From 6862de63d469f3148a2ff5a04a6b9ab6413bd5ac Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 23 Apr 2018 17:40:10 +0100 Subject: [PATCH] Add a test to verify the ClientHello version is the same in a reneg Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6059) --- test/recipes/70-test_renegotiation.t | 30 +++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/test/recipes/70-test_renegotiation.t b/test/recipes/70-test_renegotiation.t index 0951487446..734f1cd21e 100644 --- a/test/recipes/70-test_renegotiation.t +++ b/test/recipes/70-test_renegotiation.t @@ -38,7 +38,7 @@ my $proxy = TLSProxy::Proxy->new( $proxy->clientflags("-no_tls1_3"); $proxy->reneg(1); $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; -plan tests => 2; +plan tests => 3; ok(TLSProxy::Message->success(), "Basic renegotiation"); #Test 2: Client does not send the Reneg SCSV. Reneg should fail @@ -49,6 +49,34 @@ $proxy->reneg(1); $proxy->start(); ok(TLSProxy::Message->fail(), "No client SCSV"); +SKIP: { + skip "TLSv1.2 or TLSv1.1 disabled", 1 + if disabled("tls1_2") || disabled("tls1_1"); + #Test 3: Check that the ClientHello version remains the same in the reneg + # handshake + $proxy->clear(); + $proxy->filter(undef); + $proxy->clientflags("-no_tls1_3"); + $proxy->serverflags("-no_tls1_3 -no_tls1_2"); + $proxy->reneg(1); + $proxy->start(); + my $chversion; + my $chmatch = 0; + foreach my $message (@{$proxy->message_list}) { + if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { + if (!defined $chversion) { + $chversion = $message->client_version; + } else { + if ($chversion == $message->client_version) { + $chmatch = 1; + } + } + } + } + ok(TLSProxy::Message->success() && $chmatch, + "Check ClientHello version is the same"); +} + sub reneg_filter { my $proxy = shift; -- 2.25.1