if (SSL_is_server(peer->ssl)) {
ret = SSL_renegotiate(peer->ssl);
} else {
+ int full_reneg = 0;
+
+ if (test_ctx->extra.client.no_extms_on_reneg) {
+ SSL_set_options(peer->ssl, SSL_OP_NO_EXTENDED_MASTER_SECRET);
+ full_reneg = 1;
+ }
if (test_ctx->extra.client.reneg_ciphers != NULL) {
if (!SSL_set_cipher_list(peer->ssl,
test_ctx->extra.client.reneg_ciphers)) {
peer->status = PEER_ERROR;
return;
}
+ full_reneg = 1;
+ }
+ if (full_reneg)
ret = SSL_renegotiate(peer->ssl);
- } else {
+ else
ret = SSL_renegotiate_abbreviated(peer->ssl);
- }
}
if (!ret) {
peer->status = PEER_ERROR;
# Generated with generate_ssl_tests.pl
-num_tests = 14
+num_tests = 15
test-0 = 0-renegotiate-client-no-resume
test-1 = 1-renegotiate-client-resume
test-11 = 11-no-renegotiation-server-by-server
test-12 = 12-no-renegotiation-client-by-server
test-13 = 13-no-renegotiation-client-by-client
+test-14 = 14-no-extms-on-renegotiation
# ===========================================================
[0-renegotiate-client-no-resume]
ResumptionExpected = No
+# ===========================================================
+
+[14-no-extms-on-renegotiation]
+ssl_conf = 14-no-extms-on-renegotiation-ssl
+
+[14-no-extms-on-renegotiation-ssl]
+server = 14-no-extms-on-renegotiation-server
+client = 14-no-extms-on-renegotiation-client
+
+[14-no-extms-on-renegotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[14-no-extms-on-renegotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-14]
+ExpectedResult = ServerFail
+HandshakeMode = RenegotiateClient
+Method = TLS
+ResumptionExpected = No
+client = 14-no-extms-on-renegotiation-client-extra
+
+[14-no-extms-on-renegotiation-client-extra]
+RenegotiateNoExtms = Yes
+
+
"ResumptionExpected" => "No",
"ExpectedResult" => "ClientFail"
}
+ },
+ {
+ name => "no-extms-on-renegotiation",
+ server => {
+ "MaxProtocol" => "TLSv1.2"
+ },
+ client => {
+ "MaxProtocol" => "TLSv1.2",
+ extra => {
+ "RenegotiateNoExtms" => "Yes"
+ }
+ },
+ test => {
+ "Method" => "TLS",
+ "HandshakeMode" => "RenegotiateClient",
+ "ResumptionExpected" => "No",
+ "ExpectedResult" => "ServerFail"
+ }
}
);
IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CLIENT_CONF, client, enable_pha)
IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_SERVER_CONF, server, force_pha)
+IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CLIENT_CONF, client, no_extms_on_reneg)
/* Known test options and their corresponding parse methods. */
{ "SRPPassword", &parse_client_srp_password },
{ "MaxFragmentLenExt", &parse_max_fragment_len_mode },
{ "EnablePHA", &parse_client_enable_pha },
+ { "RenegotiateNoExtms", &parse_client_no_extms_on_reneg },
};
/* Nested server options. */
char *srp_password;
/* PHA enabled */
int enable_pha;
+ /* Do not send extms on renegotiation */
+ int no_extms_on_reneg;
} SSL_TEST_CLIENT_CONF;
typedef struct {
projects / oweals / openssl.git / commitdiff