1e1051a39Sopenharmony_ci#! /usr/bin/env perl 2e1051a39Sopenharmony_ci# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. 3e1051a39Sopenharmony_ci# 4e1051a39Sopenharmony_ci# Licensed under the Apache License 2.0 (the "License"). You may not use 5e1051a39Sopenharmony_ci# this file except in compliance with the License. You can obtain a copy 6e1051a39Sopenharmony_ci# in the file LICENSE in the source distribution or at 7e1051a39Sopenharmony_ci# https://www.openssl.org/source/license.html 8e1051a39Sopenharmony_ci 9e1051a39Sopenharmony_ciuse strict; 10e1051a39Sopenharmony_ciuse OpenSSL::Test qw/:DEFAULT cmdstr srctop_file srctop_dir bldtop_dir/; 11e1051a39Sopenharmony_ciuse OpenSSL::Test::Utils; 12e1051a39Sopenharmony_ciuse File::Temp qw(tempfile); 13e1051a39Sopenharmony_ciuse TLSProxy::Proxy; 14e1051a39Sopenharmony_ciuse checkhandshake qw(checkhandshake @handmessages @extensions); 15e1051a39Sopenharmony_ci 16e1051a39Sopenharmony_cimy $test_name = "test_sslmessages"; 17e1051a39Sopenharmony_cisetup($test_name); 18e1051a39Sopenharmony_ci 19e1051a39Sopenharmony_ciplan skip_all => "TLSProxy isn't usable on $^O" 20e1051a39Sopenharmony_ci if $^O =~ /^(VMS)$/; 21e1051a39Sopenharmony_ci 22e1051a39Sopenharmony_ciplan skip_all => "$test_name needs the dynamic engine feature enabled" 23e1051a39Sopenharmony_ci if disabled("engine") || disabled("dynamic-engine"); 24e1051a39Sopenharmony_ci 25e1051a39Sopenharmony_ciplan skip_all => "$test_name needs the sock feature enabled" 26e1051a39Sopenharmony_ci if disabled("sock"); 27e1051a39Sopenharmony_ci 28e1051a39Sopenharmony_ciplan skip_all => "$test_name needs TLS enabled" 29e1051a39Sopenharmony_ci if alldisabled(available_protocols("tls")) 30e1051a39Sopenharmony_ci || (!disabled("tls1_3") && disabled("tls1_2")); 31e1051a39Sopenharmony_ci 32e1051a39Sopenharmony_ci$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; 33e1051a39Sopenharmony_ci 34e1051a39Sopenharmony_cimy $proxy = TLSProxy::Proxy->new( 35e1051a39Sopenharmony_ci undef, 36e1051a39Sopenharmony_ci cmdstr(app(["openssl"]), display => 1), 37e1051a39Sopenharmony_ci srctop_file("apps", "server.pem"), 38e1051a39Sopenharmony_ci (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) 39e1051a39Sopenharmony_ci); 40e1051a39Sopenharmony_ci 41e1051a39Sopenharmony_ci@handmessages = ( 42e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, 43e1051a39Sopenharmony_ci checkhandshake::ALL_HANDSHAKES], 44e1051a39Sopenharmony_ci [TLSProxy::Message::MT_SERVER_HELLO, 45e1051a39Sopenharmony_ci checkhandshake::ALL_HANDSHAKES], 46e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CERTIFICATE, 47e1051a39Sopenharmony_ci checkhandshake::ALL_HANDSHAKES 48e1051a39Sopenharmony_ci & ~checkhandshake::RESUME_HANDSHAKE], 49e1051a39Sopenharmony_ci (disabled("ec") ? () : 50e1051a39Sopenharmony_ci [TLSProxy::Message::MT_SERVER_KEY_EXCHANGE, 51e1051a39Sopenharmony_ci checkhandshake::EC_HANDSHAKE]), 52e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CERTIFICATE_STATUS, 53e1051a39Sopenharmony_ci checkhandshake::OCSP_HANDSHAKE], 54e1051a39Sopenharmony_ci #ServerKeyExchange handshakes not currently supported by TLSProxy 55e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CERTIFICATE_REQUEST, 56e1051a39Sopenharmony_ci checkhandshake::CLIENT_AUTH_HANDSHAKE], 57e1051a39Sopenharmony_ci [TLSProxy::Message::MT_SERVER_HELLO_DONE, 58e1051a39Sopenharmony_ci checkhandshake::ALL_HANDSHAKES 59e1051a39Sopenharmony_ci & ~checkhandshake::RESUME_HANDSHAKE], 60e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CERTIFICATE, 61e1051a39Sopenharmony_ci checkhandshake::CLIENT_AUTH_HANDSHAKE], 62e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_KEY_EXCHANGE, 63e1051a39Sopenharmony_ci checkhandshake::ALL_HANDSHAKES 64e1051a39Sopenharmony_ci & ~checkhandshake::RESUME_HANDSHAKE], 65e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CERTIFICATE_VERIFY, 66e1051a39Sopenharmony_ci checkhandshake::CLIENT_AUTH_HANDSHAKE], 67e1051a39Sopenharmony_ci [TLSProxy::Message::MT_NEXT_PROTO, 68e1051a39Sopenharmony_ci checkhandshake::NPN_HANDSHAKE], 69e1051a39Sopenharmony_ci [TLSProxy::Message::MT_FINISHED, 70e1051a39Sopenharmony_ci checkhandshake::ALL_HANDSHAKES], 71e1051a39Sopenharmony_ci [TLSProxy::Message::MT_NEW_SESSION_TICKET, 72e1051a39Sopenharmony_ci checkhandshake::ALL_HANDSHAKES 73e1051a39Sopenharmony_ci & ~checkhandshake::RESUME_HANDSHAKE], 74e1051a39Sopenharmony_ci [TLSProxy::Message::MT_FINISHED, 75e1051a39Sopenharmony_ci checkhandshake::ALL_HANDSHAKES], 76e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, 77e1051a39Sopenharmony_ci checkhandshake::RENEG_HANDSHAKE], 78e1051a39Sopenharmony_ci [TLSProxy::Message::MT_SERVER_HELLO, 79e1051a39Sopenharmony_ci checkhandshake::RENEG_HANDSHAKE], 80e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CERTIFICATE, 81e1051a39Sopenharmony_ci checkhandshake::RENEG_HANDSHAKE], 82e1051a39Sopenharmony_ci [TLSProxy::Message::MT_SERVER_HELLO_DONE, 83e1051a39Sopenharmony_ci checkhandshake::RENEG_HANDSHAKE], 84e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_KEY_EXCHANGE, 85e1051a39Sopenharmony_ci checkhandshake::RENEG_HANDSHAKE], 86e1051a39Sopenharmony_ci [TLSProxy::Message::MT_FINISHED, 87e1051a39Sopenharmony_ci checkhandshake::RENEG_HANDSHAKE], 88e1051a39Sopenharmony_ci [TLSProxy::Message::MT_NEW_SESSION_TICKET, 89e1051a39Sopenharmony_ci checkhandshake::RENEG_HANDSHAKE], 90e1051a39Sopenharmony_ci [TLSProxy::Message::MT_FINISHED, 91e1051a39Sopenharmony_ci checkhandshake::RENEG_HANDSHAKE], 92e1051a39Sopenharmony_ci [0, 0] 93e1051a39Sopenharmony_ci); 94e1051a39Sopenharmony_ci 95e1051a39Sopenharmony_ci@extensions = ( 96e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME, 97e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 98e1051a39Sopenharmony_ci checkhandshake::SERVER_NAME_CLI_EXTENSION], 99e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST, 100e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 101e1051a39Sopenharmony_ci checkhandshake::STATUS_REQUEST_CLI_EXTENSION], 102e1051a39Sopenharmony_ci (disabled("ec") ? () : 103e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, 104e1051a39Sopenharmony_ci TLSProxy::Message::EXT_SUPPORTED_GROUPS, 105e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 106e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS]), 107e1051a39Sopenharmony_ci (disabled("ec") ? () : 108e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, 109e1051a39Sopenharmony_ci TLSProxy::Message::EXT_EC_POINT_FORMATS, 110e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 111e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS]), 112e1051a39Sopenharmony_ci (disabled("tls1_2") ? () : 113e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS, 114e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 115e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS]), 116e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN, 117e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 118e1051a39Sopenharmony_ci checkhandshake::ALPN_CLI_EXTENSION], 119e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT, 120e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 121e1051a39Sopenharmony_ci checkhandshake::SCT_CLI_EXTENSION], 122e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC, 123e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 124e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS], 125e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET, 126e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 127e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS], 128e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET, 129e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 130e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS], 131e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_RENEGOTIATE, 132e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 133e1051a39Sopenharmony_ci checkhandshake::RENEGOTIATE_CLI_EXTENSION], 134e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_NPN, 135e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 136e1051a39Sopenharmony_ci checkhandshake::NPN_CLI_EXTENSION], 137e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SRP, 138e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 139e1051a39Sopenharmony_ci checkhandshake::SRP_CLI_EXTENSION], 140e1051a39Sopenharmony_ci 141e1051a39Sopenharmony_ci [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_RENEGOTIATE, 142e1051a39Sopenharmony_ci TLSProxy::Message::SERVER, 143e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS], 144e1051a39Sopenharmony_ci [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC, 145e1051a39Sopenharmony_ci TLSProxy::Message::SERVER, 146e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS], 147e1051a39Sopenharmony_ci [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET, 148e1051a39Sopenharmony_ci TLSProxy::Message::SERVER, 149e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS], 150e1051a39Sopenharmony_ci [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SESSION_TICKET, 151e1051a39Sopenharmony_ci TLSProxy::Message::SERVER, 152e1051a39Sopenharmony_ci checkhandshake::SESSION_TICKET_SRV_EXTENSION], 153e1051a39Sopenharmony_ci [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SERVER_NAME, 154e1051a39Sopenharmony_ci TLSProxy::Message::SERVER, 155e1051a39Sopenharmony_ci checkhandshake::SERVER_NAME_SRV_EXTENSION], 156e1051a39Sopenharmony_ci [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST, 157e1051a39Sopenharmony_ci TLSProxy::Message::SERVER, 158e1051a39Sopenharmony_ci checkhandshake::STATUS_REQUEST_SRV_EXTENSION], 159e1051a39Sopenharmony_ci [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_ALPN, 160e1051a39Sopenharmony_ci TLSProxy::Message::SERVER, 161e1051a39Sopenharmony_ci checkhandshake::ALPN_SRV_EXTENSION], 162e1051a39Sopenharmony_ci [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SCT, 163e1051a39Sopenharmony_ci TLSProxy::Message::SERVER, 164e1051a39Sopenharmony_ci checkhandshake::SCT_SRV_EXTENSION], 165e1051a39Sopenharmony_ci [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_NPN, 166e1051a39Sopenharmony_ci TLSProxy::Message::SERVER, 167e1051a39Sopenharmony_ci checkhandshake::NPN_SRV_EXTENSION], 168e1051a39Sopenharmony_ci [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS, 169e1051a39Sopenharmony_ci TLSProxy::Message::SERVER, 170e1051a39Sopenharmony_ci checkhandshake::EC_POINT_FORMAT_SRV_EXTENSION], 171e1051a39Sopenharmony_ci [0,0,0,0] 172e1051a39Sopenharmony_ci); 173e1051a39Sopenharmony_ci 174e1051a39Sopenharmony_ci#Test 1: Check we get all the right messages for a default handshake 175e1051a39Sopenharmony_ci(undef, my $session) = tempfile(); 176e1051a39Sopenharmony_ci$proxy->serverconnects(2); 177e1051a39Sopenharmony_ci$proxy->clientflags("-no_tls1_3 -sess_out ".$session); 178e1051a39Sopenharmony_ci$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; 179e1051a39Sopenharmony_ciplan tests => 21; 180e1051a39Sopenharmony_cicheckhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 181e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS, 182e1051a39Sopenharmony_ci "Default handshake test"); 183e1051a39Sopenharmony_ci 184e1051a39Sopenharmony_ci#Test 2: Resumption handshake 185e1051a39Sopenharmony_ci$proxy->clearClient(); 186e1051a39Sopenharmony_ci$proxy->clientflags("-no_tls1_3 -sess_in ".$session); 187e1051a39Sopenharmony_ci$proxy->clientstart(); 188e1051a39Sopenharmony_cicheckhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, 189e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS 190e1051a39Sopenharmony_ci & ~checkhandshake::SESSION_TICKET_SRV_EXTENSION, 191e1051a39Sopenharmony_ci "Resumption handshake test"); 192e1051a39Sopenharmony_ciunlink $session; 193e1051a39Sopenharmony_ci 194e1051a39Sopenharmony_ciSKIP: { 195e1051a39Sopenharmony_ci skip "No OCSP support in this OpenSSL build", 3 196e1051a39Sopenharmony_ci if disabled("ocsp"); 197e1051a39Sopenharmony_ci 198e1051a39Sopenharmony_ci #Test 3: A status_request handshake (client request only) 199e1051a39Sopenharmony_ci $proxy->clear(); 200e1051a39Sopenharmony_ci $proxy->clientflags("-no_tls1_3 -status"); 201e1051a39Sopenharmony_ci $proxy->start(); 202e1051a39Sopenharmony_ci checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 203e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS 204e1051a39Sopenharmony_ci | checkhandshake::STATUS_REQUEST_CLI_EXTENSION, 205e1051a39Sopenharmony_ci "status_request handshake test (client)"); 206e1051a39Sopenharmony_ci 207e1051a39Sopenharmony_ci #Test 4: A status_request handshake (server support only) 208e1051a39Sopenharmony_ci $proxy->clear(); 209e1051a39Sopenharmony_ci $proxy->clientflags("-no_tls1_3"); 210e1051a39Sopenharmony_ci $proxy->serverflags("-status_file " 211e1051a39Sopenharmony_ci .srctop_file("test", "recipes", "ocsp-response.der")); 212e1051a39Sopenharmony_ci $proxy->start(); 213e1051a39Sopenharmony_ci checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 214e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS, 215e1051a39Sopenharmony_ci "status_request handshake test (server)"); 216e1051a39Sopenharmony_ci 217e1051a39Sopenharmony_ci #Test 5: A status_request handshake (client and server) 218e1051a39Sopenharmony_ci $proxy->clear(); 219e1051a39Sopenharmony_ci $proxy->clientflags("-no_tls1_3 -status"); 220e1051a39Sopenharmony_ci $proxy->serverflags("-status_file " 221e1051a39Sopenharmony_ci .srctop_file("test", "recipes", "ocsp-response.der")); 222e1051a39Sopenharmony_ci $proxy->start(); 223e1051a39Sopenharmony_ci checkhandshake($proxy, checkhandshake::OCSP_HANDSHAKE, 224e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS 225e1051a39Sopenharmony_ci | checkhandshake::STATUS_REQUEST_CLI_EXTENSION 226e1051a39Sopenharmony_ci | checkhandshake::STATUS_REQUEST_SRV_EXTENSION, 227e1051a39Sopenharmony_ci "status_request handshake test"); 228e1051a39Sopenharmony_ci} 229e1051a39Sopenharmony_ci 230e1051a39Sopenharmony_ci#Test 6: A client auth handshake 231e1051a39Sopenharmony_ci$proxy->clear(); 232e1051a39Sopenharmony_ci$proxy->clientflags("-no_tls1_3 -cert ".srctop_file("apps", "server.pem")); 233e1051a39Sopenharmony_ci$proxy->serverflags("-Verify 5"); 234e1051a39Sopenharmony_ci$proxy->start(); 235e1051a39Sopenharmony_cicheckhandshake($proxy, checkhandshake::CLIENT_AUTH_HANDSHAKE, 236e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS, 237e1051a39Sopenharmony_ci "Client auth handshake test"); 238e1051a39Sopenharmony_ci 239e1051a39Sopenharmony_ci#Test 7: A handshake with a renegotiation 240e1051a39Sopenharmony_ci$proxy->clear(); 241e1051a39Sopenharmony_ci$proxy->clientflags("-no_tls1_3"); 242e1051a39Sopenharmony_ci$proxy->serverflags("-client_renegotiation"); 243e1051a39Sopenharmony_ci$proxy->reneg(1); 244e1051a39Sopenharmony_ci$proxy->start(); 245e1051a39Sopenharmony_cicheckhandshake($proxy, checkhandshake::RENEG_HANDSHAKE, 246e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS, 247e1051a39Sopenharmony_ci "Renegotiation handshake test"); 248e1051a39Sopenharmony_ci 249e1051a39Sopenharmony_ci#Test 8: Server name handshake (no client request) 250e1051a39Sopenharmony_ci$proxy->clear(); 251e1051a39Sopenharmony_ci$proxy->clientflags("-no_tls1_3 -noservername"); 252e1051a39Sopenharmony_ci$proxy->start(); 253e1051a39Sopenharmony_cicheckhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 254e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS 255e1051a39Sopenharmony_ci & ~checkhandshake::SERVER_NAME_CLI_EXTENSION, 256e1051a39Sopenharmony_ci "Server name handshake test (client)"); 257e1051a39Sopenharmony_ci 258e1051a39Sopenharmony_ci#Test 9: Server name handshake (server support only) 259e1051a39Sopenharmony_ci$proxy->clear(); 260e1051a39Sopenharmony_ci$proxy->clientflags("-no_tls1_3 -noservername"); 261e1051a39Sopenharmony_ci$proxy->serverflags("-servername testhost"); 262e1051a39Sopenharmony_ci$proxy->start(); 263e1051a39Sopenharmony_cicheckhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 264e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS 265e1051a39Sopenharmony_ci & ~checkhandshake::SERVER_NAME_CLI_EXTENSION, 266e1051a39Sopenharmony_ci "Server name handshake test (server)"); 267e1051a39Sopenharmony_ci 268e1051a39Sopenharmony_ci#Test 10: Server name handshake (client and server) 269e1051a39Sopenharmony_ci$proxy->clear(); 270e1051a39Sopenharmony_ci$proxy->clientflags("-no_tls1_3 -servername testhost"); 271e1051a39Sopenharmony_ci$proxy->serverflags("-servername testhost"); 272e1051a39Sopenharmony_ci$proxy->start(); 273e1051a39Sopenharmony_cicheckhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 274e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS 275e1051a39Sopenharmony_ci | checkhandshake::SERVER_NAME_SRV_EXTENSION, 276e1051a39Sopenharmony_ci "Server name handshake test"); 277e1051a39Sopenharmony_ci 278e1051a39Sopenharmony_ci#Test 11: ALPN handshake (client request only) 279e1051a39Sopenharmony_ci$proxy->clear(); 280e1051a39Sopenharmony_ci$proxy->clientflags("-no_tls1_3 -alpn test"); 281e1051a39Sopenharmony_ci$proxy->start(); 282e1051a39Sopenharmony_cicheckhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 283e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS 284e1051a39Sopenharmony_ci | checkhandshake::ALPN_CLI_EXTENSION, 285e1051a39Sopenharmony_ci "ALPN handshake test (client)"); 286e1051a39Sopenharmony_ci 287e1051a39Sopenharmony_ci#Test 12: ALPN handshake (server support only) 288e1051a39Sopenharmony_ci$proxy->clear(); 289e1051a39Sopenharmony_ci$proxy->clientflags("-no_tls1_3"); 290e1051a39Sopenharmony_ci$proxy->serverflags("-alpn test"); 291e1051a39Sopenharmony_ci$proxy->start(); 292e1051a39Sopenharmony_cicheckhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 293e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS, 294e1051a39Sopenharmony_ci "ALPN handshake test (server)"); 295e1051a39Sopenharmony_ci 296e1051a39Sopenharmony_ci#Test 13: ALPN handshake (client and server) 297e1051a39Sopenharmony_ci$proxy->clear(); 298e1051a39Sopenharmony_ci$proxy->clientflags("-no_tls1_3 -alpn test"); 299e1051a39Sopenharmony_ci$proxy->serverflags("-alpn test"); 300e1051a39Sopenharmony_ci$proxy->start(); 301e1051a39Sopenharmony_cicheckhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 302e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS 303e1051a39Sopenharmony_ci | checkhandshake::ALPN_CLI_EXTENSION 304e1051a39Sopenharmony_ci | checkhandshake::ALPN_SRV_EXTENSION, 305e1051a39Sopenharmony_ci "ALPN handshake test"); 306e1051a39Sopenharmony_ci 307e1051a39Sopenharmony_ciSKIP: { 308e1051a39Sopenharmony_ci skip "No CT, EC or OCSP support in this OpenSSL build", 1 309e1051a39Sopenharmony_ci if disabled("ct") || disabled("ec") || disabled("ocsp"); 310e1051a39Sopenharmony_ci 311e1051a39Sopenharmony_ci #Test 14: SCT handshake (client request only) 312e1051a39Sopenharmony_ci $proxy->clear(); 313e1051a39Sopenharmony_ci #Note: -ct also sends status_request 314e1051a39Sopenharmony_ci $proxy->clientflags("-no_tls1_3 -ct"); 315e1051a39Sopenharmony_ci $proxy->serverflags("-status_file " 316e1051a39Sopenharmony_ci .srctop_file("test", "recipes", "ocsp-response.der")); 317e1051a39Sopenharmony_ci $proxy->start(); 318e1051a39Sopenharmony_ci checkhandshake($proxy, checkhandshake::OCSP_HANDSHAKE, 319e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS 320e1051a39Sopenharmony_ci | checkhandshake::SCT_CLI_EXTENSION 321e1051a39Sopenharmony_ci | checkhandshake::STATUS_REQUEST_CLI_EXTENSION 322e1051a39Sopenharmony_ci | checkhandshake::STATUS_REQUEST_SRV_EXTENSION, 323e1051a39Sopenharmony_ci "SCT handshake test (client)"); 324e1051a39Sopenharmony_ci} 325e1051a39Sopenharmony_ci 326e1051a39Sopenharmony_ciSKIP: { 327e1051a39Sopenharmony_ci skip "No OCSP support in this OpenSSL build", 1 328e1051a39Sopenharmony_ci if disabled("ocsp"); 329e1051a39Sopenharmony_ci 330e1051a39Sopenharmony_ci #Test 15: SCT handshake (server support only) 331e1051a39Sopenharmony_ci $proxy->clear(); 332e1051a39Sopenharmony_ci #Note: -ct also sends status_request 333e1051a39Sopenharmony_ci $proxy->clientflags("-no_tls1_3"); 334e1051a39Sopenharmony_ci $proxy->serverflags("-status_file " 335e1051a39Sopenharmony_ci .srctop_file("test", "recipes", "ocsp-response.der")); 336e1051a39Sopenharmony_ci $proxy->start(); 337e1051a39Sopenharmony_ci checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 338e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS, 339e1051a39Sopenharmony_ci "SCT handshake test (server)"); 340e1051a39Sopenharmony_ci} 341e1051a39Sopenharmony_ci 342e1051a39Sopenharmony_ciSKIP: { 343e1051a39Sopenharmony_ci skip "No CT, EC or OCSP support in this OpenSSL build", 1 344e1051a39Sopenharmony_ci if disabled("ct") || disabled("ec") || disabled("ocsp"); 345e1051a39Sopenharmony_ci 346e1051a39Sopenharmony_ci #Test 16: SCT handshake (client and server) 347e1051a39Sopenharmony_ci #There is no built-in server side support for this so we are actually also 348e1051a39Sopenharmony_ci #testing custom extensions here 349e1051a39Sopenharmony_ci $proxy->clear(); 350e1051a39Sopenharmony_ci #Note: -ct also sends status_request 351e1051a39Sopenharmony_ci $proxy->clientflags("-no_tls1_3 -ct"); 352e1051a39Sopenharmony_ci $proxy->serverflags("-status_file " 353e1051a39Sopenharmony_ci .srctop_file("test", "recipes", "ocsp-response.der") 354e1051a39Sopenharmony_ci ." -serverinfo ".srctop_file("test", "serverinfo.pem")); 355e1051a39Sopenharmony_ci $proxy->start(); 356e1051a39Sopenharmony_ci checkhandshake($proxy, checkhandshake::OCSP_HANDSHAKE, 357e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS 358e1051a39Sopenharmony_ci | checkhandshake::SCT_CLI_EXTENSION 359e1051a39Sopenharmony_ci | checkhandshake::SCT_SRV_EXTENSION 360e1051a39Sopenharmony_ci | checkhandshake::STATUS_REQUEST_CLI_EXTENSION 361e1051a39Sopenharmony_ci | checkhandshake::STATUS_REQUEST_SRV_EXTENSION, 362e1051a39Sopenharmony_ci "SCT handshake test"); 363e1051a39Sopenharmony_ci} 364e1051a39Sopenharmony_ci 365e1051a39Sopenharmony_ci 366e1051a39Sopenharmony_ciSKIP: { 367e1051a39Sopenharmony_ci skip "No NPN support in this OpenSSL build", 3 368e1051a39Sopenharmony_ci if disabled("nextprotoneg"); 369e1051a39Sopenharmony_ci 370e1051a39Sopenharmony_ci #Test 17: NPN handshake (client request only) 371e1051a39Sopenharmony_ci $proxy->clear(); 372e1051a39Sopenharmony_ci $proxy->clientflags("-no_tls1_3 -nextprotoneg test"); 373e1051a39Sopenharmony_ci $proxy->start(); 374e1051a39Sopenharmony_ci checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 375e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS 376e1051a39Sopenharmony_ci | checkhandshake::NPN_CLI_EXTENSION, 377e1051a39Sopenharmony_ci "NPN handshake test (client)"); 378e1051a39Sopenharmony_ci 379e1051a39Sopenharmony_ci #Test 18: NPN handshake (server support only) 380e1051a39Sopenharmony_ci $proxy->clear(); 381e1051a39Sopenharmony_ci $proxy->clientflags("-no_tls1_3"); 382e1051a39Sopenharmony_ci $proxy->serverflags("-nextprotoneg test"); 383e1051a39Sopenharmony_ci $proxy->start(); 384e1051a39Sopenharmony_ci checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 385e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS, 386e1051a39Sopenharmony_ci "NPN handshake test (server)"); 387e1051a39Sopenharmony_ci 388e1051a39Sopenharmony_ci #Test 19: NPN handshake (client and server) 389e1051a39Sopenharmony_ci $proxy->clear(); 390e1051a39Sopenharmony_ci $proxy->clientflags("-no_tls1_3 -nextprotoneg test"); 391e1051a39Sopenharmony_ci $proxy->serverflags("-nextprotoneg test"); 392e1051a39Sopenharmony_ci $proxy->start(); 393e1051a39Sopenharmony_ci checkhandshake($proxy, checkhandshake::NPN_HANDSHAKE, 394e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS 395e1051a39Sopenharmony_ci | checkhandshake::NPN_CLI_EXTENSION 396e1051a39Sopenharmony_ci | checkhandshake::NPN_SRV_EXTENSION, 397e1051a39Sopenharmony_ci "NPN handshake test"); 398e1051a39Sopenharmony_ci} 399e1051a39Sopenharmony_ci 400e1051a39Sopenharmony_ciSKIP: { 401e1051a39Sopenharmony_ci skip "No SRP support in this OpenSSL build", 1 402e1051a39Sopenharmony_ci if disabled("srp"); 403e1051a39Sopenharmony_ci 404e1051a39Sopenharmony_ci #Test 20: SRP extension 405e1051a39Sopenharmony_ci #Note: We are not actually going to perform an SRP handshake (TLSProxy 406e1051a39Sopenharmony_ci #does not support it). However it is sufficient for us to check that the 407e1051a39Sopenharmony_ci #SRP extension gets added on the client side. There is no SRP extension 408e1051a39Sopenharmony_ci #generated on the server side anyway. 409e1051a39Sopenharmony_ci $proxy->clear(); 410e1051a39Sopenharmony_ci $proxy->clientflags("-no_tls1_3 -srpuser user -srppass pass:pass"); 411e1051a39Sopenharmony_ci $proxy->start(); 412e1051a39Sopenharmony_ci checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 413e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS 414e1051a39Sopenharmony_ci | checkhandshake::SRP_CLI_EXTENSION, 415e1051a39Sopenharmony_ci "SRP extension test"); 416e1051a39Sopenharmony_ci} 417e1051a39Sopenharmony_ci 418e1051a39Sopenharmony_ci#Test 21: EC handshake 419e1051a39Sopenharmony_ciSKIP: { 420e1051a39Sopenharmony_ci skip "No EC support in this OpenSSL build", 1 if disabled("ec"); 421e1051a39Sopenharmony_ci $proxy->clear(); 422e1051a39Sopenharmony_ci $proxy->clientflags("-no_tls1_3"); 423e1051a39Sopenharmony_ci $proxy->serverflags("-no_tls1_3"); 424e1051a39Sopenharmony_ci $proxy->ciphers("ECDHE-RSA-AES128-SHA"); 425e1051a39Sopenharmony_ci $proxy->start(); 426e1051a39Sopenharmony_ci checkhandshake($proxy, checkhandshake::EC_HANDSHAKE, 427e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS 428e1051a39Sopenharmony_ci | checkhandshake::EC_POINT_FORMAT_SRV_EXTENSION, 429e1051a39Sopenharmony_ci "EC handshake test"); 430e1051a39Sopenharmony_ci} 431