extra



[14-npn-client-switch-resumption-server-extra]

NPNProtocols = foo,bar,baz



[14-npn-client-switch-resumption-client-extra]

NPNProtocols = foo,baz



[14-npn-client-switch-resumption-resume-client-extra]

NPNProtocols = bar,baz





# ===========================================================



[15-npn-client-first-pref-on-mismatch-resumption]

ssl_conf = 15-npn-client-first-pref-on-mismatch-resumption-ssl



[15-npn-client-first-pref-on-mismatch-resumption-ssl]

server = 15-npn-client-first-pref-on-mismatch-resumption-server

client = 15-npn-client-first-pref-on-mismatch-resumption-client

resume-server = 15-npn-client-first-pref-on-mismatch-resumption-resume-server

resume-client = 15-npn-client-first-pref-on-mismatch-resumption-client



[15-npn-client-first-pref-on-mismatch-resumption-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem



[15-npn-client-first-pref-on-mismatch-resumption-resume-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem



[15-npn-client-first-pref-on-mismatch-resumption-client]

CipherString = DEFAULT

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer



[test-15]

ExpectedNPNProtocol = foo

HandshakeMode = Resume

ResumptionExpected = Yes

server = 15-npn-client-first-pref-on-mismatch-resumption-server-extra

resume-server = 15-npn-client-first-pref-on-mismatch-resumption-resume-server-extra

client = 15-npn-client-first-pref-on-mismatch-resumption-client-extra

resume-client = 15-npn-client-first-pref-on-mismatch-resumption-client-extra



[15-npn-client-first-pref-on-mismatch-resumption-server-extra]

NPNProtocols = bar



[15-npn-client-first-pref-on-mismatch-resumption-resume-server-extra]

NPNProtocols = baz



[15-npn-client-first-pref-on-mismatch-resumption-client-extra]

NPNProtocols = foo,bar





# ===========================================================



[16-npn-no-server-support-resumption]

ssl_conf = 16-npn-no-server-support-resumption-ssl



[16-npn-no-server-support-resumption-ssl]

server = 16-npn-no-server-support-resumption-server

client = 16-npn-no-server-support-resumption-client

resume-server = 16-npn-no-server-support-resumption-resume-server

resume-client = 16-npn-no-server-support-resumption-client



[16-npn-no-server-support-resumption-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem



[16-npn-no-server-support-resumption-resume-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem



[16-npn-no-server-support-resumption-client]

CipherString = DEFAULT

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer



[test-16]

HandshakeMode = Resume

ResumptionExpected = Yes

server = 16-npn-no-server-support-resumption-server-extra

client = 16-npn-no-server-support-resumption-client-extra

resume-client = 16-npn-no-server-support-resumption-client-extra



[16-npn-no-server-support-resumption-server-extra]

NPNProtocols = foo



[16-npn-no-server-support-resumption-client-extra]

NPNProtocols = foo





# ===========================================================



[17-npn-no-client-support-resumption]

ssl_conf = 17-npn-no-client-support-resumption-ssl



[17-npn-no-client-support-resumption-ssl]

server = 17-npn-no-client-support-resumption-server

client = 17-npn-no-client-support-resumption-client

resume-server = 17-npn-no-client-support-resumption-server

resume-client = 17-npn-no-client-support-resumption-resume-client



[17-npn-no-client-support-resumption-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem



[17-npn-no-client-support-resumption-client]

CipherString = DEFAULT

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer



[17-npn-no-client-support-resumption-resume-client]

CipherString = DEFAULT

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer



[test-17]

HandshakeMode = Resume

ResumptionExpected = Yes

server = 17-npn-no-client-support-resumption-server-extra

resume-server = 17-npn-no-client-support-resumption-server-extra

client = 17-npn-no-client-support-resumption-client-extra



[17-npn-no-client-support-resumption-server-extra]

NPNProtocols = foo



[17-npn-no-client-support-resumption-client-extra]

NPNProtocols = foo





# ===========================================================



[18-alpn-preferred-over-npn-resumption]

ssl_conf = 18-alpn-preferred-over-npn-resumption-ssl



[18-alpn-preferred-over-npn-resumption-ssl]

server = 18-alpn-preferred-over-npn-resumption-server

client = 18-alpn-preferred-over-npn-resumption-client

resume-server = 18-alpn-preferred-over-npn-resumption-resume-server

resume-client = 18-alpn-preferred-over-npn-resumption-client



[18-alpn-preferred-over-npn-resumption-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem



[18-alpn-preferred-over-npn-resumption-resume-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem



[18-alpn-preferred-over-npn-resumption-client]

CipherString = DEFAULT

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer



[test-18]

ExpectedALPNProtocol = foo

HandshakeMode = Resume

ResumptionExpected = Yes

server = 18-alpn-preferred-over-npn-resumption-server-extra

resume-server = 18-alpn-preferred-over-npn-resumption-resume-server-extra

client = 18-alpn-preferred-over-npn-resumption-client-extra

resume-client = 18-alpn-preferred-over-npn-resumption-client-extra



[18-alpn-preferred-over-npn-resumption-server-extra]

NPNProtocols = bar



[18-alpn-preferred-over-npn-resumption-resume-server-extra]

ALPNProtocols = foo

NPNProtocols = baz



[18-alpn-preferred-over-npn-resumption-client-extra]

ALPNProtocols = foo

NPNProtocols = bar,baz





# ===========================================================



[19-npn-used-if-alpn-not-supported-resumption]

ssl_conf = 19-npn-used-if-alpn-not-supported-resumption-ssl



[19-npn-used-if-alpn-not-supported-resumption-ssl]

server = 19-npn-used-if-alpn-not-supported-resumption-server

client = 19-npn-used-if-alpn-not-supported-resumption-client

resume-server = 19-npn-used-if-alpn-not-supported-resumption-resume-server

resume-client = 19-npn-used-if-alpn-not-supported-resumption-client



[19-npn-used-if-alpn-not-supported-resumption-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem



[19-npn-used-if-alpn-not-supported-resumption-resume-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem



[19-npn-used-if-alpn-not-supported-resumption-client]

CipherString = DEFAULT

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer



[test-19]

ExpectedNPNProtocol = baz

HandshakeMode = Resume

ResumptionExpected = Yes

server = 19-npn-used-if-alpn-not-supported-resumption-server-extra

resume-server = 19-npn-used-if-alpn-not-supported-resumption-resume-server-extra

client = 19-npn-used-if-alpn-not-supported-resumption-client-extra

resume-client = 19-npn-used-if-alpn-not-supported-resumption-client-extra



[19-npn-used-if-alpn-not-supported-resumption-server-extra]

ALPNProtocols = foo

NPNProtocols = bar



[19-npn-used-if-alpn-not-supported-resumption-resume-server-extra]

NPNProtocols = baz



[19-npn-used-if-alpn-not-supported-resumption-client-extra]

ALPNProtocols = foo

NPNProtocols = bar,baz

test/ssl-tests/08-npn.conf.in

+194 −17
Original line number Diff line number Diff line
@@ -240,4 +240,181 @@ our @tests = ( 
            "ExpectedServerName" => "server2",  

        },

    },

    {

        name => "npn-simple-resumption",

        server => {

            extra => {

                "NPNProtocols" => "foo",

            },

        },

        client => {

            extra => {

                "NPNProtocols" => "foo",

            },

        },

        test => {

            "HandshakeMode" => "Resume",

            "ResumptionExpected" => "Yes",

            "ExpectedNPNProtocol" => "foo",

        },

    },

    {

        name => "npn-server-switch-resumption",

        server => {

            extra => {

                "NPNProtocols" => "bar,foo",

            },

        },

        resume_server => {

            extra => {

                "NPNProtocols" => "baz,foo",

            },

        },

        client => {

            extra => {

                "NPNProtocols" => "foo,bar,baz",

            },

        },

        test => {

            "HandshakeMode" => "Resume",

            "ResumptionExpected" => "Yes",

            "ExpectedNPNProtocol" => "baz",

        },

    },

    {

        name => "npn-client-switch-resumption",

        server => {

            extra => {

                "NPNProtocols" => "foo,bar,baz",

            },

        },

        client => {

            extra => {

                "NPNProtocols" => "foo,baz",

            },

        },

        resume_client => {

            extra => {

                "NPNProtocols" => "bar,baz",

            },

        },

        test => {

            "HandshakeMode" => "Resume",

            "ResumptionExpected" => "Yes",

            "ExpectedNPNProtocol" => "bar",

        },

    },

    {

        name => "npn-client-first-pref-on-mismatch-resumption",

        server => {

            extra => {

                "NPNProtocols" => "bar",

            },

        },

        resume_server => {

            extra => {

                "NPNProtocols" => "baz",

            },

        },

        client => {

            extra => {

                "NPNProtocols" => "foo,bar",

            },

        },

        test => {

            "HandshakeMode" => "Resume",

            "ResumptionExpected" => "Yes",

            "ExpectedNPNProtocol" => "foo",

        },

    },

    {

        name => "npn-no-server-support-resumption",

        server => {

            extra => {

                "NPNProtocols" => "foo",

            },

        },

        resume_server => { },

        client => {

            extra => {

                "NPNProtocols" => "foo",

            },

        },

        test => {

            "HandshakeMode" => "Resume",

            "ResumptionExpected" => "Yes",

            "ExpectedNPNProtocol" => undef,

        },

    },

    {

        name => "npn-no-client-support-resumption",

        server => {

            extra => {

                "NPNProtocols" => "foo",

            },

        },

        client => {

            extra => {

                "NPNProtocols" => "foo",

            },

        },

        resume_client => { },

        test => {

            "HandshakeMode" => "Resume",

            "ResumptionExpected" => "Yes",

            "ExpectedNPNProtocol" => undef,

        },

    },

    {

        name => "alpn-preferred-over-npn-resumption",

        server => {

            extra => {

                "NPNProtocols" => "bar",

            },

        },

        resume_server => {

            extra => {

                "ALPNProtocols" => "foo",

                "NPNProtocols" => "baz",

            },

        },

        client => {

            extra => {

                "ALPNProtocols" => "foo",

                "NPNProtocols" => "bar,baz",

            },

        },

        test => {

            "HandshakeMode" => "Resume",

            "ResumptionExpected" => "Yes",

            "ExpectedALPNProtocol" => "foo",

            "ExpectedNPNProtocol" => undef,

        },

    },

    {

        name => "npn-used-if-alpn-not-supported-resumption",

        server => {

            extra => {

                "ALPNProtocols" => "foo",

                "NPNProtocols" => "bar",

            },

        },

        resume_server => {

            extra => {

                "NPNProtocols" => "baz",

            },

        },

        client => {

            extra => {

                "ALPNProtocols" => "foo",

                "NPNProtocols" => "bar,baz",

            },

        },

        test => {

            "HandshakeMode" => "Resume",

            "ResumptionExpected" => "Yes",

            "ExpectedALPNProtocol" => undef,

            "ExpectedNPNProtocol" => "baz",

        },

    },

);

test/ssl-tests/09-alpn.conf

+259 −1

File changed.

Preview size limit exceeded, changes collapsed.

test/ssl-tests/09-alpn.conf.in

+140 −15
Original line number Diff line number Diff line
@@ -196,4 +196,129 @@ our @tests = ( 
            "ExpectedALPNProtocol" => undef,

        },

    },

    {

        name => "alpn-simple-resumption",

        server => {

            extra => {

                "ALPNProtocols" => "foo",

            },

        },

        client => {

            extra => {

                "ALPNProtocols" => "foo",

            },

        },

        test => {

            "HandshakeMode" => "Resume",

            "ResumptionExpected" => "Yes",

            "ExpectedALPNProtocol" => "foo",

        },

    },

    {

        name => "alpn-server-switch-resumption",

        server => {

            extra => {

                "ALPNProtocols" => "bar,foo",

            },

        },

        resume_server => {

            extra => {

                "ALPNProtocols" => "baz,foo",

            },

        },

        client => {

            extra => {

                "ALPNProtocols" => "foo,bar,baz",

            },

        },

        test => {

            "HandshakeMode" => "Resume",

            "ResumptionExpected" => "Yes",

            "ExpectedALPNProtocol" => "baz",

        },

    },

    {

        name => "alpn-client-switch-resumption",

        server => {

            extra => {

                "ALPNProtocols" => "foo,bar,baz",

            },

        },

        client => {

            extra => {

                "ALPNProtocols" => "foo,baz",

            },

        },

        resume_client => {

            extra => {

                "ALPNProtocols" => "bar,baz",

            },

        },

        test => {

            "HandshakeMode" => "Resume",

            "ResumptionExpected" => "Yes",

            "ExpectedALPNProtocol" => "bar",

        },

    },

    {

        name => "alpn-alert-on-mismatch-resumption",

        server => {

            extra => {

                "ALPNProtocols" => "bar",

            },

        },

        resume_server => {

            extra => {

                "ALPNProtocols" => "baz",

            },

        },

        client => {

            extra => {

                "ALPNProtocols" => "foo,bar",

            },

        },

        test => {

            "HandshakeMode" => "Resume",

            "ExpectedResult" => "ServerFail",

            "ExpectedServerAlert" => "NoApplicationProtocol",

        },

    },

    {

        name => "alpn-no-server-support-resumption",

        server => {

            extra => {

                "ALPNProtocols" => "foo",

            },

        },

        resume_server => { },

        client => {

            extra => {

                "ALPNProtocols" => "foo",

            },

        },

        test => {

            "HandshakeMode" => "Resume",

            "ResumptionExpected" => "Yes",

            "ExpectedALPNProtocol" => undef,

        },

    },

    {

        name => "alpn-no-client-support-resumption",

        server => {

            extra => {

                "ALPNProtocols" => "foo",

            },

        },

        client => {

            extra => {

                "ALPNProtocols" => "foo",

            },

        },

        resume_client => { },

        test => {

            "HandshakeMode" => "Resume",

            "ResumptionExpected" => "Yes",

            "ExpectedALPNProtocol" => undef,

        },

    },

);