2 # Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
4 # Licensed under the Apache License 2.0 (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
16 use OpenSSL::Test::Utils;
20 foreach my $sctp ("No", "Yes")
22 next if disabled("sctp") && $sctp eq "Yes";
24 my $suffix = ($sctp eq "No") ? "" : "-sctp";
27 name => "renegotiate-client-no-resume".$suffix,
29 "Options" => "NoResumptionOnRenegotiation"
35 "HandshakeMode" => "RenegotiateClient",
36 "ResumptionExpected" => "No",
37 "ExpectedResult" => "Success"
41 name => "renegotiate-client-resume".$suffix,
47 "HandshakeMode" => "RenegotiateClient",
48 "ResumptionExpected" => "Yes",
49 "ExpectedResult" => "Success"
52 # Note: Unlike the TLS tests, we will never do resumption with server
53 # initiated reneg. This is because an OpenSSL DTLS client will always do a full
54 # handshake (i.e. it doesn't supply a session id) when it receives a
55 # HelloRequest. This is different to the OpenSSL TLS implementation where an
56 # OpenSSL client will always try an abbreviated handshake (i.e. it will supply
57 # the session id). This goes all the way to commit 48ae85b6f when abbreviated
58 # handshake support was first added. Neither behaviour is wrong, but the
59 # discrepancy is strange. TODO: Should we harmonise the TLS and DTLS behaviour,
62 name => "renegotiate-server-resume".$suffix,
68 "HandshakeMode" => "RenegotiateServer",
69 "ResumptionExpected" => "No",
70 "ExpectedResult" => "Success"
74 name => "renegotiate-client-auth-require".$suffix,
76 "VerifyCAFile" => test_pem("root-cert.pem"),
77 "VerifyMode" => "Require",
80 "Certificate" => test_pem("ee-client-chain.pem"),
81 "PrivateKey" => test_pem("ee-key.pem"),
86 "HandshakeMode" => "RenegotiateServer",
87 "ResumptionExpected" => "No",
88 "ExpectedResult" => "Success"
92 name => "renegotiate-client-auth-once".$suffix,
94 "VerifyCAFile" => test_pem("root-cert.pem"),
95 "VerifyMode" => "Once",
98 "Certificate" => test_pem("ee-client-chain.pem"),
99 "PrivateKey" => test_pem("ee-key.pem"),
104 "HandshakeMode" => "RenegotiateServer",
105 "ResumptionExpected" => "No",
106 "ExpectedResult" => "Success"
110 push @tests, @tests_basic;
112 next if disabled("dtls1_2");
113 our @tests_dtls1_2 = (
115 name => "renegotiate-aead-to-non-aead".$suffix,
117 "Options" => "NoResumptionOnRenegotiation"
120 "CipherString" => "AES128-GCM-SHA256",
122 "RenegotiateCiphers" => "AES128-SHA"
128 "HandshakeMode" => "RenegotiateClient",
129 "ResumptionExpected" => "No",
130 "ExpectedResult" => "Success"
134 name => "renegotiate-non-aead-to-aead".$suffix,
136 "Options" => "NoResumptionOnRenegotiation"
139 "CipherString" => "AES128-SHA",
141 "RenegotiateCiphers" => "AES128-GCM-SHA256"
147 "HandshakeMode" => "RenegotiateClient",
148 "ResumptionExpected" => "No",
149 "ExpectedResult" => "Success"
153 name => "renegotiate-non-aead-to-non-aead".$suffix,
155 "Options" => "NoResumptionOnRenegotiation"
158 "CipherString" => "AES128-SHA",
160 "RenegotiateCiphers" => "AES256-SHA"
166 "HandshakeMode" => "RenegotiateClient",
167 "ResumptionExpected" => "No",
168 "ExpectedResult" => "Success"
172 name => "renegotiate-aead-to-aead".$suffix,
174 "Options" => "NoResumptionOnRenegotiation"
177 "CipherString" => "AES128-GCM-SHA256",
179 "RenegotiateCiphers" => "AES256-GCM-SHA384"
185 "HandshakeMode" => "RenegotiateClient",
186 "ResumptionExpected" => "No",
187 "ExpectedResult" => "Success"
191 push @tests, @tests_dtls1_2;