[openssl-commits] [openssl] master update

Emilia Kasper emilia at openssl.org
Mon Aug 8 14:13:49 UTC 2016


The branch master has been updated
       via  2ac6bdc02931ead9e028d6e41640b035e78bc722 (commit)
      from  7b7cea6d712c35d52b4e2031c8a9410866e2aab6 (commit)


- Log -----------------------------------------------------------------
commit 2ac6bdc02931ead9e028d6e41640b035e78bc722
Author: Emilia Kasper <emilia at openssl.org>
Date:   Mon Aug 8 14:42:08 2016 +0200

    NPN and ALPN: test resumption
    
    In NPN and ALPN, the protocol is renegotiated upon resumption. Test that
    resumption picks up changes to the extension.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 test/recipes/80-test_ssl_old.t |  18 +--
 test/ssl-tests/08-npn.conf     | 356 ++++++++++++++++++++++++++++++++++++++++-
 test/ssl-tests/08-npn.conf.in  | 211 ++++++++++++++++++++++--
 test/ssl-tests/09-alpn.conf    | 260 +++++++++++++++++++++++++++++-
 test/ssl-tests/09-alpn.conf.in | 155 ++++++++++++++++--
 test/ssl_test.tmpl             |   2 +-
 6 files changed, 950 insertions(+), 52 deletions(-)

diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
index 8f43d6b..631adbf 100644
--- a/test/recipes/80-test_ssl_old.t
+++ b/test/recipes/80-test_ssl_old.t
@@ -79,7 +79,7 @@ my $client_sess="client.ss";
 # new format in ssl_test.c and add recipes to 80-test_ssl_new.t instead.
 plan tests =>
     1				# For testss
-    +9  			# For the first testssl
+    +8  			# For the first testssl
     ;
 
 subtest 'test_ss' => sub {
@@ -526,22 +526,6 @@ sub testssl {
 
     };
 
-    subtest 'Next Protocol Negotiation Tests' => sub {
-	######################################################################
-
-	plan tests => 2;
-
-      SKIP: {
-	  skip "TLSv1.0 is not supported by this OpenSSL build", 2
-	      if $no_tls1;
-	  skip "Next Protocol Negotiation is not supported by this OpenSSL build", 2
-	      if disabled("nextprotoneg");
-
-	  ok(run(test([@ssltest, "-bio_pair", "-tls1", "-npn_client", "-npn_server", "-num", "2"])));
-	  ok(run(test([@ssltest, "-bio_pair", "-tls1", "-npn_client", "-npn_server", "-num", "2", "-reuse"])));
-	}
-    };
-
     subtest 'Custom Extension tests' => sub {
 	######################################################################
 
diff --git a/test/ssl-tests/08-npn.conf b/test/ssl-tests/08-npn.conf
index 97d1d9f..9115ef4 100644
--- a/test/ssl-tests/08-npn.conf
+++ b/test/ssl-tests/08-npn.conf
@@ -1,6 +1,6 @@
 # Generated with generate_ssl_tests.pl
 
-num_tests = 12
+num_tests = 20
 
 test-0 = 0-npn-simple
 test-1 = 1-npn-client-finds-match
@@ -14,6 +14,14 @@ test-8 = 8-npn-selected-sni-server-supports-npn
 test-9 = 9-npn-selected-sni-server-does-not-support-npn
 test-10 = 10-alpn-preferred-over-npn
 test-11 = 11-sni-npn-preferred-over-alpn
+test-12 = 12-npn-simple-resumption
+test-13 = 13-npn-server-switch-resumption
+test-14 = 14-npn-client-switch-resumption
+test-15 = 15-npn-client-first-pref-on-mismatch-resumption
+test-16 = 16-npn-no-server-support-resumption
+test-17 = 17-npn-no-client-support-resumption
+test-18 = 18-alpn-preferred-over-npn-resumption
+test-19 = 19-npn-used-if-alpn-not-supported-resumption
 # ===========================================================
 
 [0-npn-simple]
@@ -438,3 +446,349 @@ NPNProtocols = bar
 ServerName = server2
 
 
+# ===========================================================
+
+[12-npn-simple-resumption]
+ssl_conf = 12-npn-simple-resumption-ssl
+
+[12-npn-simple-resumption-ssl]
+server = 12-npn-simple-resumption-server
+client = 12-npn-simple-resumption-client
+resume-server = 12-npn-simple-resumption-server
+resume-client = 12-npn-simple-resumption-client
+
+[12-npn-simple-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[12-npn-simple-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-12]
+ExpectedNPNProtocol = foo
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 12-npn-simple-resumption-server-extra
+resume-server = 12-npn-simple-resumption-server-extra
+client = 12-npn-simple-resumption-client-extra
+resume-client = 12-npn-simple-resumption-client-extra
+
+[12-npn-simple-resumption-server-extra]
+NPNProtocols = foo
+
+[12-npn-simple-resumption-client-extra]
+NPNProtocols = foo
+
+
+# ===========================================================
+
+[13-npn-server-switch-resumption]
+ssl_conf = 13-npn-server-switch-resumption-ssl
+
+[13-npn-server-switch-resumption-ssl]
+server = 13-npn-server-switch-resumption-server
+client = 13-npn-server-switch-resumption-client
+resume-server = 13-npn-server-switch-resumption-resume-server
+resume-client = 13-npn-server-switch-resumption-client
+
+[13-npn-server-switch-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[13-npn-server-switch-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[13-npn-server-switch-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-13]
+ExpectedNPNProtocol = baz
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 13-npn-server-switch-resumption-server-extra
+resume-server = 13-npn-server-switch-resumption-resume-server-extra
+client = 13-npn-server-switch-resumption-client-extra
+resume-client = 13-npn-server-switch-resumption-client-extra
+
+[13-npn-server-switch-resumption-server-extra]
+NPNProtocols = bar,foo
+
+[13-npn-server-switch-resumption-resume-server-extra]
+NPNProtocols = baz,foo
+
+[13-npn-server-switch-resumption-client-extra]
+NPNProtocols = foo,bar,baz
+
+
+# ===========================================================
+
+[14-npn-client-switch-resumption]
+ssl_conf = 14-npn-client-switch-resumption-ssl
+
+[14-npn-client-switch-resumption-ssl]
+server = 14-npn-client-switch-resumption-server
+client = 14-npn-client-switch-resumption-client
+resume-server = 14-npn-client-switch-resumption-server
+resume-client = 14-npn-client-switch-resumption-resume-client
+
+[14-npn-client-switch-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[14-npn-client-switch-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[14-npn-client-switch-resumption-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-14]
+ExpectedNPNProtocol = bar
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 14-npn-client-switch-resumption-server-extra
+resume-server = 14-npn-client-switch-resumption-server-extra
+client = 14-npn-client-switch-resumption-client-extra
+resume-client = 14-npn-client-switch-resumption-resume-client-extra
+
+[14-npn-client-switch-resumption-server-extra]
+NPNProtocols = foo,bar,baz
+
+[14-npn-client-switch-resumption-client-extra]
+NPNProtocols = foo,baz
+
+[14-npn-client-switch-resumption-resume-client-extra]
+NPNProtocols = bar,baz
+
+
+# ===========================================================
+
+[15-npn-client-first-pref-on-mismatch-resumption]
+ssl_conf = 15-npn-client-first-pref-on-mismatch-resumption-ssl
+
+[15-npn-client-first-pref-on-mismatch-resumption-ssl]
+server = 15-npn-client-first-pref-on-mismatch-resumption-server
+client = 15-npn-client-first-pref-on-mismatch-resumption-client
+resume-server = 15-npn-client-first-pref-on-mismatch-resumption-resume-server
+resume-client = 15-npn-client-first-pref-on-mismatch-resumption-client
+
+[15-npn-client-first-pref-on-mismatch-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[15-npn-client-first-pref-on-mismatch-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[15-npn-client-first-pref-on-mismatch-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-15]
+ExpectedNPNProtocol = foo
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 15-npn-client-first-pref-on-mismatch-resumption-server-extra
+resume-server = 15-npn-client-first-pref-on-mismatch-resumption-resume-server-extra
+client = 15-npn-client-first-pref-on-mismatch-resumption-client-extra
+resume-client = 15-npn-client-first-pref-on-mismatch-resumption-client-extra
+
+[15-npn-client-first-pref-on-mismatch-resumption-server-extra]
+NPNProtocols = bar
+
+[15-npn-client-first-pref-on-mismatch-resumption-resume-server-extra]
+NPNProtocols = baz
+
+[15-npn-client-first-pref-on-mismatch-resumption-client-extra]
+NPNProtocols = foo,bar
+
+
+# ===========================================================
+
+[16-npn-no-server-support-resumption]
+ssl_conf = 16-npn-no-server-support-resumption-ssl
+
+[16-npn-no-server-support-resumption-ssl]
+server = 16-npn-no-server-support-resumption-server
+client = 16-npn-no-server-support-resumption-client
+resume-server = 16-npn-no-server-support-resumption-resume-server
+resume-client = 16-npn-no-server-support-resumption-client
+
+[16-npn-no-server-support-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[16-npn-no-server-support-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[16-npn-no-server-support-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-16]
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 16-npn-no-server-support-resumption-server-extra
+client = 16-npn-no-server-support-resumption-client-extra
+resume-client = 16-npn-no-server-support-resumption-client-extra
+
+[16-npn-no-server-support-resumption-server-extra]
+NPNProtocols = foo
+
+[16-npn-no-server-support-resumption-client-extra]
+NPNProtocols = foo
+
+
+# ===========================================================
+
+[17-npn-no-client-support-resumption]
+ssl_conf = 17-npn-no-client-support-resumption-ssl
+
+[17-npn-no-client-support-resumption-ssl]
+server = 17-npn-no-client-support-resumption-server
+client = 17-npn-no-client-support-resumption-client
+resume-server = 17-npn-no-client-support-resumption-server
+resume-client = 17-npn-no-client-support-resumption-resume-client
+
+[17-npn-no-client-support-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[17-npn-no-client-support-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[17-npn-no-client-support-resumption-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-17]
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 17-npn-no-client-support-resumption-server-extra
+resume-server = 17-npn-no-client-support-resumption-server-extra
+client = 17-npn-no-client-support-resumption-client-extra
+
+[17-npn-no-client-support-resumption-server-extra]
+NPNProtocols = foo
+
+[17-npn-no-client-support-resumption-client-extra]
+NPNProtocols = foo
+
+
+# ===========================================================
+
+[18-alpn-preferred-over-npn-resumption]
+ssl_conf = 18-alpn-preferred-over-npn-resumption-ssl
+
+[18-alpn-preferred-over-npn-resumption-ssl]
+server = 18-alpn-preferred-over-npn-resumption-server
+client = 18-alpn-preferred-over-npn-resumption-client
+resume-server = 18-alpn-preferred-over-npn-resumption-resume-server
+resume-client = 18-alpn-preferred-over-npn-resumption-client
+
+[18-alpn-preferred-over-npn-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[18-alpn-preferred-over-npn-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[18-alpn-preferred-over-npn-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-18]
+ExpectedALPNProtocol = foo
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 18-alpn-preferred-over-npn-resumption-server-extra
+resume-server = 18-alpn-preferred-over-npn-resumption-resume-server-extra
+client = 18-alpn-preferred-over-npn-resumption-client-extra
+resume-client = 18-alpn-preferred-over-npn-resumption-client-extra
+
+[18-alpn-preferred-over-npn-resumption-server-extra]
+NPNProtocols = bar
+
+[18-alpn-preferred-over-npn-resumption-resume-server-extra]
+ALPNProtocols = foo
+NPNProtocols = baz
+
+[18-alpn-preferred-over-npn-resumption-client-extra]
+ALPNProtocols = foo
+NPNProtocols = bar,baz
+
+
+# ===========================================================
+
+[19-npn-used-if-alpn-not-supported-resumption]
+ssl_conf = 19-npn-used-if-alpn-not-supported-resumption-ssl
+
+[19-npn-used-if-alpn-not-supported-resumption-ssl]
+server = 19-npn-used-if-alpn-not-supported-resumption-server
+client = 19-npn-used-if-alpn-not-supported-resumption-client
+resume-server = 19-npn-used-if-alpn-not-supported-resumption-resume-server
+resume-client = 19-npn-used-if-alpn-not-supported-resumption-client
+
+[19-npn-used-if-alpn-not-supported-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[19-npn-used-if-alpn-not-supported-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[19-npn-used-if-alpn-not-supported-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-19]
+ExpectedNPNProtocol = baz
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 19-npn-used-if-alpn-not-supported-resumption-server-extra
+resume-server = 19-npn-used-if-alpn-not-supported-resumption-resume-server-extra
+client = 19-npn-used-if-alpn-not-supported-resumption-client-extra
+resume-client = 19-npn-used-if-alpn-not-supported-resumption-client-extra
+
+[19-npn-used-if-alpn-not-supported-resumption-server-extra]
+ALPNProtocols = foo
+NPNProtocols = bar
+
+[19-npn-used-if-alpn-not-supported-resumption-resume-server-extra]
+NPNProtocols = baz
+
+[19-npn-used-if-alpn-not-supported-resumption-client-extra]
+ALPNProtocols = foo
+NPNProtocols = bar,baz
+
+
diff --git a/test/ssl-tests/08-npn.conf.in b/test/ssl-tests/08-npn.conf.in
index 56ccaea..8a1f4ec 100644
--- a/test/ssl-tests/08-npn.conf.in
+++ b/test/ssl-tests/08-npn.conf.in
@@ -29,7 +29,7 @@ our @tests = (
             },
         },
         test => {
-             "ExpectedNPNProtocol" => "foo",
+            "ExpectedNPNProtocol" => "foo",
         },
     },
     {
@@ -45,7 +45,7 @@ our @tests = (
             },
         },
         test => {
-             "ExpectedNPNProtocol" => "bar",
+            "ExpectedNPNProtocol" => "bar",
         },
     },
     {
@@ -61,7 +61,7 @@ our @tests = (
             },
         },
         test => {
-             "ExpectedNPNProtocol" => "bar",
+            "ExpectedNPNProtocol" => "bar",
         },
     },
     {
@@ -77,7 +77,7 @@ our @tests = (
             },
         },
         test => {
-             "ExpectedNPNProtocol" => "foo",
+            "ExpectedNPNProtocol" => "foo",
         },
     },
     {
@@ -89,7 +89,7 @@ our @tests = (
             },
         },
         test => {
-             "ExpectedNPNProtocol" => undef,
+            "ExpectedNPNProtocol" => undef,
         },
     },
     {
@@ -101,7 +101,7 @@ our @tests = (
         },
         client => { },
         test => {
-             "ExpectedNPNProtocol" => undef,
+            "ExpectedNPNProtocol" => undef,
         },
     },
     {
@@ -124,8 +124,8 @@ our @tests = (
             },
         },
         test => {
-             "ExpectedServerName" => "server1",
-             "ExpectedNPNProtocol" => "foo",
+            "ExpectedServerName" => "server1",
+            "ExpectedNPNProtocol" => "foo",
         },
     },
     {
@@ -148,8 +148,8 @@ our @tests = (
             },
         },
         test => {
-             "ExpectedServerName" => "server2",
-             "ExpectedNPNProtocol" => "bar",
+            "ExpectedServerName" => "server2",
+            "ExpectedNPNProtocol" => "bar",
         },
     },
     {
@@ -171,8 +171,8 @@ our @tests = (
             },
         },
         test => {
-             "ExpectedServerName" => "server2",
-             "ExpectedNPNProtocol" => "bar",
+            "ExpectedServerName" => "server2",
+            "ExpectedNPNProtocol" => "bar",
         },
     },
     {
@@ -210,8 +210,8 @@ our @tests = (
             },
         },
         test => {
-             "ExpectedALPNProtocol" => "foo",
-             "ExpectedNPNProtocol" => undef,
+            "ExpectedALPNProtocol" => "foo",
+            "ExpectedNPNProtocol" => undef,
         },
     },
     {
@@ -235,9 +235,186 @@ our @tests = (
             },
         },
         test => {
-             "ExpectedALPNProtocol" => undef,
-             "ExpectedNPNProtocol" => "bar",
-             "ExpectedServerName" => "server2",  
+            "ExpectedALPNProtocol" => undef,
+            "ExpectedNPNProtocol" => "bar",
+            "ExpectedServerName" => "server2",  
+        },
+    },
+    {
+        name => "npn-simple-resumption",
+        server => {
+            extra => {
+                "NPNProtocols" => "foo",
+            },
+        },
+        client => {
+            extra => {
+                "NPNProtocols" => "foo",
+            },
+        },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedNPNProtocol" => "foo",
+        },
+    },
+    {
+        name => "npn-server-switch-resumption",
+        server => {
+            extra => {
+                "NPNProtocols" => "bar,foo",
+            },
+        },
+        resume_server => {
+            extra => {
+                "NPNProtocols" => "baz,foo",
+            },
+        },
+        client => {
+            extra => {
+                "NPNProtocols" => "foo,bar,baz",
+            },
+        },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedNPNProtocol" => "baz",
+        },
+    },
+    {
+        name => "npn-client-switch-resumption",
+        server => {
+            extra => {
+                "NPNProtocols" => "foo,bar,baz",
+            },
+        },
+        client => {
+            extra => {
+                "NPNProtocols" => "foo,baz",
+            },
+        },
+        resume_client => {
+            extra => {
+                "NPNProtocols" => "bar,baz",
+            },
+        },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedNPNProtocol" => "bar",
+        },
+    },
+    {
+        name => "npn-client-first-pref-on-mismatch-resumption",
+        server => {
+            extra => {
+                "NPNProtocols" => "bar",
+            },
+        },
+        resume_server => {
+            extra => {
+                "NPNProtocols" => "baz",
+            },
+        },
+        client => {
+            extra => {
+                "NPNProtocols" => "foo,bar",
+            },
+        },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedNPNProtocol" => "foo",
+        },
+    },
+    {
+        name => "npn-no-server-support-resumption",
+        server => {
+            extra => {
+                "NPNProtocols" => "foo",
+            },
+        },
+        resume_server => { },
+        client => {
+            extra => {
+                "NPNProtocols" => "foo",
+            },
+        },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedNPNProtocol" => undef,
+        },
+    },
+    {
+        name => "npn-no-client-support-resumption",
+        server => {
+            extra => {
+                "NPNProtocols" => "foo",
+            },
+        },
+        client => {
+            extra => {
+                "NPNProtocols" => "foo",
+            },
+        },
+        resume_client => { },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedNPNProtocol" => undef,
+        },
+    },
+    {
+        name => "alpn-preferred-over-npn-resumption",
+        server => {
+            extra => {
+                "NPNProtocols" => "bar",
+            },
+        },
+        resume_server => {
+            extra => {
+                "ALPNProtocols" => "foo",
+                "NPNProtocols" => "baz",
+            },
+        },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo",
+                "NPNProtocols" => "bar,baz",
+            },
+        },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedALPNProtocol" => "foo",
+            "ExpectedNPNProtocol" => undef,
+        },
+    },
+    {
+        name => "npn-used-if-alpn-not-supported-resumption",
+        server => {
+            extra => {
+                "ALPNProtocols" => "foo",
+                "NPNProtocols" => "bar",
+            },
+        },
+        resume_server => {
+            extra => {
+                "NPNProtocols" => "baz",
+            },
+        },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo",
+                "NPNProtocols" => "bar,baz",
+            },
+        },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedALPNProtocol" => undef,
+            "ExpectedNPNProtocol" => "baz",
         },
     },
 );
diff --git a/test/ssl-tests/09-alpn.conf b/test/ssl-tests/09-alpn.conf
index 58ddff3..e7e6cb9 100644
--- a/test/ssl-tests/09-alpn.conf
+++ b/test/ssl-tests/09-alpn.conf
@@ -1,6 +1,6 @@
 # Generated with generate_ssl_tests.pl
 
-num_tests = 10
+num_tests = 16
 
 test-0 = 0-alpn-simple
 test-1 = 1-alpn-server-finds-match
@@ -12,6 +12,12 @@ test-6 = 6-alpn-with-sni-no-context-switch
 test-7 = 7-alpn-with-sni-context-switch
 test-8 = 8-alpn-selected-sni-server-supports-alpn
 test-9 = 9-alpn-selected-sni-server-does-not-support-alpn
+test-10 = 10-alpn-simple-resumption
+test-11 = 11-alpn-server-switch-resumption
+test-12 = 12-alpn-client-switch-resumption
+test-13 = 13-alpn-alert-on-mismatch-resumption
+test-14 = 14-alpn-no-server-support-resumption
+test-15 = 15-alpn-no-client-support-resumption
 # ===========================================================
 
 [0-alpn-simple]
@@ -359,3 +365,255 @@ ALPNProtocols = foo,bar
 ServerName = server2
 
 
+# ===========================================================
+
+[10-alpn-simple-resumption]
+ssl_conf = 10-alpn-simple-resumption-ssl
+
+[10-alpn-simple-resumption-ssl]
+server = 10-alpn-simple-resumption-server
+client = 10-alpn-simple-resumption-client
+resume-server = 10-alpn-simple-resumption-server
+resume-client = 10-alpn-simple-resumption-client
+
+[10-alpn-simple-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[10-alpn-simple-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-10]
+ExpectedALPNProtocol = foo
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 10-alpn-simple-resumption-server-extra
+resume-server = 10-alpn-simple-resumption-server-extra
+client = 10-alpn-simple-resumption-client-extra
+resume-client = 10-alpn-simple-resumption-client-extra
+
+[10-alpn-simple-resumption-server-extra]
+ALPNProtocols = foo
+
+[10-alpn-simple-resumption-client-extra]
+ALPNProtocols = foo
+
+
+# ===========================================================
+
+[11-alpn-server-switch-resumption]
+ssl_conf = 11-alpn-server-switch-resumption-ssl
+
+[11-alpn-server-switch-resumption-ssl]
+server = 11-alpn-server-switch-resumption-server
+client = 11-alpn-server-switch-resumption-client
+resume-server = 11-alpn-server-switch-resumption-resume-server
+resume-client = 11-alpn-server-switch-resumption-client
+
+[11-alpn-server-switch-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[11-alpn-server-switch-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[11-alpn-server-switch-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-11]
+ExpectedALPNProtocol = baz
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 11-alpn-server-switch-resumption-server-extra
+resume-server = 11-alpn-server-switch-resumption-resume-server-extra
+client = 11-alpn-server-switch-resumption-client-extra
+resume-client = 11-alpn-server-switch-resumption-client-extra
+
+[11-alpn-server-switch-resumption-server-extra]
+ALPNProtocols = bar,foo
+
+[11-alpn-server-switch-resumption-resume-server-extra]
+ALPNProtocols = baz,foo
+
+[11-alpn-server-switch-resumption-client-extra]
+ALPNProtocols = foo,bar,baz
+
+
+# ===========================================================
+
+[12-alpn-client-switch-resumption]
+ssl_conf = 12-alpn-client-switch-resumption-ssl
+
+[12-alpn-client-switch-resumption-ssl]
+server = 12-alpn-client-switch-resumption-server
+client = 12-alpn-client-switch-resumption-client
+resume-server = 12-alpn-client-switch-resumption-server
+resume-client = 12-alpn-client-switch-resumption-resume-client
+
+[12-alpn-client-switch-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[12-alpn-client-switch-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[12-alpn-client-switch-resumption-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-12]
+ExpectedALPNProtocol = bar
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 12-alpn-client-switch-resumption-server-extra
+resume-server = 12-alpn-client-switch-resumption-server-extra
+client = 12-alpn-client-switch-resumption-client-extra
+resume-client = 12-alpn-client-switch-resumption-resume-client-extra
+
+[12-alpn-client-switch-resumption-server-extra]
+ALPNProtocols = foo,bar,baz
+
+[12-alpn-client-switch-resumption-client-extra]
+ALPNProtocols = foo,baz
+
+[12-alpn-client-switch-resumption-resume-client-extra]
+ALPNProtocols = bar,baz
+
+
+# ===========================================================
+
+[13-alpn-alert-on-mismatch-resumption]
+ssl_conf = 13-alpn-alert-on-mismatch-resumption-ssl
+
+[13-alpn-alert-on-mismatch-resumption-ssl]
+server = 13-alpn-alert-on-mismatch-resumption-server
+client = 13-alpn-alert-on-mismatch-resumption-client
+resume-server = 13-alpn-alert-on-mismatch-resumption-resume-server
+resume-client = 13-alpn-alert-on-mismatch-resumption-client
+
+[13-alpn-alert-on-mismatch-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[13-alpn-alert-on-mismatch-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[13-alpn-alert-on-mismatch-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-13]
+ExpectedResult = ServerFail
+ExpectedServerAlert = NoApplicationProtocol
+HandshakeMode = Resume
+server = 13-alpn-alert-on-mismatch-resumption-server-extra
+resume-server = 13-alpn-alert-on-mismatch-resumption-resume-server-extra
+client = 13-alpn-alert-on-mismatch-resumption-client-extra
+resume-client = 13-alpn-alert-on-mismatch-resumption-client-extra
+
+[13-alpn-alert-on-mismatch-resumption-server-extra]
+ALPNProtocols = bar
+
+[13-alpn-alert-on-mismatch-resumption-resume-server-extra]
+ALPNProtocols = baz
+
+[13-alpn-alert-on-mismatch-resumption-client-extra]
+ALPNProtocols = foo,bar
+
+
+# ===========================================================
+
+[14-alpn-no-server-support-resumption]
+ssl_conf = 14-alpn-no-server-support-resumption-ssl
+
+[14-alpn-no-server-support-resumption-ssl]
+server = 14-alpn-no-server-support-resumption-server
+client = 14-alpn-no-server-support-resumption-client
+resume-server = 14-alpn-no-server-support-resumption-resume-server
+resume-client = 14-alpn-no-server-support-resumption-client
+
+[14-alpn-no-server-support-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[14-alpn-no-server-support-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[14-alpn-no-server-support-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-14]
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 14-alpn-no-server-support-resumption-server-extra
+client = 14-alpn-no-server-support-resumption-client-extra
+resume-client = 14-alpn-no-server-support-resumption-client-extra
+
+[14-alpn-no-server-support-resumption-server-extra]
+ALPNProtocols = foo
+
+[14-alpn-no-server-support-resumption-client-extra]
+ALPNProtocols = foo
+
+
+# ===========================================================
+
+[15-alpn-no-client-support-resumption]
+ssl_conf = 15-alpn-no-client-support-resumption-ssl
+
+[15-alpn-no-client-support-resumption-ssl]
+server = 15-alpn-no-client-support-resumption-server
+client = 15-alpn-no-client-support-resumption-client
+resume-server = 15-alpn-no-client-support-resumption-server
+resume-client = 15-alpn-no-client-support-resumption-resume-client
+
+[15-alpn-no-client-support-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[15-alpn-no-client-support-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[15-alpn-no-client-support-resumption-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-15]
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 15-alpn-no-client-support-resumption-server-extra
+resume-server = 15-alpn-no-client-support-resumption-server-extra
+client = 15-alpn-no-client-support-resumption-client-extra
+
+[15-alpn-no-client-support-resumption-server-extra]
+ALPNProtocols = foo
+
+[15-alpn-no-client-support-resumption-client-extra]
+ALPNProtocols = foo
+
+
diff --git a/test/ssl-tests/09-alpn.conf.in b/test/ssl-tests/09-alpn.conf.in
index c637b3a..18560e1 100644
--- a/test/ssl-tests/09-alpn.conf.in
+++ b/test/ssl-tests/09-alpn.conf.in
@@ -29,7 +29,7 @@ our @tests = (
             },
         },
         test => {
-             "ExpectedALPNProtocol" => "foo",
+            "ExpectedALPNProtocol" => "foo",
         },
     },
     {
@@ -45,7 +45,7 @@ our @tests = (
             },
         },
         test => {
-             "ExpectedALPNProtocol" => "bar",
+            "ExpectedALPNProtocol" => "bar",
         },
     },
     {
@@ -61,7 +61,7 @@ our @tests = (
             },
         },
         test => {
-             "ExpectedALPNProtocol" => "bar",
+            "ExpectedALPNProtocol" => "bar",
         },
     },
     {
@@ -77,8 +77,8 @@ our @tests = (
             },
         },
         test => {
-             "ExpectedResult" => "ServerFail",
-             "ExpectedServerAlert" => "NoApplicationProtocol",
+            "ExpectedResult" => "ServerFail",
+            "ExpectedServerAlert" => "NoApplicationProtocol",
         },
     },
     {
@@ -90,7 +90,7 @@ our @tests = (
             },
         },
         test => {
-             "ExpectedALPNProtocol" => undef,
+            "ExpectedALPNProtocol" => undef,
         },
     },
     {
@@ -102,7 +102,7 @@ our @tests = (
         },
         client => { },
         test => {
-             "ExpectedALPNProtocol" => undef,
+            "ExpectedALPNProtocol" => undef,
         },
     },
     {
@@ -125,8 +125,8 @@ our @tests = (
             },
         },
         test => {
-             "ExpectedServerName" => "server1",
-             "ExpectedALPNProtocol" => "foo",
+            "ExpectedServerName" => "server1",
+            "ExpectedALPNProtocol" => "foo",
         },
     },
     {
@@ -149,8 +149,8 @@ our @tests = (
             },
         },
         test => {
-             "ExpectedServerName" => "server2",
-             "ExpectedALPNProtocol" => "bar",
+            "ExpectedServerName" => "server2",
+            "ExpectedALPNProtocol" => "bar",
         },
     },
     {
@@ -172,8 +172,8 @@ our @tests = (
             },
         },
         test => {
-             "ExpectedServerName" => "server2",
-             "ExpectedALPNProtocol" => "bar",
+            "ExpectedServerName" => "server2",
+            "ExpectedALPNProtocol" => "bar",
         },
     },
     {
@@ -192,8 +192,133 @@ our @tests = (
             },
         },
         test => {
-             "ExpectedServerName" => "server2",
-             "ExpectedALPNProtocol" => undef,
+            "ExpectedServerName" => "server2",
+            "ExpectedALPNProtocol" => undef,
+        },
+    },
+    {
+        name => "alpn-simple-resumption",
+        server => {
+            extra => {
+                "ALPNProtocols" => "foo",
+            },
+        },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo",
+            },
+        },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedALPNProtocol" => "foo",
+        },
+    },
+    {
+        name => "alpn-server-switch-resumption",
+        server => {
+            extra => {
+                "ALPNProtocols" => "bar,foo",
+            },
+        },
+        resume_server => {
+            extra => {
+                "ALPNProtocols" => "baz,foo",
+            },
+        },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo,bar,baz",
+            },
+        },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedALPNProtocol" => "baz",
+        },
+    },
+    {
+        name => "alpn-client-switch-resumption",
+        server => {
+            extra => {
+                "ALPNProtocols" => "foo,bar,baz",
+            },
+        },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo,baz",
+            },
+        },
+        resume_client => {
+            extra => {
+                "ALPNProtocols" => "bar,baz",
+            },
+        },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedALPNProtocol" => "bar",
+        },
+    },
+    {
+        name => "alpn-alert-on-mismatch-resumption",
+        server => {
+            extra => {
+                "ALPNProtocols" => "bar",
+            },
+        },
+        resume_server => {
+            extra => {
+                "ALPNProtocols" => "baz",
+            },
+        },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo,bar",
+            },
+        },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ExpectedResult" => "ServerFail",
+            "ExpectedServerAlert" => "NoApplicationProtocol",
+        },
+    },
+    {
+        name => "alpn-no-server-support-resumption",
+        server => {
+            extra => {
+                "ALPNProtocols" => "foo",
+            },
+        },
+        resume_server => { },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo",
+            },
+        },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedALPNProtocol" => undef,
+        },
+    },
+    {
+        name => "alpn-no-client-support-resumption",
+        server => {
+            extra => {
+                "ALPNProtocols" => "foo",
+            },
+        },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo",
+            },
+        },
+        resume_client => { },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedALPNProtocol" => undef,
         },
     },
 );
diff --git a/test/ssl_test.tmpl b/test/ssl_test.tmpl
index cc3d99f..bdbfb11 100644
--- a/test/ssl_test.tmpl
+++ b/test/ssl_test.tmpl
@@ -85,7 +85,7 @@ client = {-$testname-}-client{-
     if (%resume_client && $resume_client{"extra"}) {
        $OUT .= "resume-client = $testname-resume-client-extra\n";
     } elsif ($reuse_resume_client && $client{"extra"}) {
-       $OUT .= "client = $testname-client-extra\n";
+       $OUT .= "resume-client = $testname-client-extra\n";
     }
 
     if ($server{"extra"}) {


More information about the openssl-commits mailing list