Commit 6862de63 authored by Matt Caswell's avatar Matt Caswell
Browse files

Add a test to verify the ClientHello version is the same in a reneg 



Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6059)
parent 447cc0ad

test/recipes/70-test_renegotiation.t

+29 −1
Original line number Diff line number Diff line
@@ -38,7 +38,7 @@ my $proxy = TLSProxy::Proxy->new( 
$proxy->clientflags("-no_tls1_3");

$proxy->reneg(1);

$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";

plan tests => 2;

plan tests => 3;

ok(TLSProxy::Message->success(), "Basic renegotiation");



#Test 2: Client does not send the Reneg SCSV. Reneg should fail
@@ -49,6 +49,34 @@ $proxy->reneg(1); 
$proxy->start();

ok(TLSProxy::Message->fail(), "No client SCSV");



SKIP: {

    skip "TLSv1.2 or TLSv1.1 disabled", 1

        if disabled("tls1_2") || disabled("tls1_1");

    #Test 3: Check that the ClientHello version remains the same in the reneg

    #        handshake

    $proxy->clear();

    $proxy->filter(undef);

    $proxy->clientflags("-no_tls1_3");

    $proxy->serverflags("-no_tls1_3 -no_tls1_2");

    $proxy->reneg(1);

    $proxy->start();

    my $chversion;

    my $chmatch = 0;

    foreach my $message (@{$proxy->message_list}) {

        if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) {

            if (!defined $chversion) {

                $chversion = $message->client_version;

            } else {

                if ($chversion == $message->client_version) {

                    $chmatch = 1;

                }

            }

        }

    }

    ok(TLSProxy::Message->success() && $chmatch,

       "Check ClientHello version is the same");

}



sub reneg_filter

{

    my $proxy = shift;