diff options
author | Matt Caswell <matt@openssl.org> | 2016-05-11 12:32:12 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-05-13 13:04:46 +0100 |
commit | 5f7267598d74c2d86c2ef52eab38c91957b19999 (patch) | |
tree | d6958370c1a10d62badd9bf2815dad6710b5fd97 | |
parent | c45d6b2b0dc9a0b191fc3dcaad8035addd1589e6 (diff) | |
download | openssl-new-5f7267598d74c2d86c2ef52eab38c91957b19999.tar.gz |
Add some additional NewSessionTicket tests
If the server does not send a session ticket extension, it should not then
send the NewSessionTicket message.
If the server sends the session ticket extension, it MUST then send the
NewSessionTicket message.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
-rwxr-xr-x | test/recipes/70-test_sslsessiontick.t | 39 |
1 files changed, 38 insertions, 1 deletions
diff --git a/test/recipes/70-test_sslsessiontick.t b/test/recipes/70-test_sslsessiontick.t index 2bf19e4306..c30ac44dac 100755 --- a/test/recipes/70-test_sslsessiontick.t +++ b/test/recipes/70-test_sslsessiontick.t @@ -45,7 +45,7 @@ my $proxy = TLSProxy::Proxy->new( (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) ); -plan tests => 8; +plan tests => 10; #Test 1: By default with no existing session we should get a session ticket #Expected result: ClientHello extension seen; ServerHello extension seen @@ -128,6 +128,23 @@ $proxy->clientstart(); # NewSessionTicket message not seen; Abbreviated handshake. checkmessages(8, "Empty ticket resumption test", 1, 0, 0, 0); +#Test 9: Bad server sends the ServerHello extension but does not send a +#NewSessionTicket +#Expected result: Connection failure +clearall(); +$proxy->serverflags("-no_ticket"); +$proxy->filter(\&inject_ticket_extension_filter); +$proxy->start(); +ok(TLSProxy::Message->fail, "Server sends ticket extension but no ticket test"); + +#Test10: Bad server does not send the ServerHello extension but does send a +#NewSessionTicket +#Expected result: Connection failure +clearall(); +$proxy->serverflags("-no_ticket"); +$proxy->filter(\&inject_empty_ticket_filter); +$proxy->start(); +ok(TLSProxy::Message->fail, "No server ticket extension but ticket sent test"); sub ticket_filter { @@ -171,6 +188,26 @@ sub inject_empty_ticket_filter { $proxy->message_list([@new_message_list]); } +sub inject_ticket_extension_filter +{ + my $proxy = shift; + + # We're only interested in the initial ServerHello + if ($proxy->flight != 1) { + return; + } + + foreach my $message (@{$proxy->message_list}) { + if ($message->mt == TLSProxy::Message::MT_SERVER_HELLO) { + #Add the session ticket extension to the ServerHello even though + #we are not going to send a NewSessionTicket message + $message->set_extension(TLSProxy::Message::EXT_SESSION_TICKET, ""); + + $message->repack(); + } + } +} + sub checkmessages($$$$$$) { my ($testno, $testname, $testch, $testsh, $testtickseen, $testhand) = @_; |