From c3a48c7b1d19fe884f727713b341d6ffb1530942 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 13 Apr 2017 16:55:45 +0100 Subject: [PATCH] Add a test for CT in TLSv1.3 This also tests the SERVERINFO2 file format. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/3298) --- test/recipes/70-test_tls13messages.t | 44 ++++++++++++++++------------ 1 file changed, 25 insertions(+), 19 deletions(-) diff --git a/test/recipes/70-test_tls13messages.t b/test/recipes/70-test_tls13messages.t index c4e20b7614..c9603de56f 100644 --- a/test/recipes/70-test_tls13messages.t +++ b/test/recipes/70-test_tls13messages.t @@ -126,6 +126,8 @@ $ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); [TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_STATUS_REQUEST, checkhandshake::STATUS_REQUEST_SRV_EXTENSION], + [TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_SCT, + checkhandshake::SCT_SRV_EXTENSION], [0,0,0] ); @@ -257,25 +259,29 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, | checkhandshake::ALPN_SRV_EXTENSION, "ALPN handshake test"); -#Test 13: SCT handshake (client request only) -#TODO(TLS1.3): This only checks that the client side extension appears. The -#SCT extension is unusual in that we have no built-in server side implementation -#The server side implementation can nomrally be added using the custom -#extensions framework (e.g. by using the "-serverinfo" s_server option). However -#currently we only support <= TLS1.2 for custom extensions because the existing -#framework and API has no knowledge of the TLS1.3 messages -$proxy->clear(); -#Note: -ct also sends status_request -$proxy->clientflags("-ct"); -$proxy->serverflags("-status_file " - .srctop_file("test", "recipes", "ocsp-response.der")); -$proxy->start(); -checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, - checkhandshake::DEFAULT_EXTENSIONS - | checkhandshake::SCT_CLI_EXTENSION - | checkhandshake::STATUS_REQUEST_CLI_EXTENSION - | checkhandshake::STATUS_REQUEST_SRV_EXTENSION, - "SCT handshake test"); +SKIP: { + skip "No CT, EC or OCSP support in this OpenSSL build", 1 + if disabled("ct") || disabled("ec") || disabled("ocsp"); + + #Test 13: SCT handshake (client request only) + $proxy->clear(); + #Note: -ct also sends status_request + $proxy->clientflags("-ct"); + $proxy->serverflags("-status_file " + .srctop_file("test", "recipes", "ocsp-response.der") + ." -serverinfo ".srctop_file("test", "serverinfo2.pem")); + $proxy->start(); + checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + | checkhandshake::SCT_CLI_EXTENSION + | checkhandshake::SCT_SRV_EXTENSION + | checkhandshake::STATUS_REQUEST_CLI_EXTENSION + | checkhandshake::STATUS_REQUEST_SRV_EXTENSION, + "SCT handshake test"); +} + + + #Test 14: HRR Handshake $proxy->clear(); -- 2.25.1