The branch master has been updated via f9b1b6644a3a8fc6d617625ad979ee61cb67d381 (commit) via fe7dd5534176d1b04be046fcbaad24430c8727e0 (commit) via 1329b952a675c3c445b73b34bf9f09483fbc759c (commit) via e42c4544c88046a01c53a81aeb9d48685d708cf9 (commit) via 2f97192c78928ab2b2d44ac2f4859c321f57fd1f (commit) via 0086ca4e9bcfc9b8598c81ee356f57130f5fbe5f (commit) from 243ecf19ddc0dc2366de1be5c404d66d483b196d (commit)
- Log ----------------------------------------------------------------- commit f9b1b6644a3a8fc6d617625ad979ee61cb67d381 Author: Matt Caswell <m...@openssl.org> Date: Tue Sep 27 12:24:47 2016 +0100 Add DTLS renegotiation tests Reviewed-by: Rich Salz <rs...@openssl.org> commit fe7dd5534176d1b04be046fcbaad24430c8727e0 Author: Matt Caswell <m...@openssl.org> Date: Tue Sep 27 11:50:43 2016 +0100 Extend the renegotiation tests Add the ability to test both server initiated and client initiated reneg. Reviewed-by: Rich Salz <rs...@openssl.org> commit 1329b952a675c3c445b73b34bf9f09483fbc759c Author: Matt Caswell <m...@openssl.org> Date: Tue Sep 27 10:18:00 2016 +0100 Update README.ssltest.md Add update for testing renegotiation. Also change info on CTLOG_FILE environment variable - which always seems to be required. Reviewed-by: Rich Salz <rs...@openssl.org> commit e42c4544c88046a01c53a81aeb9d48685d708cf9 Author: Matt Caswell <m...@openssl.org> Date: Mon Sep 26 17:25:43 2016 +0100 Add support for testing renegotiation Reviewed-by: Rich Salz <rs...@openssl.org> commit 2f97192c78928ab2b2d44ac2f4859c321f57fd1f Author: Matt Caswell <m...@openssl.org> Date: Mon Sep 26 15:31:20 2016 +0100 Fix a bug in Renegotiation extension construction The conversion to WPACKET broke the construction of the renegotiation extension. Reviewed-by: Rich Salz <rs...@openssl.org> commit 0086ca4e9bcfc9b8598c81ee356f57130f5fbe5f Author: Matt Caswell <m...@openssl.org> Date: Mon Sep 26 14:59:08 2016 +0100 Convert HelloRequest construction to WPACKET Reviewed-by: Rich Salz <rs...@openssl.org> ----------------------------------------------------------------------- Summary of changes: ssl/statem/statem_srvr.c | 7 +- ssl/t1_lib.c | 6 +- test/README.ssltest.md | 14 ++-- test/handshake_helper.c | 116 +++++++++++++++++++++++++++-- test/recipes/80-test_ssl_new.t | 3 +- test/ssl-tests/17-renegotiate.conf | 114 ++++++++++++++++++++++++++++ test/ssl-tests/17-renegotiate.conf.in | 67 +++++++++++++++++ test/ssl-tests/18-dtls-renegotiate.conf | 86 +++++++++++++++++++++ test/ssl-tests/18-dtls-renegotiate.conf.in | 63 ++++++++++++++++ test/ssl_test_ctx.c | 3 +- test/ssl_test_ctx.h | 4 +- 11 files changed, 460 insertions(+), 23 deletions(-) create mode 100644 test/ssl-tests/17-renegotiate.conf create mode 100644 test/ssl-tests/17-renegotiate.conf.in create mode 100644 test/ssl-tests/18-dtls-renegotiate.conf create mode 100644 test/ssl-tests/18-dtls-renegotiate.conf.in diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index fbca5a1..8a2791a 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -831,9 +831,14 @@ static int ssl_check_srp_ext_ClientHello(SSL *s, int *al) int tls_construct_hello_request(SSL *s) { - if (!ssl_set_handshake_header(s, SSL3_MT_HELLO_REQUEST, 0)) { + WPACKET pkt; + + if (!WPACKET_init(&pkt, s->init_buf) + || !ssl_set_handshake_header2(s, &pkt, SSL3_MT_HELLO_REQUEST) + || !ssl_close_construct_packet(s, &pkt)) { SSLerr(SSL_F_TLS_CONSTRUCT_HELLO_REQUEST, ERR_R_INTERNAL_ERROR); ossl_statem_set_error(s); + WPACKET_cleanup(&pkt); return 0; } diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 4733bff..40932fa 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1040,8 +1040,10 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al) /* Add RI if renegotiating */ if (s->renegotiate) { if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_renegotiate) - || !WPACKET_sub_memcpy_u16(pkt, s->s3->previous_client_finished, - s->s3->previous_client_finished_len)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_sub_memcpy_u8(pkt, s->s3->previous_client_finished, + s->s3->previous_client_finished_len) + || !WPACKET_close(pkt)) { SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); return 0; } diff --git a/test/README.ssltest.md b/test/README.ssltest.md index 8923578..e28d4b0 100644 --- a/test/README.ssltest.md +++ b/test/README.ssltest.md @@ -38,7 +38,8 @@ The test section supports the following options * HandshakeMode - which handshake flavour to test: - Simple - plain handshake (default) - Resume - test resumption - - (Renegotiate - test renegotiation, not yet implemented) + - RenegotiateServer - test server initiated renegotiation + - RenegotiateClient - test client initiated renegotiation When HandshakeMode is Resume or Renegotiate, the original handshake is expected to succeed. All configured test expectations are verified against the second @@ -245,20 +246,17 @@ environment variable to point to the location of the certs. E.g., from the root OpenSSL directory, do ``` -$ TEST_CERTS_DIR=test/certs test/ssl_test test/ssl-tests/01-simple.conf +$ CTLOG_FILE=test/ct/log_list.conf TEST_CERTS_DIR=test/certs test/ssl_test \ + test/ssl-tests/01-simple.conf ``` or for shared builds ``` -$ TEST_CERTS_DIR=test/certs util/shlib_wrap.sh test/ssl_test \ - test/ssl-tests/01-simple.conf +$ CTLOG_FILE=test/ct/log_list.conf TEST_CERTS_DIR=test/certs \ + util/shlib_wrap.sh test/ssl_test test/ssl-tests/01-simple.conf ``` -Some tests also need additional environment variables; for example, Certificate -Transparency tests need a `CTLOG_FILE`. See `test/recipes/80-test_ssl_new.t` for -details. - Note that the test expectations sometimes depend on the Configure settings. For example, the negotiated protocol depends on the set of available (enabled) protocols: a build with `enable-ssl3` has different test expectations than a diff --git a/test/handshake_helper.c b/test/handshake_helper.c index 3cfee16..9004489 100644 --- a/test/handshake_helper.c +++ b/test/handshake_helper.c @@ -583,6 +583,85 @@ static void do_app_data_step(PEER *peer) } } +static void do_reneg_setup_step(const SSL_TEST_CTX *test_ctx, PEER *peer) +{ + int ret; + char buf; + + TEST_check(peer->status == PEER_RETRY); + TEST_check(test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_SERVER + || test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_CLIENT); + + /* Check if we are the peer that is going to initiate */ + if ((test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_SERVER + && SSL_is_server(peer->ssl)) + || (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_CLIENT + && !SSL_is_server(peer->ssl))) { + /* + * If we already asked for a renegotiation then fall through to the + * SSL_read() below. + */ + if (!SSL_renegotiate_pending(peer->ssl)) { + /* + * If we are the client we will always attempt to resume the + * session. The server may or may not resume dependant on the + * setting of SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION + */ + if (SSL_is_server(peer->ssl)) + ret = SSL_renegotiate(peer->ssl); + else + ret = SSL_renegotiate_abbreviated(peer->ssl); + if (!ret) { + peer->status = PEER_ERROR; + return; + } + do_handshake_step(peer); + /* + * If status is PEER_RETRY it means we're waiting on the peer to + * continue the handshake. As far as setting up the renegotiation is + * concerned that is a success. The next step will continue the + * handshake to its conclusion. + * + * If status is PEER_SUCCESS then we are the server and we have + * successfully sent the HelloRequest. We need to continue to wait + * until the handshake arrives from the client. + */ + if (peer->status == PEER_RETRY) + peer->status = PEER_SUCCESS; + else if (peer->status == PEER_SUCCESS) + peer->status = PEER_RETRY; + return; + } + } + + /* + * The SSL object is still expecting app data, even though it's going to + * get a handshake message. We try to read, and it should fail - after which + * we should be in a handshake + */ + ret = SSL_read(peer->ssl, &buf, sizeof(buf)); + if (ret >= 0) { + /* + * We're not actually expecting data - we're expecting a reneg to + * start + */ + peer->status = PEER_ERROR; + return; + } else { + int error = SSL_get_error(peer->ssl, ret); + if (error != SSL_ERROR_WANT_READ) { + peer->status = PEER_ERROR; + return; + } + /* If we're no in init yet then we're not done with setup yet */ + if (!SSL_in_init(peer->ssl)) + return; + } + + peer->status = PEER_SUCCESS; +} + + /* * RFC 5246 says: * @@ -617,15 +696,28 @@ static void do_shutdown_step(PEER *peer) typedef enum { HANDSHAKE, + RENEG_APPLICATION_DATA, + RENEG_SETUP, + RENEG_HANDSHAKE, APPLICATION_DATA, SHUTDOWN, CONNECTION_DONE } connect_phase_t; -static connect_phase_t next_phase(connect_phase_t phase) +static connect_phase_t next_phase(const SSL_TEST_CTX *test_ctx, + connect_phase_t phase) { switch (phase) { case HANDSHAKE: + if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_SERVER + || test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_CLIENT) + return RENEG_APPLICATION_DATA; + return APPLICATION_DATA; + case RENEG_APPLICATION_DATA: + return RENEG_SETUP; + case RENEG_SETUP: + return RENEG_HANDSHAKE; + case RENEG_HANDSHAKE: return APPLICATION_DATA; case APPLICATION_DATA: return SHUTDOWN; @@ -638,12 +730,22 @@ static connect_phase_t next_phase(connect_phase_t phase) return -1; } -static void do_connect_step(PEER *peer, connect_phase_t phase) +static void do_connect_step(const SSL_TEST_CTX *test_ctx, PEER *peer, + connect_phase_t phase) { switch (phase) { case HANDSHAKE: do_handshake_step(peer); break; + case RENEG_APPLICATION_DATA: + do_app_data_step(peer); + break; + case RENEG_SETUP: + do_reneg_setup_step(test_ctx, peer); + break; + case RENEG_HANDSHAKE: + do_handshake_step(peer); + break; case APPLICATION_DATA: do_app_data_step(peer); break; @@ -846,18 +948,18 @@ static HANDSHAKE_RESULT *do_handshake_internal( */ for(;;) { if (client_turn) { - do_connect_step(&client, phase); + do_connect_step(test_ctx, &client, phase); status = handshake_status(client.status, server.status, 1 /* client went last */); } else { - do_connect_step(&server, phase); + do_connect_step(test_ctx, &server, phase); status = handshake_status(server.status, client.status, 0 /* server went last */); } switch (status) { case HANDSHAKE_SUCCESS: - phase = next_phase(phase); + phase = next_phase(test_ctx, phase); if (phase == CONNECTION_DONE) { ret->result = SSL_TEST_SUCCESS; goto err; @@ -945,11 +1047,9 @@ HANDSHAKE_RESULT *do_handshake(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, result = do_handshake_internal(server_ctx, server2_ctx, client_ctx, test_ctx, &test_ctx->extra, NULL, &session); - if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_SIMPLE) + if (test_ctx->handshake_mode != SSL_TEST_HANDSHAKE_RESUME) goto end; - TEST_check(test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME); - if (result->result != SSL_TEST_SUCCESS) { result->result = SSL_TEST_FIRST_HANDSHAKE_FAILED; goto end; diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t index 47eab18..54e32bb 100644 --- a/test/recipes/80-test_ssl_new.t +++ b/test/recipes/80-test_ssl_new.t @@ -29,7 +29,7 @@ map { s/\.in// } @conf_files; # We hard-code the number of tests to double-check that the globbing above # finds all files as expected. -plan tests => 16; # = scalar @conf_srcs +plan tests => 18; # = scalar @conf_srcs # Some test results depend on the configuration of enabled protocols. We only # verify generated sources in the default configuration. @@ -73,6 +73,7 @@ my %skip = ( "14-curves.conf" => disabled("tls1_2") || $no_ec || $no_ec2m, "15-certstatus.conf" => $no_ocsp, "16-dtls-certstatus.conf" => $no_dtls || $no_ocsp, + "18-dtls-renegotiate.conf" => $no_dtls, ); foreach my $conf (@conf_files) { diff --git a/test/ssl-tests/17-renegotiate.conf b/test/ssl-tests/17-renegotiate.conf new file mode 100644 index 0000000..c47a956 --- /dev/null +++ b/test/ssl-tests/17-renegotiate.conf @@ -0,0 +1,114 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 4 + +test-0 = 0-renegotiate-client-no-resume +test-1 = 1-renegotiate-client-resume +test-2 = 2-renegotiate-server-no-resume +test-3 = 3-renegotiate-server-resume +# =========================================================== + +[0-renegotiate-client-no-resume] +ssl_conf = 0-renegotiate-client-no-resume-ssl + +[0-renegotiate-client-no-resume-ssl] +server = 0-renegotiate-client-no-resume-server +client = 0-renegotiate-client-no-resume-client + +[0-renegotiate-client-no-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-renegotiate-client-no-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = TLS +ResumptionExpected = No + + +# =========================================================== + +[1-renegotiate-client-resume] +ssl_conf = 1-renegotiate-client-resume-ssl + +[1-renegotiate-client-resume-ssl] +server = 1-renegotiate-client-resume-server +client = 1-renegotiate-client-resume-client + +[1-renegotiate-client-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-renegotiate-client-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = TLS +ResumptionExpected = Yes + + +# =========================================================== + +[2-renegotiate-server-no-resume] +ssl_conf = 2-renegotiate-server-no-resume-ssl + +[2-renegotiate-server-no-resume-ssl] +server = 2-renegotiate-server-no-resume-server +client = 2-renegotiate-server-no-resume-client + +[2-renegotiate-server-no-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-renegotiate-server-no-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success +HandshakeMode = RenegotiateServer +Method = TLS +ResumptionExpected = No + + +# =========================================================== + +[3-renegotiate-server-resume] +ssl_conf = 3-renegotiate-server-resume-ssl + +[3-renegotiate-server-resume-ssl] +server = 3-renegotiate-server-resume-server +client = 3-renegotiate-server-resume-client + +[3-renegotiate-server-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-renegotiate-server-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success +HandshakeMode = RenegotiateServer +Method = TLS +ResumptionExpected = Yes + + diff --git a/test/ssl-tests/17-renegotiate.conf.in b/test/ssl-tests/17-renegotiate.conf.in new file mode 100644 index 0000000..a081617 --- /dev/null +++ b/test/ssl-tests/17-renegotiate.conf.in @@ -0,0 +1,67 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test Renegotiation + +use strict; +use warnings; + +package ssltests; + + +our @tests = ( + { + name => "renegotiate-client-no-resume", + server => { + "Options" => "NoResumptionOnRenegotiation" + }, + client => {}, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-client-resume", + server => {}, + client => {}, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "Yes", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-server-no-resume", + server => { + "Options" => "NoResumptionOnRenegotiation" + }, + client => {}, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-server-resume", + server => {}, + client => {}, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "Yes", + "ExpectedResult" => "Success" + } + }, +); diff --git a/test/ssl-tests/18-dtls-renegotiate.conf b/test/ssl-tests/18-dtls-renegotiate.conf new file mode 100644 index 0000000..32eeaf0 --- /dev/null +++ b/test/ssl-tests/18-dtls-renegotiate.conf @@ -0,0 +1,86 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 3 + +test-0 = 0-renegotiate-client-no-resume +test-1 = 1-renegotiate-client-resume +test-2 = 2-renegotiate-server-resume +# =========================================================== + +[0-renegotiate-client-no-resume] +ssl_conf = 0-renegotiate-client-no-resume-ssl + +[0-renegotiate-client-no-resume-ssl] +server = 0-renegotiate-client-no-resume-server +client = 0-renegotiate-client-no-resume-client + +[0-renegotiate-client-no-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-renegotiate-client-no-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[1-renegotiate-client-resume] +ssl_conf = 1-renegotiate-client-resume-ssl + +[1-renegotiate-client-resume-ssl] +server = 1-renegotiate-client-resume-server +client = 1-renegotiate-client-resume-client + +[1-renegotiate-client-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-renegotiate-client-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = DTLS +ResumptionExpected = Yes + + +# =========================================================== + +[2-renegotiate-server-resume] +ssl_conf = 2-renegotiate-server-resume-ssl + +[2-renegotiate-server-resume-ssl] +server = 2-renegotiate-server-resume-server +client = 2-renegotiate-server-resume-client + +[2-renegotiate-server-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-renegotiate-server-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success +HandshakeMode = RenegotiateServer +Method = DTLS +ResumptionExpected = No + + diff --git a/test/ssl-tests/18-dtls-renegotiate.conf.in b/test/ssl-tests/18-dtls-renegotiate.conf.in new file mode 100644 index 0000000..440fb25 --- /dev/null +++ b/test/ssl-tests/18-dtls-renegotiate.conf.in @@ -0,0 +1,63 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test Renegotiation + +use strict; +use warnings; + +package ssltests; + + +our @tests = ( + { + name => "renegotiate-client-no-resume", + server => { + "Options" => "NoResumptionOnRenegotiation" + }, + client => {}, + test => { + "Method" => "DTLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-client-resume", + server => {}, + client => {}, + test => { + "Method" => "DTLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "Yes", + "ExpectedResult" => "Success" + } + }, +# Note: Unlike the TLS tests, we will never do resumption with server +# initiated reneg. This is because an OpenSSL DTLS client will always do a full +# handshake (i.e. it doesn't supply a session id) when it receives a +# HelloRequest. This is different to the OpenSSL TLS implementation where an +# OpenSSL client will always try an abbreviated handshake (i.e. it will supply +# the session id). This goes all the way to commit 48ae85b6f when abbreviated +# handshake support was first added. Neither behaviour is wrong, but the +# discrepancy is strange. TODO: Should we harmonise the TLS and DTLS behaviour, +# and if so, what to? + { + name => "renegotiate-server-resume", + server => {}, + client => {}, + test => { + "Method" => "DTLS", + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, +); diff --git a/test/ssl_test_ctx.c b/test/ssl_test_ctx.c index ee2e8a1..0a528d8 100644 --- a/test/ssl_test_ctx.c +++ b/test/ssl_test_ctx.c @@ -339,7 +339,8 @@ IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_alpn_protocol) static const test_enum ssl_handshake_modes[] = { {"Simple", SSL_TEST_HANDSHAKE_SIMPLE}, {"Resume", SSL_TEST_HANDSHAKE_RESUME}, - {"Renegotiate", SSL_TEST_HANDSHAKE_RENEGOTIATE}, + {"RenegotiateServer", SSL_TEST_HANDSHAKE_RENEG_SERVER}, + {"RenegotiateClient", SSL_TEST_HANDSHAKE_RENEG_CLIENT}, }; __owur static int parse_handshake_mode(SSL_TEST_CTX *test_ctx, const char *value) diff --git a/test/ssl_test_ctx.h b/test/ssl_test_ctx.h index c8c66d6..14acaff 100644 --- a/test/ssl_test_ctx.h +++ b/test/ssl_test_ctx.h @@ -56,8 +56,8 @@ typedef enum { typedef enum { SSL_TEST_HANDSHAKE_SIMPLE = 0, /* Default */ SSL_TEST_HANDSHAKE_RESUME, - /* Not yet implemented */ - SSL_TEST_HANDSHAKE_RENEGOTIATE + SSL_TEST_HANDSHAKE_RENEG_SERVER, + SSL_TEST_HANDSHAKE_RENEG_CLIENT } ssl_handshake_mode_t; typedef enum { _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits