From 83964ca0dac18df510a315ff486ecc346521e15d Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 24 Apr 2017 09:42:28 +0100 Subject: [PATCH] Add support to test_ssl_new for testing with DTLS over SCTP Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/3286) --- test/handshake_helper.c | 202 +++++++++++++++++++---- test/recipes/80-test_ssl_new.t | 3 +- test/ssl-tests/02-protocol-version.conf | 208 ++++++++++++------------ test/ssl-tests/protocol_version.pm | 4 +- test/ssl_test_ctx.c | 2 + test/ssl_test_ctx.h | 2 + 6 files changed, 283 insertions(+), 138 deletions(-) diff --git a/test/handshake_helper.c b/test/handshake_helper.c index 94fa5c578f..4943e82d83 100644 --- a/test/handshake_helper.c +++ b/test/handshake_helper.c @@ -16,6 +16,11 @@ #include #endif +#ifndef OPENSSL_NO_SOCK +# define USE_SOCKETS +# include "e_os.h" +#endif + #include "handshake_helper.h" #include "testutil.h" @@ -631,7 +636,8 @@ static void configure_handshake_ssl(SSL *server, SSL *client, typedef enum { PEER_SUCCESS, PEER_RETRY, - PEER_ERROR + PEER_ERROR, + PEER_WAITING } peer_status_t; /* An SSL object and associated read-write buffers. */ @@ -898,8 +904,8 @@ static void do_shutdown_step(PEER *peer) peer->status = PEER_SUCCESS; } else if (ret < 0) { /* On 0, we retry. */ int error = SSL_get_error(peer->ssl, ret); - /* Memory bios should never block with SSL_ERROR_WANT_WRITE. */ - if (error != SSL_ERROR_WANT_READ) + + if (error != SSL_ERROR_WANT_READ && error != SSL_ERROR_WANT_WRITE) peer->status = PEER_ERROR; } } @@ -1017,18 +1023,13 @@ static handshake_status_t handshake_status(peer_status_t last_status, } case PEER_RETRY: - if (previous_status == PEER_RETRY) { - /* Neither peer is done. */ - return HANDSHAKE_RETRY; - } else { - /* - * Deadlock: second peer is waiting for more input while first - * peer thinks they're done (no more input is coming). - */ - return INTERNAL_ERROR; - } + return HANDSHAKE_RETRY; + case PEER_ERROR: switch (previous_status) { + case PEER_WAITING: + /* The client failed immediately before sending the ClientHello */ + return client_spoke_last ? CLIENT_ERROR : INTERNAL_ERROR; case PEER_SUCCESS: /* * First peer succeeded but second peer errored. @@ -1091,6 +1092,107 @@ static int peer_pkey_type(SSL *s) return NID_undef; } +#if !defined(OPENSSL_NO_SCTP) && !defined(OPENSSL_NO_SOCK) +static int set_sock_as_sctp(int sock) +{ + /* + * For SCTP we have to set various options on the socket prior to + * connecting. This is done automatically by BIO_new_dgram_sctp(). + * We don't actually need the created BIO though so we free it again + * immediately. + */ + BIO *tmpbio = BIO_new_dgram_sctp(sock, BIO_NOCLOSE); + + if (tmpbio == NULL) + return 0; + BIO_free(tmpbio); + + return 1; +} + +static int create_sctp_socks(int *ssock, int *csock) +{ + BIO_ADDRINFO *res = NULL; + const BIO_ADDRINFO *ai = NULL; + int lsock = INVALID_SOCKET, asock = INVALID_SOCKET; + int consock = INVALID_SOCKET; + int ret = 0; + int family = 0; + + if (!BIO_sock_init()) + return 0; + + /* + * Port is 4463. It could be anything. It will fail if it's already being + * used for some other SCTP service. It seems unlikely though so we don't + * worry about it here. + */ + if (!BIO_lookup_ex(NULL, "4463", BIO_LOOKUP_SERVER, family, SOCK_STREAM, + IPPROTO_SCTP, &res)) + return 0; + + for (ai = res; ai != NULL; ai = BIO_ADDRINFO_next(ai)) { + family = BIO_ADDRINFO_family(ai); + lsock = BIO_socket(family, SOCK_STREAM, IPPROTO_SCTP, 0); + if (lsock == INVALID_SOCKET) { + /* Maybe the kernel doesn't support the socket family, even if + * BIO_lookup() added it in the returned result... + */ + continue; + } + + if (!set_sock_as_sctp(lsock) + || !BIO_listen(lsock, BIO_ADDRINFO_address(ai), + BIO_SOCK_REUSEADDR)) { + BIO_closesocket(lsock); + lsock = INVALID_SOCKET; + continue; + } + + /* Success, don't try any more addresses */ + break; + } + + if (lsock == INVALID_SOCKET) + goto err; + + BIO_ADDRINFO_free(res); + res = NULL; + + if (!BIO_lookup_ex(NULL, "4463", BIO_LOOKUP_CLIENT, family, SOCK_STREAM, + IPPROTO_SCTP, &res)) + goto err; + + consock = BIO_socket(family, SOCK_STREAM, IPPROTO_SCTP, 0); + if (consock == INVALID_SOCKET) + goto err; + + if (!set_sock_as_sctp(consock) + || !BIO_connect(consock, BIO_ADDRINFO_address(res), 0) + || !BIO_socket_nbio(consock, 1)) + goto err; + + asock = BIO_accept_ex(lsock, NULL, BIO_SOCK_NONBLOCK); + if (asock == INVALID_SOCKET) + goto err; + + *csock = consock; + *ssock = asock; + consock = asock = INVALID_SOCKET; + ret = 1; + + err: + BIO_ADDRINFO_free(res); + if (consock != INVALID_SOCKET) + BIO_closesocket(consock); + if (lsock != INVALID_SOCKET) + BIO_closesocket(lsock); + if (asock != INVALID_SOCKET) + BIO_closesocket(asock); + return ret; +} +#endif + /* * Note that |extra| points to the correct client/server configuration * within |test_ctx|. When configuring the handshake, general mode settings @@ -1110,7 +1212,7 @@ static HANDSHAKE_RESULT *do_handshake_internal( SSL_SESSION *session_in, SSL_SESSION **session_out) { PEER server, client; - BIO *client_to_server, *server_to_client; + BIO *client_to_server = NULL, *server_to_client = NULL; HANDSHAKE_EX_DATA server_ex_data, client_ex_data; CTX_DATA client_ctx_data, server_ctx_data, server2_ctx_data; HANDSHAKE_RESULT *ret = HANDSHAKE_RESULT_new(); @@ -1125,6 +1227,7 @@ static HANDSHAKE_RESULT *do_handshake_internal( unsigned int proto_len = 0; EVP_PKEY *tmp_key; const STACK_OF(X509_NAME) *names; + time_t start; memset(&server_ctx_data, 0, sizeof(server_ctx_data)); memset(&server2_ctx_data, 0, sizeof(server2_ctx_data)); @@ -1154,8 +1257,19 @@ static HANDSHAKE_RESULT *do_handshake_internal( ret->result = SSL_TEST_INTERNAL_ERROR; - client_to_server = BIO_new(BIO_s_mem()); - server_to_client = BIO_new(BIO_s_mem()); + if (test_ctx->use_sctp) { +#if !defined(OPENSSL_NO_SCTP) && !defined(OPENSSL_NO_SOCK) + int csock, ssock; + + if (create_sctp_socks(&ssock, &csock)) { + client_to_server = BIO_new_dgram_sctp(csock, BIO_CLOSE); + server_to_client = BIO_new_dgram_sctp(ssock, BIO_CLOSE); + } +#endif + } else { + client_to_server = BIO_new(BIO_s_mem()); + server_to_client = BIO_new(BIO_s_mem()); + } TEST_check(client_to_server != NULL); TEST_check(server_to_client != NULL); @@ -1168,10 +1282,15 @@ static HANDSHAKE_RESULT *do_handshake_internal( SSL_set_accept_state(server.ssl); /* The bios are now owned by the SSL object. */ - SSL_set_bio(client.ssl, server_to_client, client_to_server); - TEST_check(BIO_up_ref(server_to_client) > 0); - TEST_check(BIO_up_ref(client_to_server) > 0); - SSL_set_bio(server.ssl, client_to_server, server_to_client); + if (test_ctx->use_sctp) { + SSL_set_bio(client.ssl, client_to_server, client_to_server); + SSL_set_bio(server.ssl, server_to_client, server_to_client); + } else { + SSL_set_bio(client.ssl, server_to_client, client_to_server); + TEST_check(BIO_up_ref(server_to_client) > 0); + TEST_check(BIO_up_ref(client_to_server) > 0); + SSL_set_bio(server.ssl, client_to_server, server_to_client); + } ex_data_idx = SSL_get_ex_new_index(0, "ex data", NULL, NULL, NULL); TEST_check(ex_data_idx >= 0); @@ -1182,7 +1301,10 @@ static HANDSHAKE_RESULT *do_handshake_internal( SSL_set_info_callback(server.ssl, &info_cb); SSL_set_info_callback(client.ssl, &info_cb); - client.status = server.status = PEER_RETRY; + client.status = PEER_RETRY; + server.status = PEER_WAITING; + + start = time(NULL); /* * Half-duplex handshake loop. @@ -1197,6 +1319,8 @@ static HANDSHAKE_RESULT *do_handshake_internal( do_connect_step(test_ctx, &client, phase); status = handshake_status(client.status, server.status, 1 /* client went last */); + if (server.status == PEER_WAITING) + server.status = PEER_RETRY; } else { do_connect_step(test_ctx, &server, phase); status = handshake_status(server.status, client.status, @@ -1231,18 +1355,36 @@ static HANDSHAKE_RESULT *do_handshake_internal( ret->result = SSL_TEST_INTERNAL_ERROR; goto err; case HANDSHAKE_RETRY: - if (client_turn_count++ >= 2000) { + if (test_ctx->use_sctp) { + if (time(NULL) - start > 3) { + /* + * We've waited for too long. Give up. + */ + ret->result = SSL_TEST_INTERNAL_ERROR; + goto err; + } /* - * At this point, there's been so many PEER_RETRY in a row - * that it's likely both sides are stuck waiting for a read. - * It's time to give up. + * With "real" sockets we only swap to processing the peer + * if they are expecting to retry. Otherwise we just retry the + * same endpoint again. */ - ret->result = SSL_TEST_INTERNAL_ERROR; - goto err; - } + if ((client_turn && server.status == PEER_RETRY) + || (!client_turn && client.status == PEER_RETRY)) + client_turn ^= 1; + } else { + if (client_turn_count++ >= 2000) { + /* + * At this point, there's been so many PEER_RETRY in a row + * that it's likely both sides are stuck waiting for a read. + * It's time to give up. + */ + ret->result = SSL_TEST_INTERNAL_ERROR; + goto err; + } - /* Continue. */ - client_turn ^= 1; + /* Continue. */ + client_turn ^= 1; + } break; } } diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t index 50057948b7..3c13b433d0 100644 --- a/test/recipes/80-test_ssl_new.t +++ b/test/recipes/80-test_ssl_new.t @@ -60,8 +60,9 @@ my %conf_dependent_tests = ( "07-dtls-protocol-version.conf" => !$is_default_dtls, "10-resumption.conf" => !$is_default_tls, "11-dtls_resumption.conf" => !$is_default_dtls, + "16-dtls-certstatus.conf" => !$is_default_dtls || !disabled("sctp"), "17-renegotiate.conf" => disabled("tls1_2"), - "18-dtls-renegotiate.conf" => disabled("dtls1_2"), + "18-dtls-renegotiate.conf" => disabled("dtls1_2") || !disabled("sctp"), "19-mac-then-encrypt.conf" => !$is_default_tls, "20-cert-select.conf" => !$is_default_tls || $no_dh || $no_dsa, "22-compression.conf" => !$is_default_tls, diff --git a/test/ssl-tests/02-protocol-version.conf b/test/ssl-tests/02-protocol-version.conf index d5e0779156..f18d6a3471 100644 --- a/test/ssl-tests/02-protocol-version.conf +++ b/test/ssl-tests/02-protocol-version.conf @@ -700,7 +700,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-0] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -725,7 +725,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-1] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -750,7 +750,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-2] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -775,7 +775,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-3] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -800,7 +800,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-4] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -824,7 +824,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-5] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -850,7 +850,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-6] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -876,7 +876,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-7] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -902,7 +902,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-8] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -928,7 +928,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-9] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -954,7 +954,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-10] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -979,7 +979,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-11] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -1005,7 +1005,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-12] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -1031,7 +1031,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-13] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -1057,7 +1057,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-14] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -1083,7 +1083,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-15] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -1108,7 +1108,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-16] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -1134,7 +1134,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-17] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -1160,7 +1160,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-18] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -1186,7 +1186,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-19] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -1211,7 +1211,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-20] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -1237,7 +1237,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-21] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -1263,7 +1263,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-22] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -1288,7 +1288,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-23] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -1314,7 +1314,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-24] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -1339,7 +1339,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-25] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -4759,7 +4759,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-156] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -4785,7 +4785,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-157] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -4811,7 +4811,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-158] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -4837,7 +4837,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-159] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -4863,7 +4863,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-160] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -4888,7 +4888,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-161] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -4915,7 +4915,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-162] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -4942,7 +4942,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-163] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -4969,7 +4969,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-164] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -4996,7 +4996,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-165] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -5023,7 +5023,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-166] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -5049,7 +5049,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-167] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -5076,7 +5076,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-168] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -5103,7 +5103,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-169] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -5130,7 +5130,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-170] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -5157,7 +5157,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-171] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -5183,7 +5183,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-172] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -5210,7 +5210,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-173] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -5237,7 +5237,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-174] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -5264,7 +5264,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-175] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -5290,7 +5290,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-176] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -5317,7 +5317,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-177] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -5344,7 +5344,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-178] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -5370,7 +5370,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-179] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -5397,7 +5397,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-180] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -5423,7 +5423,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-181] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -17393,7 +17393,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-624] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -17419,7 +17419,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-625] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -17445,7 +17445,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-626] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -17471,7 +17471,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-627] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -17497,7 +17497,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-628] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -17522,7 +17522,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-629] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -17549,7 +17549,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-630] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -17576,7 +17576,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-631] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -17603,7 +17603,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-632] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -17630,7 +17630,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-633] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -17657,7 +17657,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-634] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -17683,7 +17683,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-635] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -17710,7 +17710,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-636] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -17737,7 +17737,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-637] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -17764,7 +17764,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-638] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -17791,7 +17791,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-639] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -17817,7 +17817,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-640] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -17844,7 +17844,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-641] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -17871,7 +17871,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-642] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -17898,7 +17898,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-643] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -17924,7 +17924,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-644] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -17951,7 +17951,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-645] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -17978,7 +17978,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-646] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -18004,7 +18004,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-647] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -18031,7 +18031,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-648] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -18057,7 +18057,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-649] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -18082,7 +18082,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-650] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -18107,7 +18107,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-651] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -18132,7 +18132,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-652] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -18157,7 +18157,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-653] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -18182,7 +18182,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-654] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -18206,7 +18206,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-655] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -18232,7 +18232,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-656] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -18258,7 +18258,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-657] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -18284,7 +18284,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-658] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -18310,7 +18310,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-659] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -18336,7 +18336,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-660] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -18361,7 +18361,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-661] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -18387,7 +18387,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-662] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -18413,7 +18413,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-663] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -18439,7 +18439,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-664] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -18465,7 +18465,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-665] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -18490,7 +18490,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-666] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -18516,7 +18516,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-667] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -18542,7 +18542,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-668] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -18568,7 +18568,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-669] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -18593,7 +18593,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-670] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -18619,7 +18619,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-671] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -18645,7 +18645,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-672] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -18670,7 +18670,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-673] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -18696,7 +18696,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-674] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -18721,6 +18721,6 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-675] -ExpectedResult = InternalError +ExpectedResult = ClientFail diff --git a/test/ssl-tests/protocol_version.pm b/test/ssl-tests/protocol_version.pm index 7c28bcf0f6..5da3eda3d9 100644 --- a/test/ssl-tests/protocol_version.pm +++ b/test/ssl-tests/protocol_version.pm @@ -244,9 +244,7 @@ sub expected_result { if ($c_min > $c_max) { # Client should fail to even send a hello. - # This results in an internal error since the server will be - # waiting for input that never arrives. - return ("InternalError", undef); + return ("ClientFail", undef); } elsif ($s_min > $s_max) { # Server has no protocols, should always fail. return ("ServerFail", undef); diff --git a/test/ssl_test_ctx.c b/test/ssl_test_ctx.c index 6a3b9d1ebd..424eae8ee9 100644 --- a/test/ssl_test_ctx.c +++ b/test/ssl_test_ctx.c @@ -406,6 +406,7 @@ const char *ssl_ct_validation_name(ssl_ct_validation_t mode) IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, resumption_expected) IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_SERVER_CONF, server, broken_session_ticket) +IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, use_sctp) /* CertStatus */ @@ -590,6 +591,7 @@ static const ssl_test_ctx_option ssl_test_ctx_options[] = { { "ExpectedClientSignHash", &parse_expected_client_sign_hash }, { "ExpectedClientSignType", &parse_expected_client_sign_type }, { "ExpectedClientCANames", &parse_expected_client_ca_names }, + { "UseSCTP", &parse_test_use_sctp }, }; /* Nested client options. */ diff --git a/test/ssl_test_ctx.h b/test/ssl_test_ctx.h index 54cefb6368..ebeddde3d7 100644 --- a/test/ssl_test_ctx.h +++ b/test/ssl_test_ctx.h @@ -198,6 +198,8 @@ typedef struct { int expected_client_sign_type; /* Expected CA names for client auth */ STACK_OF(X509_NAME) *expected_client_ca_names; + /* Whether to use SCTP for the transport */ + int use_sctp; } SSL_TEST_CTX; const char *ssl_test_result_name(ssl_test_result_t result); -- 2.25.1