[openssl-commits] [openssl] master update
Emilia Kasper
emilia at openssl.org
Mon Aug 8 14:13:49 UTC 2016
The branch master has been updated
via 2ac6bdc02931ead9e028d6e41640b035e78bc722 (commit)
from 7b7cea6d712c35d52b4e2031c8a9410866e2aab6 (commit)
- Log -----------------------------------------------------------------
commit 2ac6bdc02931ead9e028d6e41640b035e78bc722
Author: Emilia Kasper <emilia at openssl.org>
Date: Mon Aug 8 14:42:08 2016 +0200
NPN and ALPN: test resumption
In NPN and ALPN, the protocol is renegotiated upon resumption. Test that
resumption picks up changes to the extension.
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
test/recipes/80-test_ssl_old.t | 18 +--
test/ssl-tests/08-npn.conf | 356 ++++++++++++++++++++++++++++++++++++++++-
test/ssl-tests/08-npn.conf.in | 211 ++++++++++++++++++++++--
test/ssl-tests/09-alpn.conf | 260 +++++++++++++++++++++++++++++-
test/ssl-tests/09-alpn.conf.in | 155 ++++++++++++++++--
test/ssl_test.tmpl | 2 +-
6 files changed, 950 insertions(+), 52 deletions(-)
diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
index 8f43d6b..631adbf 100644
--- a/test/recipes/80-test_ssl_old.t
+++ b/test/recipes/80-test_ssl_old.t
@@ -79,7 +79,7 @@ my $client_sess="client.ss";
# new format in ssl_test.c and add recipes to 80-test_ssl_new.t instead.
plan tests =>
1 # For testss
- +9 # For the first testssl
+ +8 # For the first testssl
;
subtest 'test_ss' => sub {
@@ -526,22 +526,6 @@ sub testssl {
};
- subtest 'Next Protocol Negotiation Tests' => sub {
- ######################################################################
-
- plan tests => 2;
-
- SKIP: {
- skip "TLSv1.0 is not supported by this OpenSSL build", 2
- if $no_tls1;
- skip "Next Protocol Negotiation is not supported by this OpenSSL build", 2
- if disabled("nextprotoneg");
-
- ok(run(test([@ssltest, "-bio_pair", "-tls1", "-npn_client", "-npn_server", "-num", "2"])));
- ok(run(test([@ssltest, "-bio_pair", "-tls1", "-npn_client", "-npn_server", "-num", "2", "-reuse"])));
- }
- };
-
subtest 'Custom Extension tests' => sub {
######################################################################
diff --git a/test/ssl-tests/08-npn.conf b/test/ssl-tests/08-npn.conf
index 97d1d9f..9115ef4 100644
--- a/test/ssl-tests/08-npn.conf
+++ b/test/ssl-tests/08-npn.conf
@@ -1,6 +1,6 @@
# Generated with generate_ssl_tests.pl
-num_tests = 12
+num_tests = 20
test-0 = 0-npn-simple
test-1 = 1-npn-client-finds-match
@@ -14,6 +14,14 @@ test-8 = 8-npn-selected-sni-server-supports-npn
test-9 = 9-npn-selected-sni-server-does-not-support-npn
test-10 = 10-alpn-preferred-over-npn
test-11 = 11-sni-npn-preferred-over-alpn
+test-12 = 12-npn-simple-resumption
+test-13 = 13-npn-server-switch-resumption
+test-14 = 14-npn-client-switch-resumption
+test-15 = 15-npn-client-first-pref-on-mismatch-resumption
+test-16 = 16-npn-no-server-support-resumption
+test-17 = 17-npn-no-client-support-resumption
+test-18 = 18-alpn-preferred-over-npn-resumption
+test-19 = 19-npn-used-if-alpn-not-supported-resumption
# ===========================================================
[0-npn-simple]
@@ -438,3 +446,349 @@ NPNProtocols = bar
ServerName = server2
+# ===========================================================
+
+[12-npn-simple-resumption]
+ssl_conf = 12-npn-simple-resumption-ssl
+
+[12-npn-simple-resumption-ssl]
+server = 12-npn-simple-resumption-server
+client = 12-npn-simple-resumption-client
+resume-server = 12-npn-simple-resumption-server
+resume-client = 12-npn-simple-resumption-client
+
+[12-npn-simple-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[12-npn-simple-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-12]
+ExpectedNPNProtocol = foo
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 12-npn-simple-resumption-server-extra
+resume-server = 12-npn-simple-resumption-server-extra
+client = 12-npn-simple-resumption-client-extra
+resume-client = 12-npn-simple-resumption-client-extra
+
+[12-npn-simple-resumption-server-extra]
+NPNProtocols = foo
+
+[12-npn-simple-resumption-client-extra]
+NPNProtocols = foo
+
+
+# ===========================================================
+
+[13-npn-server-switch-resumption]
+ssl_conf = 13-npn-server-switch-resumption-ssl
+
+[13-npn-server-switch-resumption-ssl]
+server = 13-npn-server-switch-resumption-server
+client = 13-npn-server-switch-resumption-client
+resume-server = 13-npn-server-switch-resumption-resume-server
+resume-client = 13-npn-server-switch-resumption-client
+
+[13-npn-server-switch-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[13-npn-server-switch-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[13-npn-server-switch-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-13]
+ExpectedNPNProtocol = baz
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 13-npn-server-switch-resumption-server-extra
+resume-server = 13-npn-server-switch-resumption-resume-server-extra
+client = 13-npn-server-switch-resumption-client-extra
+resume-client = 13-npn-server-switch-resumption-client-extra
+
+[13-npn-server-switch-resumption-server-extra]
+NPNProtocols = bar,foo
+
+[13-npn-server-switch-resumption-resume-server-extra]
+NPNProtocols = baz,foo
+
+[13-npn-server-switch-resumption-client-extra]
+NPNProtocols = foo,bar,baz
+
+
+# ===========================================================
+
+[14-npn-client-switch-resumption]
+ssl_conf = 14-npn-client-switch-resumption-ssl
+
+[14-npn-client-switch-resumption-ssl]
+server = 14-npn-client-switch-resumption-server
+client = 14-npn-client-switch-resumption-client
+resume-server = 14-npn-client-switch-resumption-server
+resume-client = 14-npn-client-switch-resumption-resume-client
+
+[14-npn-client-switch-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[14-npn-client-switch-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[14-npn-client-switch-resumption-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-14]
+ExpectedNPNProtocol = bar
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 14-npn-client-switch-resumption-server-extra
+resume-server = 14-npn-client-switch-resumption-server-extra
+client = 14-npn-client-switch-resumption-client-extra
+resume-client = 14-npn-client-switch-resumption-resume-client-extra
+
+[14-npn-client-switch-resumption-server-extra]
+NPNProtocols = foo,bar,baz
+
+[14-npn-client-switch-resumption-client-extra]
+NPNProtocols = foo,baz
+
+[14-npn-client-switch-resumption-resume-client-extra]
+NPNProtocols = bar,baz
+
+
+# ===========================================================
+
+[15-npn-client-first-pref-on-mismatch-resumption]
+ssl_conf = 15-npn-client-first-pref-on-mismatch-resumption-ssl
+
+[15-npn-client-first-pref-on-mismatch-resumption-ssl]
+server = 15-npn-client-first-pref-on-mismatch-resumption-server
+client = 15-npn-client-first-pref-on-mismatch-resumption-client
+resume-server = 15-npn-client-first-pref-on-mismatch-resumption-resume-server
+resume-client = 15-npn-client-first-pref-on-mismatch-resumption-client
+
+[15-npn-client-first-pref-on-mismatch-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[15-npn-client-first-pref-on-mismatch-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[15-npn-client-first-pref-on-mismatch-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-15]
+ExpectedNPNProtocol = foo
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 15-npn-client-first-pref-on-mismatch-resumption-server-extra
+resume-server = 15-npn-client-first-pref-on-mismatch-resumption-resume-server-extra
+client = 15-npn-client-first-pref-on-mismatch-resumption-client-extra
+resume-client = 15-npn-client-first-pref-on-mismatch-resumption-client-extra
+
+[15-npn-client-first-pref-on-mismatch-resumption-server-extra]
+NPNProtocols = bar
+
+[15-npn-client-first-pref-on-mismatch-resumption-resume-server-extra]
+NPNProtocols = baz
+
+[15-npn-client-first-pref-on-mismatch-resumption-client-extra]
+NPNProtocols = foo,bar
+
+
+# ===========================================================
+
+[16-npn-no-server-support-resumption]
+ssl_conf = 16-npn-no-server-support-resumption-ssl
+
+[16-npn-no-server-support-resumption-ssl]
+server = 16-npn-no-server-support-resumption-server
+client = 16-npn-no-server-support-resumption-client
+resume-server = 16-npn-no-server-support-resumption-resume-server
+resume-client = 16-npn-no-server-support-resumption-client
+
+[16-npn-no-server-support-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[16-npn-no-server-support-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[16-npn-no-server-support-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-16]
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 16-npn-no-server-support-resumption-server-extra
+client = 16-npn-no-server-support-resumption-client-extra
+resume-client = 16-npn-no-server-support-resumption-client-extra
+
+[16-npn-no-server-support-resumption-server-extra]
+NPNProtocols = foo
+
+[16-npn-no-server-support-resumption-client-extra]
+NPNProtocols = foo
+
+
+# ===========================================================
+
+[17-npn-no-client-support-resumption]
+ssl_conf = 17-npn-no-client-support-resumption-ssl
+
+[17-npn-no-client-support-resumption-ssl]
+server = 17-npn-no-client-support-resumption-server
+client = 17-npn-no-client-support-resumption-client
+resume-server = 17-npn-no-client-support-resumption-server
+resume-client = 17-npn-no-client-support-resumption-resume-client
+
+[17-npn-no-client-support-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[17-npn-no-client-support-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[17-npn-no-client-support-resumption-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-17]
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 17-npn-no-client-support-resumption-server-extra
+resume-server = 17-npn-no-client-support-resumption-server-extra
+client = 17-npn-no-client-support-resumption-client-extra
+
+[17-npn-no-client-support-resumption-server-extra]
+NPNProtocols = foo
+
+[17-npn-no-client-support-resumption-client-extra]
+NPNProtocols = foo
+
+
+# ===========================================================
+
+[18-alpn-preferred-over-npn-resumption]
+ssl_conf = 18-alpn-preferred-over-npn-resumption-ssl
+
+[18-alpn-preferred-over-npn-resumption-ssl]
+server = 18-alpn-preferred-over-npn-resumption-server
+client = 18-alpn-preferred-over-npn-resumption-client
+resume-server = 18-alpn-preferred-over-npn-resumption-resume-server
+resume-client = 18-alpn-preferred-over-npn-resumption-client
+
+[18-alpn-preferred-over-npn-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[18-alpn-preferred-over-npn-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[18-alpn-preferred-over-npn-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-18]
+ExpectedALPNProtocol = foo
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 18-alpn-preferred-over-npn-resumption-server-extra
+resume-server = 18-alpn-preferred-over-npn-resumption-resume-server-extra
+client = 18-alpn-preferred-over-npn-resumption-client-extra
+resume-client = 18-alpn-preferred-over-npn-resumption-client-extra
+
+[18-alpn-preferred-over-npn-resumption-server-extra]
+NPNProtocols = bar
+
+[18-alpn-preferred-over-npn-resumption-resume-server-extra]
+ALPNProtocols = foo
+NPNProtocols = baz
+
+[18-alpn-preferred-over-npn-resumption-client-extra]
+ALPNProtocols = foo
+NPNProtocols = bar,baz
+
+
+# ===========================================================
+
+[19-npn-used-if-alpn-not-supported-resumption]
+ssl_conf = 19-npn-used-if-alpn-not-supported-resumption-ssl
+
+[19-npn-used-if-alpn-not-supported-resumption-ssl]
+server = 19-npn-used-if-alpn-not-supported-resumption-server
+client = 19-npn-used-if-alpn-not-supported-resumption-client
+resume-server = 19-npn-used-if-alpn-not-supported-resumption-resume-server
+resume-client = 19-npn-used-if-alpn-not-supported-resumption-client
+
+[19-npn-used-if-alpn-not-supported-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[19-npn-used-if-alpn-not-supported-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[19-npn-used-if-alpn-not-supported-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-19]
+ExpectedNPNProtocol = baz
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 19-npn-used-if-alpn-not-supported-resumption-server-extra
+resume-server = 19-npn-used-if-alpn-not-supported-resumption-resume-server-extra
+client = 19-npn-used-if-alpn-not-supported-resumption-client-extra
+resume-client = 19-npn-used-if-alpn-not-supported-resumption-client-extra
+
+[19-npn-used-if-alpn-not-supported-resumption-server-extra]
+ALPNProtocols = foo
+NPNProtocols = bar
+
+[19-npn-used-if-alpn-not-supported-resumption-resume-server-extra]
+NPNProtocols = baz
+
+[19-npn-used-if-alpn-not-supported-resumption-client-extra]
+ALPNProtocols = foo
+NPNProtocols = bar,baz
+
+
diff --git a/test/ssl-tests/08-npn.conf.in b/test/ssl-tests/08-npn.conf.in
index 56ccaea..8a1f4ec 100644
--- a/test/ssl-tests/08-npn.conf.in
+++ b/test/ssl-tests/08-npn.conf.in
@@ -29,7 +29,7 @@ our @tests = (
},
},
test => {
- "ExpectedNPNProtocol" => "foo",
+ "ExpectedNPNProtocol" => "foo",
},
},
{
@@ -45,7 +45,7 @@ our @tests = (
},
},
test => {
- "ExpectedNPNProtocol" => "bar",
+ "ExpectedNPNProtocol" => "bar",
},
},
{
@@ -61,7 +61,7 @@ our @tests = (
},
},
test => {
- "ExpectedNPNProtocol" => "bar",
+ "ExpectedNPNProtocol" => "bar",
},
},
{
@@ -77,7 +77,7 @@ our @tests = (
},
},
test => {
- "ExpectedNPNProtocol" => "foo",
+ "ExpectedNPNProtocol" => "foo",
},
},
{
@@ -89,7 +89,7 @@ our @tests = (
},
},
test => {
- "ExpectedNPNProtocol" => undef,
+ "ExpectedNPNProtocol" => undef,
},
},
{
@@ -101,7 +101,7 @@ our @tests = (
},
client => { },
test => {
- "ExpectedNPNProtocol" => undef,
+ "ExpectedNPNProtocol" => undef,
},
},
{
@@ -124,8 +124,8 @@ our @tests = (
},
},
test => {
- "ExpectedServerName" => "server1",
- "ExpectedNPNProtocol" => "foo",
+ "ExpectedServerName" => "server1",
+ "ExpectedNPNProtocol" => "foo",
},
},
{
@@ -148,8 +148,8 @@ our @tests = (
},
},
test => {
- "ExpectedServerName" => "server2",
- "ExpectedNPNProtocol" => "bar",
+ "ExpectedServerName" => "server2",
+ "ExpectedNPNProtocol" => "bar",
},
},
{
@@ -171,8 +171,8 @@ our @tests = (
},
},
test => {
- "ExpectedServerName" => "server2",
- "ExpectedNPNProtocol" => "bar",
+ "ExpectedServerName" => "server2",
+ "ExpectedNPNProtocol" => "bar",
},
},
{
@@ -210,8 +210,8 @@ our @tests = (
},
},
test => {
- "ExpectedALPNProtocol" => "foo",
- "ExpectedNPNProtocol" => undef,
+ "ExpectedALPNProtocol" => "foo",
+ "ExpectedNPNProtocol" => undef,
},
},
{
@@ -235,9 +235,186 @@ our @tests = (
},
},
test => {
- "ExpectedALPNProtocol" => undef,
- "ExpectedNPNProtocol" => "bar",
- "ExpectedServerName" => "server2",
+ "ExpectedALPNProtocol" => undef,
+ "ExpectedNPNProtocol" => "bar",
+ "ExpectedServerName" => "server2",
+ },
+ },
+ {
+ name => "npn-simple-resumption",
+ server => {
+ extra => {
+ "NPNProtocols" => "foo",
+ },
+ },
+ client => {
+ extra => {
+ "NPNProtocols" => "foo",
+ },
+ },
+ test => {
+ "HandshakeMode" => "Resume",
+ "ResumptionExpected" => "Yes",
+ "ExpectedNPNProtocol" => "foo",
+ },
+ },
+ {
+ name => "npn-server-switch-resumption",
+ server => {
+ extra => {
+ "NPNProtocols" => "bar,foo",
+ },
+ },
+ resume_server => {
+ extra => {
+ "NPNProtocols" => "baz,foo",
+ },
+ },
+ client => {
+ extra => {
+ "NPNProtocols" => "foo,bar,baz",
+ },
+ },
+ test => {
+ "HandshakeMode" => "Resume",
+ "ResumptionExpected" => "Yes",
+ "ExpectedNPNProtocol" => "baz",
+ },
+ },
+ {
+ name => "npn-client-switch-resumption",
+ server => {
+ extra => {
+ "NPNProtocols" => "foo,bar,baz",
+ },
+ },
+ client => {
+ extra => {
+ "NPNProtocols" => "foo,baz",
+ },
+ },
+ resume_client => {
+ extra => {
+ "NPNProtocols" => "bar,baz",
+ },
+ },
+ test => {
+ "HandshakeMode" => "Resume",
+ "ResumptionExpected" => "Yes",
+ "ExpectedNPNProtocol" => "bar",
+ },
+ },
+ {
+ name => "npn-client-first-pref-on-mismatch-resumption",
+ server => {
+ extra => {
+ "NPNProtocols" => "bar",
+ },
+ },
+ resume_server => {
+ extra => {
+ "NPNProtocols" => "baz",
+ },
+ },
+ client => {
+ extra => {
+ "NPNProtocols" => "foo,bar",
+ },
+ },
+ test => {
+ "HandshakeMode" => "Resume",
+ "ResumptionExpected" => "Yes",
+ "ExpectedNPNProtocol" => "foo",
+ },
+ },
+ {
+ name => "npn-no-server-support-resumption",
+ server => {
+ extra => {
+ "NPNProtocols" => "foo",
+ },
+ },
+ resume_server => { },
+ client => {
+ extra => {
+ "NPNProtocols" => "foo",
+ },
+ },
+ test => {
+ "HandshakeMode" => "Resume",
+ "ResumptionExpected" => "Yes",
+ "ExpectedNPNProtocol" => undef,
+ },
+ },
+ {
+ name => "npn-no-client-support-resumption",
+ server => {
+ extra => {
+ "NPNProtocols" => "foo",
+ },
+ },
+ client => {
+ extra => {
+ "NPNProtocols" => "foo",
+ },
+ },
+ resume_client => { },
+ test => {
+ "HandshakeMode" => "Resume",
+ "ResumptionExpected" => "Yes",
+ "ExpectedNPNProtocol" => undef,
+ },
+ },
+ {
+ name => "alpn-preferred-over-npn-resumption",
+ server => {
+ extra => {
+ "NPNProtocols" => "bar",
+ },
+ },
+ resume_server => {
+ extra => {
+ "ALPNProtocols" => "foo",
+ "NPNProtocols" => "baz",
+ },
+ },
+ client => {
+ extra => {
+ "ALPNProtocols" => "foo",
+ "NPNProtocols" => "bar,baz",
+ },
+ },
+ test => {
+ "HandshakeMode" => "Resume",
+ "ResumptionExpected" => "Yes",
+ "ExpectedALPNProtocol" => "foo",
+ "ExpectedNPNProtocol" => undef,
+ },
+ },
+ {
+ name => "npn-used-if-alpn-not-supported-resumption",
+ server => {
+ extra => {
+ "ALPNProtocols" => "foo",
+ "NPNProtocols" => "bar",
+ },
+ },
+ resume_server => {
+ extra => {
+ "NPNProtocols" => "baz",
+ },
+ },
+ client => {
+ extra => {
+ "ALPNProtocols" => "foo",
+ "NPNProtocols" => "bar,baz",
+ },
+ },
+ test => {
+ "HandshakeMode" => "Resume",
+ "ResumptionExpected" => "Yes",
+ "ExpectedALPNProtocol" => undef,
+ "ExpectedNPNProtocol" => "baz",
},
},
);
diff --git a/test/ssl-tests/09-alpn.conf b/test/ssl-tests/09-alpn.conf
index 58ddff3..e7e6cb9 100644
--- a/test/ssl-tests/09-alpn.conf
+++ b/test/ssl-tests/09-alpn.conf
@@ -1,6 +1,6 @@
# Generated with generate_ssl_tests.pl
-num_tests = 10
+num_tests = 16
test-0 = 0-alpn-simple
test-1 = 1-alpn-server-finds-match
@@ -12,6 +12,12 @@ test-6 = 6-alpn-with-sni-no-context-switch
test-7 = 7-alpn-with-sni-context-switch
test-8 = 8-alpn-selected-sni-server-supports-alpn
test-9 = 9-alpn-selected-sni-server-does-not-support-alpn
+test-10 = 10-alpn-simple-resumption
+test-11 = 11-alpn-server-switch-resumption
+test-12 = 12-alpn-client-switch-resumption
+test-13 = 13-alpn-alert-on-mismatch-resumption
+test-14 = 14-alpn-no-server-support-resumption
+test-15 = 15-alpn-no-client-support-resumption
# ===========================================================
[0-alpn-simple]
@@ -359,3 +365,255 @@ ALPNProtocols = foo,bar
ServerName = server2
+# ===========================================================
+
+[10-alpn-simple-resumption]
+ssl_conf = 10-alpn-simple-resumption-ssl
+
+[10-alpn-simple-resumption-ssl]
+server = 10-alpn-simple-resumption-server
+client = 10-alpn-simple-resumption-client
+resume-server = 10-alpn-simple-resumption-server
+resume-client = 10-alpn-simple-resumption-client
+
+[10-alpn-simple-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[10-alpn-simple-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-10]
+ExpectedALPNProtocol = foo
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 10-alpn-simple-resumption-server-extra
+resume-server = 10-alpn-simple-resumption-server-extra
+client = 10-alpn-simple-resumption-client-extra
+resume-client = 10-alpn-simple-resumption-client-extra
+
+[10-alpn-simple-resumption-server-extra]
+ALPNProtocols = foo
+
+[10-alpn-simple-resumption-client-extra]
+ALPNProtocols = foo
+
+
+# ===========================================================
+
+[11-alpn-server-switch-resumption]
+ssl_conf = 11-alpn-server-switch-resumption-ssl
+
+[11-alpn-server-switch-resumption-ssl]
+server = 11-alpn-server-switch-resumption-server
+client = 11-alpn-server-switch-resumption-client
+resume-server = 11-alpn-server-switch-resumption-resume-server
+resume-client = 11-alpn-server-switch-resumption-client
+
+[11-alpn-server-switch-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[11-alpn-server-switch-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[11-alpn-server-switch-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-11]
+ExpectedALPNProtocol = baz
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 11-alpn-server-switch-resumption-server-extra
+resume-server = 11-alpn-server-switch-resumption-resume-server-extra
+client = 11-alpn-server-switch-resumption-client-extra
+resume-client = 11-alpn-server-switch-resumption-client-extra
+
+[11-alpn-server-switch-resumption-server-extra]
+ALPNProtocols = bar,foo
+
+[11-alpn-server-switch-resumption-resume-server-extra]
+ALPNProtocols = baz,foo
+
+[11-alpn-server-switch-resumption-client-extra]
+ALPNProtocols = foo,bar,baz
+
+
+# ===========================================================
+
+[12-alpn-client-switch-resumption]
+ssl_conf = 12-alpn-client-switch-resumption-ssl
+
+[12-alpn-client-switch-resumption-ssl]
+server = 12-alpn-client-switch-resumption-server
+client = 12-alpn-client-switch-resumption-client
+resume-server = 12-alpn-client-switch-resumption-server
+resume-client = 12-alpn-client-switch-resumption-resume-client
+
+[12-alpn-client-switch-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[12-alpn-client-switch-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[12-alpn-client-switch-resumption-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-12]
+ExpectedALPNProtocol = bar
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 12-alpn-client-switch-resumption-server-extra
+resume-server = 12-alpn-client-switch-resumption-server-extra
+client = 12-alpn-client-switch-resumption-client-extra
+resume-client = 12-alpn-client-switch-resumption-resume-client-extra
+
+[12-alpn-client-switch-resumption-server-extra]
+ALPNProtocols = foo,bar,baz
+
+[12-alpn-client-switch-resumption-client-extra]
+ALPNProtocols = foo,baz
+
+[12-alpn-client-switch-resumption-resume-client-extra]
+ALPNProtocols = bar,baz
+
+
+# ===========================================================
+
+[13-alpn-alert-on-mismatch-resumption]
+ssl_conf = 13-alpn-alert-on-mismatch-resumption-ssl
+
+[13-alpn-alert-on-mismatch-resumption-ssl]
+server = 13-alpn-alert-on-mismatch-resumption-server
+client = 13-alpn-alert-on-mismatch-resumption-client
+resume-server = 13-alpn-alert-on-mismatch-resumption-resume-server
+resume-client = 13-alpn-alert-on-mismatch-resumption-client
+
+[13-alpn-alert-on-mismatch-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[13-alpn-alert-on-mismatch-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[13-alpn-alert-on-mismatch-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-13]
+ExpectedResult = ServerFail
+ExpectedServerAlert = NoApplicationProtocol
+HandshakeMode = Resume
+server = 13-alpn-alert-on-mismatch-resumption-server-extra
+resume-server = 13-alpn-alert-on-mismatch-resumption-resume-server-extra
+client = 13-alpn-alert-on-mismatch-resumption-client-extra
+resume-client = 13-alpn-alert-on-mismatch-resumption-client-extra
+
+[13-alpn-alert-on-mismatch-resumption-server-extra]
+ALPNProtocols = bar
+
+[13-alpn-alert-on-mismatch-resumption-resume-server-extra]
+ALPNProtocols = baz
+
+[13-alpn-alert-on-mismatch-resumption-client-extra]
+ALPNProtocols = foo,bar
+
+
+# ===========================================================
+
+[14-alpn-no-server-support-resumption]
+ssl_conf = 14-alpn-no-server-support-resumption-ssl
+
+[14-alpn-no-server-support-resumption-ssl]
+server = 14-alpn-no-server-support-resumption-server
+client = 14-alpn-no-server-support-resumption-client
+resume-server = 14-alpn-no-server-support-resumption-resume-server
+resume-client = 14-alpn-no-server-support-resumption-client
+
+[14-alpn-no-server-support-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[14-alpn-no-server-support-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[14-alpn-no-server-support-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-14]
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 14-alpn-no-server-support-resumption-server-extra
+client = 14-alpn-no-server-support-resumption-client-extra
+resume-client = 14-alpn-no-server-support-resumption-client-extra
+
+[14-alpn-no-server-support-resumption-server-extra]
+ALPNProtocols = foo
+
+[14-alpn-no-server-support-resumption-client-extra]
+ALPNProtocols = foo
+
+
+# ===========================================================
+
+[15-alpn-no-client-support-resumption]
+ssl_conf = 15-alpn-no-client-support-resumption-ssl
+
+[15-alpn-no-client-support-resumption-ssl]
+server = 15-alpn-no-client-support-resumption-server
+client = 15-alpn-no-client-support-resumption-client
+resume-server = 15-alpn-no-client-support-resumption-server
+resume-client = 15-alpn-no-client-support-resumption-resume-client
+
+[15-alpn-no-client-support-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[15-alpn-no-client-support-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[15-alpn-no-client-support-resumption-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-15]
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 15-alpn-no-client-support-resumption-server-extra
+resume-server = 15-alpn-no-client-support-resumption-server-extra
+client = 15-alpn-no-client-support-resumption-client-extra
+
+[15-alpn-no-client-support-resumption-server-extra]
+ALPNProtocols = foo
+
+[15-alpn-no-client-support-resumption-client-extra]
+ALPNProtocols = foo
+
+
diff --git a/test/ssl-tests/09-alpn.conf.in b/test/ssl-tests/09-alpn.conf.in
index c637b3a..18560e1 100644
--- a/test/ssl-tests/09-alpn.conf.in
+++ b/test/ssl-tests/09-alpn.conf.in
@@ -29,7 +29,7 @@ our @tests = (
},
},
test => {
- "ExpectedALPNProtocol" => "foo",
+ "ExpectedALPNProtocol" => "foo",
},
},
{
@@ -45,7 +45,7 @@ our @tests = (
},
},
test => {
- "ExpectedALPNProtocol" => "bar",
+ "ExpectedALPNProtocol" => "bar",
},
},
{
@@ -61,7 +61,7 @@ our @tests = (
},
},
test => {
- "ExpectedALPNProtocol" => "bar",
+ "ExpectedALPNProtocol" => "bar",
},
},
{
@@ -77,8 +77,8 @@ our @tests = (
},
},
test => {
- "ExpectedResult" => "ServerFail",
- "ExpectedServerAlert" => "NoApplicationProtocol",
+ "ExpectedResult" => "ServerFail",
+ "ExpectedServerAlert" => "NoApplicationProtocol",
},
},
{
@@ -90,7 +90,7 @@ our @tests = (
},
},
test => {
- "ExpectedALPNProtocol" => undef,
+ "ExpectedALPNProtocol" => undef,
},
},
{
@@ -102,7 +102,7 @@ our @tests = (
},
client => { },
test => {
- "ExpectedALPNProtocol" => undef,
+ "ExpectedALPNProtocol" => undef,
},
},
{
@@ -125,8 +125,8 @@ our @tests = (
},
},
test => {
- "ExpectedServerName" => "server1",
- "ExpectedALPNProtocol" => "foo",
+ "ExpectedServerName" => "server1",
+ "ExpectedALPNProtocol" => "foo",
},
},
{
@@ -149,8 +149,8 @@ our @tests = (
},
},
test => {
- "ExpectedServerName" => "server2",
- "ExpectedALPNProtocol" => "bar",
+ "ExpectedServerName" => "server2",
+ "ExpectedALPNProtocol" => "bar",
},
},
{
@@ -172,8 +172,8 @@ our @tests = (
},
},
test => {
- "ExpectedServerName" => "server2",
- "ExpectedALPNProtocol" => "bar",
+ "ExpectedServerName" => "server2",
+ "ExpectedALPNProtocol" => "bar",
},
},
{
@@ -192,8 +192,133 @@ our @tests = (
},
},
test => {
- "ExpectedServerName" => "server2",
- "ExpectedALPNProtocol" => undef,
+ "ExpectedServerName" => "server2",
+ "ExpectedALPNProtocol" => undef,
+ },
+ },
+ {
+ name => "alpn-simple-resumption",
+ server => {
+ extra => {
+ "ALPNProtocols" => "foo",
+ },
+ },
+ client => {
+ extra => {
+ "ALPNProtocols" => "foo",
+ },
+ },
+ test => {
+ "HandshakeMode" => "Resume",
+ "ResumptionExpected" => "Yes",
+ "ExpectedALPNProtocol" => "foo",
+ },
+ },
+ {
+ name => "alpn-server-switch-resumption",
+ server => {
+ extra => {
+ "ALPNProtocols" => "bar,foo",
+ },
+ },
+ resume_server => {
+ extra => {
+ "ALPNProtocols" => "baz,foo",
+ },
+ },
+ client => {
+ extra => {
+ "ALPNProtocols" => "foo,bar,baz",
+ },
+ },
+ test => {
+ "HandshakeMode" => "Resume",
+ "ResumptionExpected" => "Yes",
+ "ExpectedALPNProtocol" => "baz",
+ },
+ },
+ {
+ name => "alpn-client-switch-resumption",
+ server => {
+ extra => {
+ "ALPNProtocols" => "foo,bar,baz",
+ },
+ },
+ client => {
+ extra => {
+ "ALPNProtocols" => "foo,baz",
+ },
+ },
+ resume_client => {
+ extra => {
+ "ALPNProtocols" => "bar,baz",
+ },
+ },
+ test => {
+ "HandshakeMode" => "Resume",
+ "ResumptionExpected" => "Yes",
+ "ExpectedALPNProtocol" => "bar",
+ },
+ },
+ {
+ name => "alpn-alert-on-mismatch-resumption",
+ server => {
+ extra => {
+ "ALPNProtocols" => "bar",
+ },
+ },
+ resume_server => {
+ extra => {
+ "ALPNProtocols" => "baz",
+ },
+ },
+ client => {
+ extra => {
+ "ALPNProtocols" => "foo,bar",
+ },
+ },
+ test => {
+ "HandshakeMode" => "Resume",
+ "ExpectedResult" => "ServerFail",
+ "ExpectedServerAlert" => "NoApplicationProtocol",
+ },
+ },
+ {
+ name => "alpn-no-server-support-resumption",
+ server => {
+ extra => {
+ "ALPNProtocols" => "foo",
+ },
+ },
+ resume_server => { },
+ client => {
+ extra => {
+ "ALPNProtocols" => "foo",
+ },
+ },
+ test => {
+ "HandshakeMode" => "Resume",
+ "ResumptionExpected" => "Yes",
+ "ExpectedALPNProtocol" => undef,
+ },
+ },
+ {
+ name => "alpn-no-client-support-resumption",
+ server => {
+ extra => {
+ "ALPNProtocols" => "foo",
+ },
+ },
+ client => {
+ extra => {
+ "ALPNProtocols" => "foo",
+ },
+ },
+ resume_client => { },
+ test => {
+ "HandshakeMode" => "Resume",
+ "ResumptionExpected" => "Yes",
+ "ExpectedALPNProtocol" => undef,
},
},
);
diff --git a/test/ssl_test.tmpl b/test/ssl_test.tmpl
index cc3d99f..bdbfb11 100644
--- a/test/ssl_test.tmpl
+++ b/test/ssl_test.tmpl
@@ -85,7 +85,7 @@ client = {-$testname-}-client{-
if (%resume_client && $resume_client{"extra"}) {
$OUT .= "resume-client = $testname-resume-client-extra\n";
} elsif ($reuse_resume_client && $client{"extra"}) {
- $OUT .= "client = $testname-client-extra\n";
+ $OUT .= "resume-client = $testname-client-extra\n";
}
if ($server{"extra"}) {
More information about the openssl-commits
mailing list