@extensions = (
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME,
+ TLSProxy::Message::CLIENT,
checkhandshake::SERVER_NAME_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,
+ TLSProxy::Message::CLIENT,
checkhandshake::STATUS_REQUEST_CLI_EXTENSION],
(disabled("ec") ? () :
[TLSProxy::Message::MT_CLIENT_HELLO,
TLSProxy::Message::EXT_SUPPORTED_GROUPS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS]),
(disabled("ec") ? () :
[TLSProxy::Message::MT_CLIENT_HELLO,
TLSProxy::Message::EXT_EC_POINT_FORMATS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS]),
(disabled("tls1_2") ? () :
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS]),
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN,
+ TLSProxy::Message::CLIENT,
checkhandshake::ALPN_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT,
+ TLSProxy::Message::CLIENT,
checkhandshake::SCT_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_RENEGOTIATE,
+ TLSProxy::Message::CLIENT,
checkhandshake::RENEGOTIATE_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_NPN,
+ TLSProxy::Message::CLIENT,
checkhandshake::NPN_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SRP,
+ TLSProxy::Message::CLIENT,
checkhandshake::SRP_CLI_EXTENSION],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_RENEGOTIATE,
+ TLSProxy::Message::SERVER,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC,
+ TLSProxy::Message::SERVER,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET,
+ TLSProxy::Message::SERVER,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SESSION_TICKET,
+ TLSProxy::Message::SERVER,
checkhandshake::SESSION_TICKET_SRV_EXTENSION],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SERVER_NAME,
+ TLSProxy::Message::SERVER,
checkhandshake::SERVER_NAME_SRV_EXTENSION],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,
+ TLSProxy::Message::SERVER,
checkhandshake::STATUS_REQUEST_SRV_EXTENSION],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_ALPN,
+ TLSProxy::Message::SERVER,
checkhandshake::ALPN_SRV_EXTENSION],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SCT,
+ TLSProxy::Message::SERVER,
checkhandshake::SCT_SRV_EXTENSION],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_NPN,
+ TLSProxy::Message::SERVER,
checkhandshake::NPN_SRV_EXTENSION],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS,
+ TLSProxy::Message::SERVER,
checkhandshake::EC_POINT_FORMAT_SRV_EXTENSION],
- [0,0,0]
+ [0,0,0,0]
);
#Test 1: Check we get all the right messages for a default handshake
@extensions = (
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME,
+ TLSProxy::Message::CLIENT,
checkhandshake::SERVER_NAME_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,
+ TLSProxy::Message::CLIENT,
checkhandshake::STATUS_REQUEST_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN,
+ TLSProxy::Message::CLIENT,
checkhandshake::ALPN_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT,
+ TLSProxy::Message::CLIENT,
checkhandshake::SCT_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES,
+ TLSProxy::Message::CLIENT,
checkhandshake::PSK_KEX_MODES_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK,
+ TLSProxy::Message::CLIENT,
checkhandshake::PSK_CLI_EXTENSION],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
+ TLSProxy::Message::SERVER,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
+ TLSProxy::Message::SERVER,
checkhandshake::KEY_SHARE_HRR_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME,
+ TLSProxy::Message::CLIENT,
checkhandshake::SERVER_NAME_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,
+ TLSProxy::Message::CLIENT,
checkhandshake::STATUS_REQUEST_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN,
+ TLSProxy::Message::CLIENT,
checkhandshake::ALPN_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT,
+ TLSProxy::Message::CLIENT,
checkhandshake::SCT_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES,
+ TLSProxy::Message::CLIENT,
checkhandshake::PSK_KEX_MODES_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK,
+ TLSProxy::Message::CLIENT,
checkhandshake::PSK_CLI_EXTENSION],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
+ TLSProxy::Message::SERVER,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
+ TLSProxy::Message::SERVER,
checkhandshake::KEY_SHARE_SRV_EXTENSION],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_PSK,
+ TLSProxy::Message::SERVER,
checkhandshake::PSK_SRV_EXTENSION],
[TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_STATUS_REQUEST,
+ TLSProxy::Message::SERVER,
checkhandshake::STATUS_REQUEST_SRV_EXTENSION],
- [0,0,0]
+ [0,0,0,0]
);
use constant {
@extensions = (
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME,
+ TLSProxy::Message::CLIENT,
checkhandshake::SERVER_NAME_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,
+ TLSProxy::Message::CLIENT,
checkhandshake::STATUS_REQUEST_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN,
+ TLSProxy::Message::CLIENT,
checkhandshake::ALPN_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT,
+ TLSProxy::Message::CLIENT,
checkhandshake::SCT_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK,
+ TLSProxy::Message::CLIENT,
checkhandshake::PSK_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_POST_HANDSHAKE_AUTH,
+ TLSProxy::Message::CLIENT,
checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
+ TLSProxy::Message::SERVER,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
+ TLSProxy::Message::SERVER,
checkhandshake::KEY_SHARE_HRR_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME,
+ TLSProxy::Message::CLIENT,
checkhandshake::SERVER_NAME_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,
+ TLSProxy::Message::CLIENT,
checkhandshake::STATUS_REQUEST_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN,
+ TLSProxy::Message::CLIENT,
checkhandshake::ALPN_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT,
+ TLSProxy::Message::CLIENT,
checkhandshake::SCT_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK,
+ TLSProxy::Message::CLIENT,
checkhandshake::PSK_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_POST_HANDSHAKE_AUTH,
+ TLSProxy::Message::CLIENT,
checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
+ TLSProxy::Message::SERVER,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
+ TLSProxy::Message::SERVER,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_PSK,
+ TLSProxy::Message::SERVER,
checkhandshake::PSK_SRV_EXTENSION],
[TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_SERVER_NAME,
+ TLSProxy::Message::SERVER,
checkhandshake::SERVER_NAME_SRV_EXTENSION],
[TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_ALPN,
+ TLSProxy::Message::SERVER,
checkhandshake::ALPN_SRV_EXTENSION],
[TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_SUPPORTED_GROUPS,
+ TLSProxy::Message::SERVER,
checkhandshake::SUPPORTED_GROUPS_SRV_EXTENSION],
+ [TLSProxy::Message::MT_CERTIFICATE_REQUEST, TLSProxy::Message::EXT_SIG_ALGS,
+ TLSProxy::Message::SERVER,
+ checkhandshake::DEFAULT_EXTENSIONS],
+
[TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_STATUS_REQUEST,
+ TLSProxy::Message::SERVER,
checkhandshake::STATUS_REQUEST_SRV_EXTENSION],
[TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_SCT,
+ TLSProxy::Message::SERVER,
checkhandshake::SCT_SRV_EXTENSION],
- [0,0,0]
+ [0,0,0,0]
);
my $proxy = TLSProxy::Proxy->new(
$proxy->clientflags("-sess_out ".$session);
$proxy->sessionfile($session);
$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
-plan tests => 16;
+plan tests => 17;
checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
checkhandshake::DEFAULT_EXTENSIONS,
"Default handshake test");
"Resumption handshake test");
SKIP: {
- skip "No OCSP support in this OpenSSL build", 3
+ skip "No OCSP support in this OpenSSL build", 4
if disabled("ct") || disabled("ec") || disabled("ocsp");
#Test 3: A status_request handshake (client request only)
$proxy->clear();
| checkhandshake::STATUS_REQUEST_CLI_EXTENSION
| checkhandshake::STATUS_REQUEST_SRV_EXTENSION,
"status_request handshake test");
+
+ #Test 6: A status_request handshake (client and server) with client auth
+ $proxy->clear();
+ $proxy->clientflags("-status -enable_pha -cert "
+ .srctop_file("apps", "server.pem"));
+ $proxy->serverflags("-Verify 5 -status_file "
+ .srctop_file("test", "recipes", "ocsp-response.der"));
+ $proxy->start();
+ checkhandshake($proxy, checkhandshake::CLIENT_AUTH_HANDSHAKE,
+ checkhandshake::DEFAULT_EXTENSIONS
+ | checkhandshake::STATUS_REQUEST_CLI_EXTENSION
+ | checkhandshake::STATUS_REQUEST_SRV_EXTENSION
+ | checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION,
+ "status_request handshake with client auth test");
}
-#Test 6: A client auth handshake
+#Test 7: A client auth handshake
$proxy->clear();
$proxy->clientflags("-enable_pha -cert ".srctop_file("apps", "server.pem"));
$proxy->serverflags("-Verify 5");
checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION,
"Client auth handshake test");
-#Test 7: Server name handshake (no client request)
+#Test 8: Server name handshake (no client request)
$proxy->clear();
$proxy->clientflags("-noservername");
$proxy->start();
& ~checkhandshake::SERVER_NAME_CLI_EXTENSION,
"Server name handshake test (client)");
-#Test 8: Server name handshake (server support only)
+#Test 9: Server name handshake (server support only)
$proxy->clear();
$proxy->clientflags("-noservername");
$proxy->serverflags("-servername testhost");
& ~checkhandshake::SERVER_NAME_CLI_EXTENSION,
"Server name handshake test (server)");
-#Test 9: Server name handshake (client and server)
+#Test 10: Server name handshake (client and server)
$proxy->clear();
$proxy->clientflags("-servername testhost");
$proxy->serverflags("-servername testhost");
| checkhandshake::SERVER_NAME_SRV_EXTENSION,
"Server name handshake test");
-#Test 10: ALPN handshake (client request only)
+#Test 11: ALPN handshake (client request only)
$proxy->clear();
$proxy->clientflags("-alpn test");
$proxy->start();
| checkhandshake::ALPN_CLI_EXTENSION,
"ALPN handshake test (client)");
-#Test 11: ALPN handshake (server support only)
+#Test 12: ALPN handshake (server support only)
$proxy->clear();
$proxy->serverflags("-alpn test");
$proxy->start();
checkhandshake::DEFAULT_EXTENSIONS,
"ALPN handshake test (server)");
-#Test 12: ALPN handshake (client and server)
+#Test 13: ALPN handshake (client and server)
$proxy->clear();
$proxy->clientflags("-alpn test");
$proxy->serverflags("-alpn test");
skip "No CT, EC or OCSP support in this OpenSSL build", 1
if disabled("ct") || disabled("ec") || disabled("ocsp");
- #Test 13: SCT handshake (client request only)
+ #Test 14: SCT handshake (client request only)
$proxy->clear();
#Note: -ct also sends status_request
$proxy->clientflags("-ct");
"SCT handshake test");
}
-
-
-
-#Test 14: HRR Handshake
+#Test 15: HRR Handshake
$proxy->clear();
$proxy->serverflags("-curves P-256");
$proxy->start();
| checkhandshake::KEY_SHARE_HRR_EXTENSION,
"HRR handshake test");
-#Test 15: Resumption handshake with HRR
+#Test 16: Resumption handshake with HRR
$proxy->clear();
$proxy->clientflags("-sess_in ".$session);
$proxy->serverflags("-curves P-256");
| checkhandshake::PSK_SRV_EXTENSION),
"Resumption handshake with HRR test");
-#Test 16: Acceptable but non preferred key_share
+#Test 17: Acceptable but non preferred key_share
$proxy->clear();
$proxy->clientflags("-curves P-256");
$proxy->start();
--- /dev/null
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+
+package TLSProxy::CertificateRequest;
+
+use vars '@ISA';
+push @ISA, 'TLSProxy::Message';
+
+sub new
+{
+ my $class = shift;
+ my ($server,
+ $data,
+ $records,
+ $startoffset,
+ $message_frag_lens) = @_;
+
+ my $self = $class->SUPER::new(
+ $server,
+ TLSProxy::Message::MT_CERTIFICATE_REQUEST,
+ $data,
+ $records,
+ $startoffset,
+ $message_frag_lens);
+
+ $self->{extension_data} = "";
+
+ return $self;
+}
+
+sub parse
+{
+ my $self = shift;
+ my $ptr = 1;
+
+ if (TLSProxy::Proxy->is_tls13()) {
+ my $request_ctx_len = unpack('C', $self->data);
+ my $request_ctx = substr($self->data, $ptr, $request_ctx_len);
+ $ptr += $request_ctx_len;
+
+ my $extensions_len = unpack('n', substr($self->data, $ptr));
+ $ptr += 2;
+ my $extension_data = substr($self->data, $ptr);
+ if (length($extension_data) != $extensions_len) {
+ die "Invalid extension length\n";
+ }
+ my %extensions = ();
+ while (length($extension_data) >= 4) {
+ my ($type, $size) = unpack("nn", $extension_data);
+ my $extdata = substr($extension_data, 4, $size);
+ $extension_data = substr($extension_data, 4 + $size);
+ $extensions{$type} = $extdata;
+ }
+ $self->extension_data(\%extensions);
+
+ print " Extensions Len:".$extensions_len."\n";
+ }
+ # else parse TLSv1.2 version - we don't support that at the moment
+}
+
+#Reconstruct the on-the-wire message data following changes
+sub set_message_contents
+{
+ my $self = shift;
+ my $data;
+ my $extensions = "";
+
+ foreach my $key (keys %{$self->extension_data}) {
+ my $extdata = ${$self->extension_data}{$key};
+ $extensions .= pack("n", $key);
+ $extensions .= pack("n", length($extdata));
+ $extensions .= $extdata;
+ }
+
+ $data = pack('n', length($extensions));
+ $data .= $extensions;
+ $self->data($data);
+}
+
+#Read/write accessors
+sub extension_data
+{
+ my $self = shift;
+ if (@_) {
+ $self->{extension_data} = shift;
+ }
+ return $self->{extension_data};
+}
+sub set_extension
+{
+ my ($self, $ext_type, $ext_data) = @_;
+ $self->{extension_data}{$ext_type} = $ext_data;
+}
+sub delete_extension
+{
+ my ($self, $ext_type) = @_;
+ delete $self->{extension_data}{$ext_type};
+}
+1;
CIPHER_TLS13_AES_256_GCM_SHA384 => 0x1302
};
+use constant {
+ CLIENT => 0,
+ SERVER => 1
+};
+
my $payload = "";
my $messlen = -1;
my $mt;
[@message_frag_lens]
);
$message->parse();
+ } elsif ($mt == MT_CERTIFICATE_REQUEST) {
+ $message = TLSProxy::CertificateRequest->new(
+ $server,
+ $data,
+ [@message_rec_list],
+ $startoffset,
+ [@message_frag_lens]
+ );
+ $message->parse();
} elsif ($mt == MT_CERTIFICATE_VERIFY) {
$message = TLSProxy::CertificateVerify->new(
$server,
use TLSProxy::ServerHello;
use TLSProxy::EncryptedExtensions;
use TLSProxy::Certificate;
+use TLSProxy::CertificateRequest;
use TLSProxy::CertificateVerify;
use TLSProxy::ServerKeyExchange;
use TLSProxy::NewSessionTicket;
&& $message->mt() != TLSProxy::Message::MT_SERVER_HELLO
&& $message->mt() !=
TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS
- && $message->mt() != TLSProxy::Message::MT_CERTIFICATE);
+ && $message->mt() != TLSProxy::Message::MT_CERTIFICATE
+ && $message->mt() != TLSProxy::Message::MT_CERTIFICATE_REQUEST);
next if $message->mt() == TLSProxy::Message::MT_CERTIFICATE
&& !TLSProxy::Proxy::is_tls13();
my $extchnum = 1;
my $extshnum = 1;
for (my $extloop = 0;
- $extensions[$extloop][2] != 0;
+ $extensions[$extloop][3] != 0;
$extloop++) {
$extchnum = 2 if $extensions[$extloop][0] != TLSProxy::Message::MT_CLIENT_HELLO
&& TLSProxy::Proxy::is_tls13();
next if $extensions[$extloop][0] == TLSProxy::Message::MT_SERVER_HELLO
&& $extshnum != $shnum;
next if ($message->mt() != $extensions[$extloop][0]);
+ next if ($message->server() != $extensions[$extloop][2]);
$numtests++;
}
$numtests++;
&& $message->mt() != TLSProxy::Message::MT_SERVER_HELLO
&& $message->mt() !=
TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS
- && $message->mt() != TLSProxy::Message::MT_CERTIFICATE);
+ && $message->mt() != TLSProxy::Message::MT_CERTIFICATE
+ && $message->mt() != TLSProxy::Message::MT_CERTIFICATE_REQUEST);
next if $message->mt() == TLSProxy::Message::MT_CERTIFICATE
&& !TLSProxy::Proxy::is_tls13();
my $msgexts = $message->extension_data();
my $extchnum = 1;
my $extshnum = 1;
- for (my $extloop = 0, $extcount = 0; $extensions[$extloop][2] != 0;
+ for (my $extloop = 0, $extcount = 0; $extensions[$extloop][3] != 0;
$extloop++) {
#In TLSv1.3 we can have two ClientHellos if there has been a
#HelloRetryRequest, and they may have different extensions. Skip
next if $extensions[$extloop][0] == TLSProxy::Message::MT_SERVER_HELLO
&& $extshnum != $shnum;
next if ($message->mt() != $extensions[$extloop][0]);
- ok (($extensions[$extloop][2] & $exttype) == 0
+ next if ($message->server() != $extensions[$extloop][2]);
+ ok (($extensions[$extloop][3] & $exttype) == 0
|| defined ($msgexts->{$extensions[$extloop][1]}),
"Extension presence check (Message: ".$message->mt()
- ." Extension: ".($extensions[$extloop][2] & $exttype).", "
+ ." Extension: ".($extensions[$extloop][3] & $exttype).", "
.$extloop.")");
- $extcount++ if (($extensions[$extloop][2] & $exttype) != 0);
+ $extcount++ if (($extensions[$extloop][3] & $exttype) != 0);
}
ok($extcount == keys %$msgexts, "Extensions count mismatch ("
.$extcount.", ".(keys %$msgexts)