From: Richard Levitte Date: Thu, 13 Aug 2015 17:38:59 +0000 (+0200) Subject: Adapt the libssl test harness testing scripts to new testing framework X-Git-Tag: OpenSSL_1_1_0-pre1~658 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=25be5f44b81e1c45e15e689ba55713e455dfe624;p=oweals%2Fopenssl.git Adapt the libssl test harness testing scripts to new testing framework This involves adding $TOP/util as perl library in test/run_tests.pl. Reviewed-by: Rich Salz --- diff --git a/test/recipes/70-test_sslextension.t b/test/recipes/70-test_sslextension.t new file mode 100755 index 0000000000..4aa3f61f7d --- /dev/null +++ b/test/recipes/70-test_sslextension.t @@ -0,0 +1,101 @@ +#!/usr/bin/perl +# Written by Matt Caswell for the OpenSSL project. +# ==================================================================== +# Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# 3. All advertising materials mentioning features or use of this +# software must display the following acknowledgment: +# "This product includes software developed by the OpenSSL Project +# for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +# +# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +# endorse or promote products derived from this software without +# prior written permission. For written permission, please contact +# openssl-core@openssl.org. +# +# 5. Products derived from this software may not be called "OpenSSL" +# nor may "OpenSSL" appear in their names without prior written +# permission of the OpenSSL Project. +# +# 6. Redistributions of any form whatsoever must retain the following +# acknowledgment: +# "This product includes software developed by the OpenSSL Project +# for use in the OpenSSL Toolkit (http://www.openssl.org/)" +# +# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +# OF THE POSSIBILITY OF SUCH DAMAGE. +# ==================================================================== +# +# This product includes cryptographic software written by Eric Young +# (eay@cryptsoft.com). This product includes software written by Tim +# Hudson (tjh@cryptsoft.com). + +use strict; +use OpenSSL::Test qw/:DEFAULT cmdstr top_file top_dir/; +use TLSProxy::Proxy; + +my $test_name = "test_sslextension"; +setup($test_name); + +plan skip_all => "$test_name can only be performed with OpenSSL configured shared" + unless (map { chomp; s/^SHARED_LIBS=\s*//; $_ } + grep { /^SHARED_LIBS=/ } + do { local @ARGV = ( top_file("Makefile") ); <> })[0] ne ""; + +$ENV{OPENSSL_ENGINES} = top_dir("engines"); +$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; +my $proxy = TLSProxy::Proxy->new( + \&extension_filter, + cmdstr(app(["openssl"])), + top_file("apps", "server.pem") +); + +plan tests => 1; + +#Test 1: Sending a zero length extension block should pass +$proxy->start(); +ok(TLSProxy::Message->success, "Zero extension length test"); + +sub extension_filter +{ + my $proxy = shift; + + # We're only interested in the initial ClientHello + if ($proxy->flight != 0) { + return; + } + + foreach my $message (@{$proxy->message_list}) { + if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { + #Remove all extensions and set the extension len to zero + $message->extension_data({}); + $message->extensions_len(0); + #Extensions have been removed so make sure we don't try to use them + $message->process_extensions(); + + $message->repack(); + } + } +} diff --git a/test/recipes/70-test_sslskewith0p.t b/test/recipes/70-test_sslskewith0p.t new file mode 100755 index 0000000000..d8d74b33e3 --- /dev/null +++ b/test/recipes/70-test_sslskewith0p.t @@ -0,0 +1,101 @@ +#!/usr/bin/perl +# Written by Matt Caswell for the OpenSSL project. +# ==================================================================== +# Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# 3. All advertising materials mentioning features or use of this +# software must display the following acknowledgment: +# "This product includes software developed by the OpenSSL Project +# for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +# +# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +# endorse or promote products derived from this software without +# prior written permission. For written permission, please contact +# openssl-core@openssl.org. +# +# 5. Products derived from this software may not be called "OpenSSL" +# nor may "OpenSSL" appear in their names without prior written +# permission of the OpenSSL Project. +# +# 6. Redistributions of any form whatsoever must retain the following +# acknowledgment: +# "This product includes software developed by the OpenSSL Project +# for use in the OpenSSL Toolkit (http://www.openssl.org/)" +# +# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +# OF THE POSSIBILITY OF SUCH DAMAGE. +# ==================================================================== +# +# This product includes cryptographic software written by Eric Young +# (eay@cryptsoft.com). This product includes software written by Tim +# Hudson (tjh@cryptsoft.com). + +use strict; +use OpenSSL::Test qw/:DEFAULT cmdstr top_file top_dir/; +use TLSProxy::Proxy; + +my $test_name = "test_sslskewith0p"; +setup($test_name); + +plan skip_all => "$test_name can only be performed with OpenSSL configured shared" + unless (map { chomp; s/^SHARED_LIBS=\s*//; $_ } + grep { /^SHARED_LIBS=/ } + do { local @ARGV = ( top_file("Makefile") ); <> })[0] ne ""; + +$ENV{OPENSSL_ENGINES} = top_dir("engines"); +$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; +my $proxy = TLSProxy::Proxy->new( + \&ske_0_p_filter, + cmdstr(app(["openssl"])), + top_file("apps", "server.pem") +); + +plan tests => 1; + +#We must use an anon DHE cipher for this test +$proxy->cipherc('ADH-AES128-SHA:@SECLEVEL=0'); +$proxy->ciphers('ADH-AES128-SHA:@SECLEVEL=0'); + +$proxy->start(); +ok(TLSProxy::Message->fail, "ServerKeyExchange with 0 p"); + +sub ske_0_p_filter +{ + my $proxy = shift; + + # We're only interested in the SKE - always in flight 1 + if ($proxy->flight != 1) { + return; + } + + foreach my $message (@{$proxy->message_list}) { + if ($message->mt == TLSProxy::Message::MT_SERVER_KEY_EXCHANGE) { + #Set p to a value of 0 + $message->p(pack('C', 0)); + + $message->repack(); + } + } +} diff --git a/test/recipes/70-test_sslvertol.t b/test/recipes/70-test_sslvertol.t new file mode 100755 index 0000000000..9717f80bdb --- /dev/null +++ b/test/recipes/70-test_sslvertol.t @@ -0,0 +1,105 @@ +#!/usr/bin/perl +# Written by Matt Caswell for the OpenSSL project. +# ==================================================================== +# Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# 3. All advertising materials mentioning features or use of this +# software must display the following acknowledgment: +# "This product includes software developed by the OpenSSL Project +# for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +# +# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +# endorse or promote products derived from this software without +# prior written permission. For written permission, please contact +# openssl-core@openssl.org. +# +# 5. Products derived from this software may not be called "OpenSSL" +# nor may "OpenSSL" appear in their names without prior written +# permission of the OpenSSL Project. +# +# 6. Redistributions of any form whatsoever must retain the following +# acknowledgment: +# "This product includes software developed by the OpenSSL Project +# for use in the OpenSSL Toolkit (http://www.openssl.org/)" +# +# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +# OF THE POSSIBILITY OF SUCH DAMAGE. +# ==================================================================== +# +# This product includes cryptographic software written by Eric Young +# (eay@cryptsoft.com). This product includes software written by Tim +# Hudson (tjh@cryptsoft.com). + +use strict; +use OpenSSL::Test qw/:DEFAULT cmdstr top_file top_dir/; +use TLSProxy::Proxy; + +my $test_name = "test_sslextension"; +setup($test_name); + +plan skip_all => "$test_name can only be performed with OpenSSL configured shared" + unless (map { chomp; s/^SHARED_LIBS=\s*//; $_ } + grep { /^SHARED_LIBS=/ } + do { local @ARGV = ( top_file("Makefile") ); <> })[0] ne ""; + +$ENV{OPENSSL_ENGINES} = top_dir("engines"); +$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; +my $proxy = TLSProxy::Proxy->new( + \&vers_tolerance_filter, + cmdstr(app(["openssl"])), + top_file("apps", "server.pem") +); + +plan tests => 2; + +#Test 1: Asking for TLS1.3 should pass +my $client_version = TLSProxy::Record::VERS_TLS_1_3; +$proxy->start(); +ok(TLSProxy::Message->success(), "Version tolerance test, TLS 1.3"); + +#Test 2: Testing something below SSLv3 should fail +$client_version = TLSProxy::Record::VERS_SSL_3_0 - 1; +$proxy->restart(); +ok(TLSProxy::Message->fail(), "Version tolerance test, SSL < 3.0"); + +sub vers_tolerance_filter +{ + my $proxy = shift; + + # We're only interested in the initial ClientHello + if ($proxy->flight != 0) { + return; + } + + foreach my $message (@{$proxy->message_list}) { + if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { + #Set the client version + #Anything above the max supported version (TLS1.2) should succeed + #Anything below SSLv3 should fail + $message->client_version($client_version); + $message->repack(); + } + } +} diff --git a/test/run_tests.pl b/test/run_tests.pl index 746b0d192d..7e61282f16 100644 --- a/test/run_tests.pl +++ b/test/run_tests.pl @@ -10,15 +10,17 @@ use Test::Harness qw/runtests $switches/; my $top = $ENV{TOP}; my $recipesdir = catdir($top, "test", "recipes"); my $testlib = catdir($top, "test", "testlib"); +my $utillib = catdir($top, "util"); # It seems that $switches is getting interpretted with 'eval' or something # like that, and that we need to take care of backslashes or they will # disappear along the way. $testlib =~ s|\\|\\\\|g if $^O eq "MSWin32"; +$utillib =~ s|\\|\\\\|g if $^O eq "MSWin32"; # Test::Harness provides the variable $switches to give it # switches to be used when it calls our recipes. -$switches = "-w \"-I$testlib\""; +$switches = "-w \"-I$testlib\" \"-I$utillib\""; my @tests = ( "alltests" ); if (@ARGV) { diff --git a/test/sslextensiontest.pl b/test/sslextensiontest.pl deleted file mode 100755 index 802bac19a4..0000000000 --- a/test/sslextensiontest.pl +++ /dev/null @@ -1,89 +0,0 @@ -#!/usr/bin/perl -# Written by Matt Caswell for the OpenSSL project. -# ==================================================================== -# Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in -# the documentation and/or other materials provided with the -# distribution. -# -# 3. All advertising materials mentioning features or use of this -# software must display the following acknowledgment: -# "This product includes software developed by the OpenSSL Project -# for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -# -# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -# endorse or promote products derived from this software without -# prior written permission. For written permission, please contact -# openssl-core@openssl.org. -# -# 5. Products derived from this software may not be called "OpenSSL" -# nor may "OpenSSL" appear in their names without prior written -# permission of the OpenSSL Project. -# -# 6. Redistributions of any form whatsoever must retain the following -# acknowledgment: -# "This product includes software developed by the OpenSSL Project -# for use in the OpenSSL Toolkit (http://www.openssl.org/)" -# -# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -# OF THE POSSIBILITY OF SUCH DAMAGE. -# ==================================================================== -# -# This product includes cryptographic software written by Eric Young -# (eay@cryptsoft.com). This product includes software written by Tim -# Hudson (tjh@cryptsoft.com). - -use strict; -use TLSProxy::Proxy; - -my $proxy = TLSProxy::Proxy->new( - \&extension_filter, - @ARGV -); - -#Test 1: Sending a zero length extension block should pass -$proxy->start(); -TLSProxy::Message->success or die "FAILED: Zero extension length test\n"; - -print "SUCCESS: Extension test\n"; - -sub extension_filter -{ - my $proxy = shift; - - # We're only interested in the initial ClientHello - if ($proxy->flight != 0) { - return; - } - - foreach my $message (@{$proxy->message_list}) { - if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { - #Remove all extensions and set the extension len to zero - $message->extension_data({}); - $message->extensions_len(0); - #Extensions have been removed so make sure we don't try to use them - $message->process_extensions(); - - $message->repack(); - } - } -} diff --git a/test/sslskewith0ptest.pl b/test/sslskewith0ptest.pl deleted file mode 100755 index 63f83980a8..0000000000 --- a/test/sslskewith0ptest.pl +++ /dev/null @@ -1,89 +0,0 @@ -#!/usr/bin/perl -# Written by Matt Caswell for the OpenSSL project. -# ==================================================================== -# Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in -# the documentation and/or other materials provided with the -# distribution. -# -# 3. All advertising materials mentioning features or use of this -# software must display the following acknowledgment: -# "This product includes software developed by the OpenSSL Project -# for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -# -# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -# endorse or promote products derived from this software without -# prior written permission. For written permission, please contact -# openssl-core@openssl.org. -# -# 5. Products derived from this software may not be called "OpenSSL" -# nor may "OpenSSL" appear in their names without prior written -# permission of the OpenSSL Project. -# -# 6. Redistributions of any form whatsoever must retain the following -# acknowledgment: -# "This product includes software developed by the OpenSSL Project -# for use in the OpenSSL Toolkit (http://www.openssl.org/)" -# -# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -# OF THE POSSIBILITY OF SUCH DAMAGE. -# ==================================================================== -# -# This product includes cryptographic software written by Eric Young -# (eay@cryptsoft.com). This product includes software written by Tim -# Hudson (tjh@cryptsoft.com). - -use strict; -use TLSProxy::Proxy; - -my $proxy = TLSProxy::Proxy->new( - \&ske_0_p_filter, - @ARGV -); - -#We must use an anon DHE cipher for this test -$proxy->cipherc('ADH-AES128-SHA:@SECLEVEL=0'); -$proxy->ciphers('ADH-AES128-SHA:@SECLEVEL=0'); - -$proxy->start(); -TLSProxy::Message->fail or die "FAILED: ServerKeyExchange with 0 p\n"; - -print "SUCCESS: ServerKeyExchange with 0 p\n"; - -sub ske_0_p_filter -{ - my $proxy = shift; - - # We're only interested in the SKE - always in flight 1 - if ($proxy->flight != 1) { - return; - } - - foreach my $message (@{$proxy->message_list}) { - if ($message->mt == TLSProxy::Message::MT_SERVER_KEY_EXCHANGE) { - #Set p to a value of 0 - $message->p(pack('C', 0)); - - $message->repack(); - } - } -} diff --git a/test/sslvertoltest.pl b/test/sslvertoltest.pl deleted file mode 100755 index 1828a7d1bb..0000000000 --- a/test/sslvertoltest.pl +++ /dev/null @@ -1,93 +0,0 @@ -#!/usr/bin/perl -# Written by Matt Caswell for the OpenSSL project. -# ==================================================================== -# Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in -# the documentation and/or other materials provided with the -# distribution. -# -# 3. All advertising materials mentioning features or use of this -# software must display the following acknowledgment: -# "This product includes software developed by the OpenSSL Project -# for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -# -# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -# endorse or promote products derived from this software without -# prior written permission. For written permission, please contact -# openssl-core@openssl.org. -# -# 5. Products derived from this software may not be called "OpenSSL" -# nor may "OpenSSL" appear in their names without prior written -# permission of the OpenSSL Project. -# -# 6. Redistributions of any form whatsoever must retain the following -# acknowledgment: -# "This product includes software developed by the OpenSSL Project -# for use in the OpenSSL Toolkit (http://www.openssl.org/)" -# -# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -# OF THE POSSIBILITY OF SUCH DAMAGE. -# ==================================================================== -# -# This product includes cryptographic software written by Eric Young -# (eay@cryptsoft.com). This product includes software written by Tim -# Hudson (tjh@cryptsoft.com). - -use strict; -use TLSProxy::Proxy; - -my $proxy = TLSProxy::Proxy->new( - \&vers_tolerance_filter, - @ARGV -); - -#Test 1: Asking for TLS1.3 should pass -my $client_version = TLSProxy::Record::VERS_TLS_1_3; -$proxy->start(); -TLSProxy::Message->success or die "FAILED: Version tolerance test\n"; - -#Test 2: Testing something below SSLv3 should fail -$client_version = TLSProxy::Record::VERS_SSL_3_0 - 1; -$proxy->restart(); -TLSProxy::Message->success and die "FAILED: Version tolerance test\n"; - -print "SUCCESS: Version tolerance test\n"; - -sub vers_tolerance_filter -{ - my $proxy = shift; - - # We're only interested in the initial ClientHello - if ($proxy->flight != 0) { - return; - } - - foreach my $message (@{$proxy->message_list}) { - if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { - #Set the client version - #Anything above the max supported version (TLS1.2) should succeed - #Anything below SSLv3 should fail - $message->client_version($client_version); - $message->repack(); - } - } -}