1e1051a39Sopenharmony_ci#! /usr/bin/env perl 2e1051a39Sopenharmony_ci# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. 3e1051a39Sopenharmony_ci# 4e1051a39Sopenharmony_ci# Licensed under the Apache License 2.0 (the "License"). You may not use 5e1051a39Sopenharmony_ci# this file except in compliance with the License. You can obtain a copy 6e1051a39Sopenharmony_ci# in the file LICENSE in the source distribution or at 7e1051a39Sopenharmony_ci# https://www.openssl.org/source/license.html 8e1051a39Sopenharmony_ci 9e1051a39Sopenharmony_ciuse strict; 10e1051a39Sopenharmony_ciuse OpenSSL::Test qw/:DEFAULT cmdstr srctop_file srctop_dir bldtop_dir/; 11e1051a39Sopenharmony_ciuse OpenSSL::Test::Utils; 12e1051a39Sopenharmony_ciuse File::Temp qw(tempfile); 13e1051a39Sopenharmony_ciuse TLSProxy::Proxy; 14e1051a39Sopenharmony_ciuse checkhandshake qw(checkhandshake @handmessages @extensions); 15e1051a39Sopenharmony_ci 16e1051a39Sopenharmony_cimy $test_name = "test_tls13messages"; 17e1051a39Sopenharmony_cisetup($test_name); 18e1051a39Sopenharmony_ci 19e1051a39Sopenharmony_ciplan skip_all => "TLSProxy isn't usable on $^O" 20e1051a39Sopenharmony_ci if $^O =~ /^(VMS)$/; 21e1051a39Sopenharmony_ci 22e1051a39Sopenharmony_ciplan skip_all => "$test_name needs the dynamic engine feature enabled" 23e1051a39Sopenharmony_ci if disabled("engine") || disabled("dynamic-engine"); 24e1051a39Sopenharmony_ci 25e1051a39Sopenharmony_ciplan skip_all => "$test_name needs the sock feature enabled" 26e1051a39Sopenharmony_ci if disabled("sock"); 27e1051a39Sopenharmony_ci 28e1051a39Sopenharmony_ciplan skip_all => "$test_name needs TLSv1.3 enabled" 29e1051a39Sopenharmony_ci if disabled("tls1_3"); 30e1051a39Sopenharmony_ci 31e1051a39Sopenharmony_ciplan skip_all => "$test_name needs EC enabled" 32e1051a39Sopenharmony_ci if disabled("ec"); 33e1051a39Sopenharmony_ci 34e1051a39Sopenharmony_ci$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; 35e1051a39Sopenharmony_ci 36e1051a39Sopenharmony_ci@handmessages = ( 37e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, 38e1051a39Sopenharmony_ci checkhandshake::ALL_HANDSHAKES], 39e1051a39Sopenharmony_ci [TLSProxy::Message::MT_SERVER_HELLO, 40e1051a39Sopenharmony_ci checkhandshake::HRR_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE], 41e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, 42e1051a39Sopenharmony_ci checkhandshake::HRR_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE], 43e1051a39Sopenharmony_ci [TLSProxy::Message::MT_SERVER_HELLO, 44e1051a39Sopenharmony_ci checkhandshake::ALL_HANDSHAKES], 45e1051a39Sopenharmony_ci [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, 46e1051a39Sopenharmony_ci checkhandshake::ALL_HANDSHAKES], 47e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CERTIFICATE_REQUEST, 48e1051a39Sopenharmony_ci checkhandshake::CLIENT_AUTH_HANDSHAKE], 49e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CERTIFICATE, 50e1051a39Sopenharmony_ci checkhandshake::ALL_HANDSHAKES & ~(checkhandshake::RESUME_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE)], 51e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CERTIFICATE_VERIFY, 52e1051a39Sopenharmony_ci checkhandshake::ALL_HANDSHAKES & ~(checkhandshake::RESUME_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE)], 53e1051a39Sopenharmony_ci [TLSProxy::Message::MT_FINISHED, 54e1051a39Sopenharmony_ci checkhandshake::ALL_HANDSHAKES], 55e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CERTIFICATE, 56e1051a39Sopenharmony_ci checkhandshake::CLIENT_AUTH_HANDSHAKE], 57e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CERTIFICATE_VERIFY, 58e1051a39Sopenharmony_ci checkhandshake::CLIENT_AUTH_HANDSHAKE], 59e1051a39Sopenharmony_ci [TLSProxy::Message::MT_FINISHED, 60e1051a39Sopenharmony_ci checkhandshake::ALL_HANDSHAKES], 61e1051a39Sopenharmony_ci [0, 0] 62e1051a39Sopenharmony_ci); 63e1051a39Sopenharmony_ci 64e1051a39Sopenharmony_ci@extensions = ( 65e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME, 66e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 67e1051a39Sopenharmony_ci checkhandshake::SERVER_NAME_CLI_EXTENSION], 68e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST, 69e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 70e1051a39Sopenharmony_ci checkhandshake::STATUS_REQUEST_CLI_EXTENSION], 71e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS, 72e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 73e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS], 74e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS, 75e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 76e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS], 77e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS, 78e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 79e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS], 80e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN, 81e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 82e1051a39Sopenharmony_ci checkhandshake::ALPN_CLI_EXTENSION], 83e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT, 84e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 85e1051a39Sopenharmony_ci checkhandshake::SCT_CLI_EXTENSION], 86e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC, 87e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 88e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS], 89e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET, 90e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 91e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS], 92e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET, 93e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 94e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS], 95e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE, 96e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 97e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS], 98e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, 99e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 100e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS], 101e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES, 102e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 103e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS], 104e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK, 105e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 106e1051a39Sopenharmony_ci checkhandshake::PSK_CLI_EXTENSION], 107e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_POST_HANDSHAKE_AUTH, 108e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 109e1051a39Sopenharmony_ci checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION], 110e1051a39Sopenharmony_ci 111e1051a39Sopenharmony_ci [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, 112e1051a39Sopenharmony_ci TLSProxy::Message::SERVER, 113e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS], 114e1051a39Sopenharmony_ci [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE, 115e1051a39Sopenharmony_ci TLSProxy::Message::SERVER, 116e1051a39Sopenharmony_ci checkhandshake::KEY_SHARE_HRR_EXTENSION], 117e1051a39Sopenharmony_ci 118e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME, 119e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 120e1051a39Sopenharmony_ci checkhandshake::SERVER_NAME_CLI_EXTENSION], 121e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST, 122e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 123e1051a39Sopenharmony_ci checkhandshake::STATUS_REQUEST_CLI_EXTENSION], 124e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS, 125e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 126e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS], 127e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS, 128e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 129e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS], 130e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS, 131e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 132e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS], 133e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN, 134e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 135e1051a39Sopenharmony_ci checkhandshake::ALPN_CLI_EXTENSION], 136e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT, 137e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 138e1051a39Sopenharmony_ci checkhandshake::SCT_CLI_EXTENSION], 139e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC, 140e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 141e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS], 142e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET, 143e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 144e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS], 145e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET, 146e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 147e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS], 148e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE, 149e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 150e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS], 151e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, 152e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 153e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS], 154e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES, 155e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 156e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS], 157e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK, 158e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 159e1051a39Sopenharmony_ci checkhandshake::PSK_CLI_EXTENSION], 160e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_POST_HANDSHAKE_AUTH, 161e1051a39Sopenharmony_ci TLSProxy::Message::CLIENT, 162e1051a39Sopenharmony_ci checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION], 163e1051a39Sopenharmony_ci 164e1051a39Sopenharmony_ci [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, 165e1051a39Sopenharmony_ci TLSProxy::Message::SERVER, 166e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS], 167e1051a39Sopenharmony_ci [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE, 168e1051a39Sopenharmony_ci TLSProxy::Message::SERVER, 169e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS], 170e1051a39Sopenharmony_ci [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_PSK, 171e1051a39Sopenharmony_ci TLSProxy::Message::SERVER, 172e1051a39Sopenharmony_ci checkhandshake::PSK_SRV_EXTENSION], 173e1051a39Sopenharmony_ci 174e1051a39Sopenharmony_ci [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_SERVER_NAME, 175e1051a39Sopenharmony_ci TLSProxy::Message::SERVER, 176e1051a39Sopenharmony_ci checkhandshake::SERVER_NAME_SRV_EXTENSION], 177e1051a39Sopenharmony_ci [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_ALPN, 178e1051a39Sopenharmony_ci TLSProxy::Message::SERVER, 179e1051a39Sopenharmony_ci checkhandshake::ALPN_SRV_EXTENSION], 180e1051a39Sopenharmony_ci [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_SUPPORTED_GROUPS, 181e1051a39Sopenharmony_ci TLSProxy::Message::SERVER, 182e1051a39Sopenharmony_ci checkhandshake::SUPPORTED_GROUPS_SRV_EXTENSION], 183e1051a39Sopenharmony_ci 184e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CERTIFICATE_REQUEST, TLSProxy::Message::EXT_SIG_ALGS, 185e1051a39Sopenharmony_ci TLSProxy::Message::SERVER, 186e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS], 187e1051a39Sopenharmony_ci 188e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_STATUS_REQUEST, 189e1051a39Sopenharmony_ci TLSProxy::Message::SERVER, 190e1051a39Sopenharmony_ci checkhandshake::STATUS_REQUEST_SRV_EXTENSION], 191e1051a39Sopenharmony_ci [TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_SCT, 192e1051a39Sopenharmony_ci TLSProxy::Message::SERVER, 193e1051a39Sopenharmony_ci checkhandshake::SCT_SRV_EXTENSION], 194e1051a39Sopenharmony_ci 195e1051a39Sopenharmony_ci [0,0,0,0] 196e1051a39Sopenharmony_ci); 197e1051a39Sopenharmony_ci 198e1051a39Sopenharmony_cimy $proxy = TLSProxy::Proxy->new( 199e1051a39Sopenharmony_ci undef, 200e1051a39Sopenharmony_ci cmdstr(app(["openssl"]), display => 1), 201e1051a39Sopenharmony_ci srctop_file("apps", "server.pem"), 202e1051a39Sopenharmony_ci (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) 203e1051a39Sopenharmony_ci); 204e1051a39Sopenharmony_ci 205e1051a39Sopenharmony_ci#Test 1: Check we get all the right messages for a default handshake 206e1051a39Sopenharmony_ci(undef, my $session) = tempfile(); 207e1051a39Sopenharmony_ci$proxy->serverconnects(2); 208e1051a39Sopenharmony_ci$proxy->clientflags("-sess_out ".$session); 209e1051a39Sopenharmony_ci$proxy->sessionfile($session); 210e1051a39Sopenharmony_ci$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; 211e1051a39Sopenharmony_ciplan tests => 17; 212e1051a39Sopenharmony_cicheckhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 213e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS, 214e1051a39Sopenharmony_ci "Default handshake test"); 215e1051a39Sopenharmony_ci 216e1051a39Sopenharmony_ci#Test 2: Resumption handshake 217e1051a39Sopenharmony_ci$proxy->clearClient(); 218e1051a39Sopenharmony_ci$proxy->clientflags("-sess_in ".$session); 219e1051a39Sopenharmony_ci$proxy->clientstart(); 220e1051a39Sopenharmony_cicheckhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, 221e1051a39Sopenharmony_ci (checkhandshake::DEFAULT_EXTENSIONS 222e1051a39Sopenharmony_ci | checkhandshake::PSK_CLI_EXTENSION 223e1051a39Sopenharmony_ci | checkhandshake::PSK_SRV_EXTENSION), 224e1051a39Sopenharmony_ci "Resumption handshake test"); 225e1051a39Sopenharmony_ci 226e1051a39Sopenharmony_ciSKIP: { 227e1051a39Sopenharmony_ci skip "No OCSP support in this OpenSSL build", 4 228e1051a39Sopenharmony_ci if disabled("ct") || disabled("ec") || disabled("ocsp"); 229e1051a39Sopenharmony_ci #Test 3: A status_request handshake (client request only) 230e1051a39Sopenharmony_ci $proxy->clear(); 231e1051a39Sopenharmony_ci $proxy->clientflags("-status"); 232e1051a39Sopenharmony_ci $proxy->start(); 233e1051a39Sopenharmony_ci checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 234e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS 235e1051a39Sopenharmony_ci | checkhandshake::STATUS_REQUEST_CLI_EXTENSION, 236e1051a39Sopenharmony_ci "status_request handshake test (client)"); 237e1051a39Sopenharmony_ci 238e1051a39Sopenharmony_ci #Test 4: A status_request handshake (server support only) 239e1051a39Sopenharmony_ci $proxy->clear(); 240e1051a39Sopenharmony_ci $proxy->serverflags("-status_file " 241e1051a39Sopenharmony_ci .srctop_file("test", "recipes", "ocsp-response.der")); 242e1051a39Sopenharmony_ci $proxy->start(); 243e1051a39Sopenharmony_ci checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 244e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS, 245e1051a39Sopenharmony_ci "status_request handshake test (server)"); 246e1051a39Sopenharmony_ci 247e1051a39Sopenharmony_ci #Test 5: A status_request handshake (client and server) 248e1051a39Sopenharmony_ci $proxy->clear(); 249e1051a39Sopenharmony_ci $proxy->clientflags("-status"); 250e1051a39Sopenharmony_ci $proxy->serverflags("-status_file " 251e1051a39Sopenharmony_ci .srctop_file("test", "recipes", "ocsp-response.der")); 252e1051a39Sopenharmony_ci $proxy->start(); 253e1051a39Sopenharmony_ci checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 254e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS 255e1051a39Sopenharmony_ci | checkhandshake::STATUS_REQUEST_CLI_EXTENSION 256e1051a39Sopenharmony_ci | checkhandshake::STATUS_REQUEST_SRV_EXTENSION, 257e1051a39Sopenharmony_ci "status_request handshake test"); 258e1051a39Sopenharmony_ci 259e1051a39Sopenharmony_ci #Test 6: A status_request handshake (client and server) with client auth 260e1051a39Sopenharmony_ci $proxy->clear(); 261e1051a39Sopenharmony_ci $proxy->clientflags("-status -enable_pha -cert " 262e1051a39Sopenharmony_ci .srctop_file("apps", "server.pem")); 263e1051a39Sopenharmony_ci $proxy->serverflags("-Verify 5 -status_file " 264e1051a39Sopenharmony_ci .srctop_file("test", "recipes", "ocsp-response.der")); 265e1051a39Sopenharmony_ci $proxy->start(); 266e1051a39Sopenharmony_ci checkhandshake($proxy, checkhandshake::CLIENT_AUTH_HANDSHAKE, 267e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS 268e1051a39Sopenharmony_ci | checkhandshake::STATUS_REQUEST_CLI_EXTENSION 269e1051a39Sopenharmony_ci | checkhandshake::STATUS_REQUEST_SRV_EXTENSION 270e1051a39Sopenharmony_ci | checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION, 271e1051a39Sopenharmony_ci "status_request handshake with client auth test"); 272e1051a39Sopenharmony_ci} 273e1051a39Sopenharmony_ci 274e1051a39Sopenharmony_ci#Test 7: A client auth handshake 275e1051a39Sopenharmony_ci$proxy->clear(); 276e1051a39Sopenharmony_ci$proxy->clientflags("-enable_pha -cert ".srctop_file("apps", "server.pem")); 277e1051a39Sopenharmony_ci$proxy->serverflags("-Verify 5"); 278e1051a39Sopenharmony_ci$proxy->start(); 279e1051a39Sopenharmony_cicheckhandshake($proxy, checkhandshake::CLIENT_AUTH_HANDSHAKE, 280e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS | 281e1051a39Sopenharmony_ci checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION, 282e1051a39Sopenharmony_ci "Client auth handshake test"); 283e1051a39Sopenharmony_ci 284e1051a39Sopenharmony_ci#Test 8: Server name handshake (no client request) 285e1051a39Sopenharmony_ci$proxy->clear(); 286e1051a39Sopenharmony_ci$proxy->clientflags("-noservername"); 287e1051a39Sopenharmony_ci$proxy->start(); 288e1051a39Sopenharmony_cicheckhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 289e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS 290e1051a39Sopenharmony_ci & ~checkhandshake::SERVER_NAME_CLI_EXTENSION, 291e1051a39Sopenharmony_ci "Server name handshake test (client)"); 292e1051a39Sopenharmony_ci 293e1051a39Sopenharmony_ci#Test 9: Server name handshake (server support only) 294e1051a39Sopenharmony_ci$proxy->clear(); 295e1051a39Sopenharmony_ci$proxy->clientflags("-noservername"); 296e1051a39Sopenharmony_ci$proxy->serverflags("-servername testhost"); 297e1051a39Sopenharmony_ci$proxy->start(); 298e1051a39Sopenharmony_cicheckhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 299e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS 300e1051a39Sopenharmony_ci & ~checkhandshake::SERVER_NAME_CLI_EXTENSION, 301e1051a39Sopenharmony_ci "Server name handshake test (server)"); 302e1051a39Sopenharmony_ci 303e1051a39Sopenharmony_ci#Test 10: Server name handshake (client and server) 304e1051a39Sopenharmony_ci$proxy->clear(); 305e1051a39Sopenharmony_ci$proxy->clientflags("-servername testhost"); 306e1051a39Sopenharmony_ci$proxy->serverflags("-servername testhost"); 307e1051a39Sopenharmony_ci$proxy->start(); 308e1051a39Sopenharmony_cicheckhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 309e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS 310e1051a39Sopenharmony_ci | checkhandshake::SERVER_NAME_SRV_EXTENSION, 311e1051a39Sopenharmony_ci "Server name handshake test"); 312e1051a39Sopenharmony_ci 313e1051a39Sopenharmony_ci#Test 11: ALPN handshake (client request only) 314e1051a39Sopenharmony_ci$proxy->clear(); 315e1051a39Sopenharmony_ci$proxy->clientflags("-alpn test"); 316e1051a39Sopenharmony_ci$proxy->start(); 317e1051a39Sopenharmony_cicheckhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 318e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS 319e1051a39Sopenharmony_ci | checkhandshake::ALPN_CLI_EXTENSION, 320e1051a39Sopenharmony_ci "ALPN handshake test (client)"); 321e1051a39Sopenharmony_ci 322e1051a39Sopenharmony_ci#Test 12: ALPN handshake (server support only) 323e1051a39Sopenharmony_ci$proxy->clear(); 324e1051a39Sopenharmony_ci$proxy->serverflags("-alpn test"); 325e1051a39Sopenharmony_ci$proxy->start(); 326e1051a39Sopenharmony_cicheckhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 327e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS, 328e1051a39Sopenharmony_ci "ALPN handshake test (server)"); 329e1051a39Sopenharmony_ci 330e1051a39Sopenharmony_ci#Test 13: ALPN handshake (client and server) 331e1051a39Sopenharmony_ci$proxy->clear(); 332e1051a39Sopenharmony_ci$proxy->clientflags("-alpn test"); 333e1051a39Sopenharmony_ci$proxy->serverflags("-alpn test"); 334e1051a39Sopenharmony_ci$proxy->start(); 335e1051a39Sopenharmony_cicheckhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 336e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS 337e1051a39Sopenharmony_ci | checkhandshake::ALPN_CLI_EXTENSION 338e1051a39Sopenharmony_ci | checkhandshake::ALPN_SRV_EXTENSION, 339e1051a39Sopenharmony_ci "ALPN handshake test"); 340e1051a39Sopenharmony_ci 341e1051a39Sopenharmony_ciSKIP: { 342e1051a39Sopenharmony_ci skip "No CT, EC or OCSP support in this OpenSSL build", 1 343e1051a39Sopenharmony_ci if disabled("ct") || disabled("ec") || disabled("ocsp"); 344e1051a39Sopenharmony_ci 345e1051a39Sopenharmony_ci #Test 14: SCT handshake (client request only) 346e1051a39Sopenharmony_ci $proxy->clear(); 347e1051a39Sopenharmony_ci #Note: -ct also sends status_request 348e1051a39Sopenharmony_ci $proxy->clientflags("-ct"); 349e1051a39Sopenharmony_ci $proxy->serverflags("-status_file " 350e1051a39Sopenharmony_ci .srctop_file("test", "recipes", "ocsp-response.der") 351e1051a39Sopenharmony_ci ." -serverinfo ".srctop_file("test", "serverinfo2.pem")); 352e1051a39Sopenharmony_ci $proxy->start(); 353e1051a39Sopenharmony_ci checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 354e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS 355e1051a39Sopenharmony_ci | checkhandshake::SCT_CLI_EXTENSION 356e1051a39Sopenharmony_ci | checkhandshake::SCT_SRV_EXTENSION 357e1051a39Sopenharmony_ci | checkhandshake::STATUS_REQUEST_CLI_EXTENSION 358e1051a39Sopenharmony_ci | checkhandshake::STATUS_REQUEST_SRV_EXTENSION, 359e1051a39Sopenharmony_ci "SCT handshake test"); 360e1051a39Sopenharmony_ci} 361e1051a39Sopenharmony_ci 362e1051a39Sopenharmony_ci#Test 15: HRR Handshake 363e1051a39Sopenharmony_ci$proxy->clear(); 364e1051a39Sopenharmony_ci$proxy->serverflags("-curves P-256"); 365e1051a39Sopenharmony_ci$proxy->start(); 366e1051a39Sopenharmony_cicheckhandshake($proxy, checkhandshake::HRR_HANDSHAKE, 367e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS 368e1051a39Sopenharmony_ci | checkhandshake::KEY_SHARE_HRR_EXTENSION, 369e1051a39Sopenharmony_ci "HRR handshake test"); 370e1051a39Sopenharmony_ci 371e1051a39Sopenharmony_ci#Test 16: Resumption handshake with HRR 372e1051a39Sopenharmony_ci$proxy->clear(); 373e1051a39Sopenharmony_ci$proxy->clientflags("-sess_in ".$session); 374e1051a39Sopenharmony_ci$proxy->serverflags("-curves P-256"); 375e1051a39Sopenharmony_ci$proxy->start(); 376e1051a39Sopenharmony_cicheckhandshake($proxy, checkhandshake::HRR_RESUME_HANDSHAKE, 377e1051a39Sopenharmony_ci (checkhandshake::DEFAULT_EXTENSIONS 378e1051a39Sopenharmony_ci | checkhandshake::KEY_SHARE_HRR_EXTENSION 379e1051a39Sopenharmony_ci | checkhandshake::PSK_CLI_EXTENSION 380e1051a39Sopenharmony_ci | checkhandshake::PSK_SRV_EXTENSION), 381e1051a39Sopenharmony_ci "Resumption handshake with HRR test"); 382e1051a39Sopenharmony_ci 383e1051a39Sopenharmony_ci#Test 17: Acceptable but non preferred key_share 384e1051a39Sopenharmony_ci$proxy->clear(); 385e1051a39Sopenharmony_ci$proxy->clientflags("-curves P-256"); 386e1051a39Sopenharmony_ci$proxy->start(); 387e1051a39Sopenharmony_cicheckhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 388e1051a39Sopenharmony_ci checkhandshake::DEFAULT_EXTENSIONS 389e1051a39Sopenharmony_ci | checkhandshake::SUPPORTED_GROUPS_SRV_EXTENSION, 390e1051a39Sopenharmony_ci "Acceptable but non preferred key_share"); 391e1051a39Sopenharmony_ci 392e1051a39Sopenharmony_ciunlink $session; 393