From 2ac6bdc02931ead9e028d6e41640b035e78bc722 Mon Sep 17 00:00:00 2001 From: Emilia Kasper Date: Mon, 8 Aug 2016 14:42:08 +0200 Subject: [PATCH] NPN and ALPN: test resumption In NPN and ALPN, the protocol is renegotiated upon resumption. Test that resumption picks up changes to the extension. Reviewed-by: Rich Salz --- test/recipes/80-test_ssl_old.t | 18 +- test/ssl-tests/08-npn.conf | 356 ++++++++++++++++++++++++++++++++- test/ssl-tests/08-npn.conf.in | 211 +++++++++++++++++-- test/ssl-tests/09-alpn.conf | 260 +++++++++++++++++++++++- test/ssl-tests/09-alpn.conf.in | 155 ++++++++++++-- test/ssl_test.tmpl | 2 +- 6 files changed, 950 insertions(+), 52 deletions(-) diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t index 8f43d6b691..631adbf7eb 100644 --- a/test/recipes/80-test_ssl_old.t +++ b/test/recipes/80-test_ssl_old.t @@ -79,7 +79,7 @@ my $client_sess="client.ss"; # new format in ssl_test.c and add recipes to 80-test_ssl_new.t instead. plan tests => 1 # For testss - +9 # For the first testssl + +8 # For the first testssl ; subtest 'test_ss' => sub { @@ -526,22 +526,6 @@ sub testssl { }; - subtest 'Next Protocol Negotiation Tests' => sub { - ###################################################################### - - plan tests => 2; - - SKIP: { - skip "TLSv1.0 is not supported by this OpenSSL build", 2 - if $no_tls1; - skip "Next Protocol Negotiation is not supported by this OpenSSL build", 2 - if disabled("nextprotoneg"); - - ok(run(test([@ssltest, "-bio_pair", "-tls1", "-npn_client", "-npn_server", "-num", "2"]))); - ok(run(test([@ssltest, "-bio_pair", "-tls1", "-npn_client", "-npn_server", "-num", "2", "-reuse"]))); - } - }; - subtest 'Custom Extension tests' => sub { ###################################################################### diff --git a/test/ssl-tests/08-npn.conf b/test/ssl-tests/08-npn.conf index 97d1d9fe69..9115ef458b 100644 --- a/test/ssl-tests/08-npn.conf +++ b/test/ssl-tests/08-npn.conf @@ -1,6 +1,6 @@ # Generated with generate_ssl_tests.pl -num_tests = 12 +num_tests = 20 test-0 = 0-npn-simple test-1 = 1-npn-client-finds-match @@ -14,6 +14,14 @@ test-8 = 8-npn-selected-sni-server-supports-npn test-9 = 9-npn-selected-sni-server-does-not-support-npn test-10 = 10-alpn-preferred-over-npn test-11 = 11-sni-npn-preferred-over-alpn +test-12 = 12-npn-simple-resumption +test-13 = 13-npn-server-switch-resumption +test-14 = 14-npn-client-switch-resumption +test-15 = 15-npn-client-first-pref-on-mismatch-resumption +test-16 = 16-npn-no-server-support-resumption +test-17 = 17-npn-no-client-support-resumption +test-18 = 18-alpn-preferred-over-npn-resumption +test-19 = 19-npn-used-if-alpn-not-supported-resumption # =========================================================== [0-npn-simple] @@ -438,3 +446,349 @@ NPNProtocols = bar ServerName = server2 +# =========================================================== + +[12-npn-simple-resumption] +ssl_conf = 12-npn-simple-resumption-ssl + +[12-npn-simple-resumption-ssl] +server = 12-npn-simple-resumption-server +client = 12-npn-simple-resumption-client +resume-server = 12-npn-simple-resumption-server +resume-client = 12-npn-simple-resumption-client + +[12-npn-simple-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-npn-simple-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedNPNProtocol = foo +HandshakeMode = Resume +ResumptionExpected = Yes +server = 12-npn-simple-resumption-server-extra +resume-server = 12-npn-simple-resumption-server-extra +client = 12-npn-simple-resumption-client-extra +resume-client = 12-npn-simple-resumption-client-extra + +[12-npn-simple-resumption-server-extra] +NPNProtocols = foo + +[12-npn-simple-resumption-client-extra] +NPNProtocols = foo + + +# =========================================================== + +[13-npn-server-switch-resumption] +ssl_conf = 13-npn-server-switch-resumption-ssl + +[13-npn-server-switch-resumption-ssl] +server = 13-npn-server-switch-resumption-server +client = 13-npn-server-switch-resumption-client +resume-server = 13-npn-server-switch-resumption-resume-server +resume-client = 13-npn-server-switch-resumption-client + +[13-npn-server-switch-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-npn-server-switch-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-npn-server-switch-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedNPNProtocol = baz +HandshakeMode = Resume +ResumptionExpected = Yes +server = 13-npn-server-switch-resumption-server-extra +resume-server = 13-npn-server-switch-resumption-resume-server-extra +client = 13-npn-server-switch-resumption-client-extra +resume-client = 13-npn-server-switch-resumption-client-extra + +[13-npn-server-switch-resumption-server-extra] +NPNProtocols = bar,foo + +[13-npn-server-switch-resumption-resume-server-extra] +NPNProtocols = baz,foo + +[13-npn-server-switch-resumption-client-extra] +NPNProtocols = foo,bar,baz + + +# =========================================================== + +[14-npn-client-switch-resumption] +ssl_conf = 14-npn-client-switch-resumption-ssl + +[14-npn-client-switch-resumption-ssl] +server = 14-npn-client-switch-resumption-server +client = 14-npn-client-switch-resumption-client +resume-server = 14-npn-client-switch-resumption-server +resume-client = 14-npn-client-switch-resumption-resume-client + +[14-npn-client-switch-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-npn-client-switch-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[14-npn-client-switch-resumption-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ExpectedNPNProtocol = bar +HandshakeMode = Resume +ResumptionExpected = Yes +server = 14-npn-client-switch-resumption-server-extra +resume-server = 14-npn-client-switch-resumption-server-extra +client = 14-npn-client-switch-resumption-client-extra +resume-client = 14-npn-client-switch-resumption-resume-client-extra + +[14-npn-client-switch-resumption-server-extra] +NPNProtocols = foo,bar,baz + +[14-npn-client-switch-resumption-client-extra] +NPNProtocols = foo,baz + +[14-npn-client-switch-resumption-resume-client-extra] +NPNProtocols = bar,baz + + +# =========================================================== + +[15-npn-client-first-pref-on-mismatch-resumption] +ssl_conf = 15-npn-client-first-pref-on-mismatch-resumption-ssl + +[15-npn-client-first-pref-on-mismatch-resumption-ssl] +server = 15-npn-client-first-pref-on-mismatch-resumption-server +client = 15-npn-client-first-pref-on-mismatch-resumption-client +resume-server = 15-npn-client-first-pref-on-mismatch-resumption-resume-server +resume-client = 15-npn-client-first-pref-on-mismatch-resumption-client + +[15-npn-client-first-pref-on-mismatch-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-npn-client-first-pref-on-mismatch-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-npn-client-first-pref-on-mismatch-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ExpectedNPNProtocol = foo +HandshakeMode = Resume +ResumptionExpected = Yes +server = 15-npn-client-first-pref-on-mismatch-resumption-server-extra +resume-server = 15-npn-client-first-pref-on-mismatch-resumption-resume-server-extra +client = 15-npn-client-first-pref-on-mismatch-resumption-client-extra +resume-client = 15-npn-client-first-pref-on-mismatch-resumption-client-extra + +[15-npn-client-first-pref-on-mismatch-resumption-server-extra] +NPNProtocols = bar + +[15-npn-client-first-pref-on-mismatch-resumption-resume-server-extra] +NPNProtocols = baz + +[15-npn-client-first-pref-on-mismatch-resumption-client-extra] +NPNProtocols = foo,bar + + +# =========================================================== + +[16-npn-no-server-support-resumption] +ssl_conf = 16-npn-no-server-support-resumption-ssl + +[16-npn-no-server-support-resumption-ssl] +server = 16-npn-no-server-support-resumption-server +client = 16-npn-no-server-support-resumption-client +resume-server = 16-npn-no-server-support-resumption-resume-server +resume-client = 16-npn-no-server-support-resumption-client + +[16-npn-no-server-support-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-npn-no-server-support-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-npn-no-server-support-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-16] +HandshakeMode = Resume +ResumptionExpected = Yes +server = 16-npn-no-server-support-resumption-server-extra +client = 16-npn-no-server-support-resumption-client-extra +resume-client = 16-npn-no-server-support-resumption-client-extra + +[16-npn-no-server-support-resumption-server-extra] +NPNProtocols = foo + +[16-npn-no-server-support-resumption-client-extra] +NPNProtocols = foo + + +# =========================================================== + +[17-npn-no-client-support-resumption] +ssl_conf = 17-npn-no-client-support-resumption-ssl + +[17-npn-no-client-support-resumption-ssl] +server = 17-npn-no-client-support-resumption-server +client = 17-npn-no-client-support-resumption-client +resume-server = 17-npn-no-client-support-resumption-server +resume-client = 17-npn-no-client-support-resumption-resume-client + +[17-npn-no-client-support-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[17-npn-no-client-support-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[17-npn-no-client-support-resumption-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-17] +HandshakeMode = Resume +ResumptionExpected = Yes +server = 17-npn-no-client-support-resumption-server-extra +resume-server = 17-npn-no-client-support-resumption-server-extra +client = 17-npn-no-client-support-resumption-client-extra + +[17-npn-no-client-support-resumption-server-extra] +NPNProtocols = foo + +[17-npn-no-client-support-resumption-client-extra] +NPNProtocols = foo + + +# =========================================================== + +[18-alpn-preferred-over-npn-resumption] +ssl_conf = 18-alpn-preferred-over-npn-resumption-ssl + +[18-alpn-preferred-over-npn-resumption-ssl] +server = 18-alpn-preferred-over-npn-resumption-server +client = 18-alpn-preferred-over-npn-resumption-client +resume-server = 18-alpn-preferred-over-npn-resumption-resume-server +resume-client = 18-alpn-preferred-over-npn-resumption-client + +[18-alpn-preferred-over-npn-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[18-alpn-preferred-over-npn-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[18-alpn-preferred-over-npn-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-18] +ExpectedALPNProtocol = foo +HandshakeMode = Resume +ResumptionExpected = Yes +server = 18-alpn-preferred-over-npn-resumption-server-extra +resume-server = 18-alpn-preferred-over-npn-resumption-resume-server-extra +client = 18-alpn-preferred-over-npn-resumption-client-extra +resume-client = 18-alpn-preferred-over-npn-resumption-client-extra + +[18-alpn-preferred-over-npn-resumption-server-extra] +NPNProtocols = bar + +[18-alpn-preferred-over-npn-resumption-resume-server-extra] +ALPNProtocols = foo +NPNProtocols = baz + +[18-alpn-preferred-over-npn-resumption-client-extra] +ALPNProtocols = foo +NPNProtocols = bar,baz + + +# =========================================================== + +[19-npn-used-if-alpn-not-supported-resumption] +ssl_conf = 19-npn-used-if-alpn-not-supported-resumption-ssl + +[19-npn-used-if-alpn-not-supported-resumption-ssl] +server = 19-npn-used-if-alpn-not-supported-resumption-server +client = 19-npn-used-if-alpn-not-supported-resumption-client +resume-server = 19-npn-used-if-alpn-not-supported-resumption-resume-server +resume-client = 19-npn-used-if-alpn-not-supported-resumption-client + +[19-npn-used-if-alpn-not-supported-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[19-npn-used-if-alpn-not-supported-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[19-npn-used-if-alpn-not-supported-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-19] +ExpectedNPNProtocol = baz +HandshakeMode = Resume +ResumptionExpected = Yes +server = 19-npn-used-if-alpn-not-supported-resumption-server-extra +resume-server = 19-npn-used-if-alpn-not-supported-resumption-resume-server-extra +client = 19-npn-used-if-alpn-not-supported-resumption-client-extra +resume-client = 19-npn-used-if-alpn-not-supported-resumption-client-extra + +[19-npn-used-if-alpn-not-supported-resumption-server-extra] +ALPNProtocols = foo +NPNProtocols = bar + +[19-npn-used-if-alpn-not-supported-resumption-resume-server-extra] +NPNProtocols = baz + +[19-npn-used-if-alpn-not-supported-resumption-client-extra] +ALPNProtocols = foo +NPNProtocols = bar,baz + + diff --git a/test/ssl-tests/08-npn.conf.in b/test/ssl-tests/08-npn.conf.in index 56ccaea1f0..8a1f4ec916 100644 --- a/test/ssl-tests/08-npn.conf.in +++ b/test/ssl-tests/08-npn.conf.in @@ -29,7 +29,7 @@ our @tests = ( }, }, test => { - "ExpectedNPNProtocol" => "foo", + "ExpectedNPNProtocol" => "foo", }, }, { @@ -45,7 +45,7 @@ our @tests = ( }, }, test => { - "ExpectedNPNProtocol" => "bar", + "ExpectedNPNProtocol" => "bar", }, }, { @@ -61,7 +61,7 @@ our @tests = ( }, }, test => { - "ExpectedNPNProtocol" => "bar", + "ExpectedNPNProtocol" => "bar", }, }, { @@ -77,7 +77,7 @@ our @tests = ( }, }, test => { - "ExpectedNPNProtocol" => "foo", + "ExpectedNPNProtocol" => "foo", }, }, { @@ -89,7 +89,7 @@ our @tests = ( }, }, test => { - "ExpectedNPNProtocol" => undef, + "ExpectedNPNProtocol" => undef, }, }, { @@ -101,7 +101,7 @@ our @tests = ( }, client => { }, test => { - "ExpectedNPNProtocol" => undef, + "ExpectedNPNProtocol" => undef, }, }, { @@ -124,8 +124,8 @@ our @tests = ( }, }, test => { - "ExpectedServerName" => "server1", - "ExpectedNPNProtocol" => "foo", + "ExpectedServerName" => "server1", + "ExpectedNPNProtocol" => "foo", }, }, { @@ -148,8 +148,8 @@ our @tests = ( }, }, test => { - "ExpectedServerName" => "server2", - "ExpectedNPNProtocol" => "bar", + "ExpectedServerName" => "server2", + "ExpectedNPNProtocol" => "bar", }, }, { @@ -171,8 +171,8 @@ our @tests = ( }, }, test => { - "ExpectedServerName" => "server2", - "ExpectedNPNProtocol" => "bar", + "ExpectedServerName" => "server2", + "ExpectedNPNProtocol" => "bar", }, }, { @@ -210,8 +210,8 @@ our @tests = ( }, }, test => { - "ExpectedALPNProtocol" => "foo", - "ExpectedNPNProtocol" => undef, + "ExpectedALPNProtocol" => "foo", + "ExpectedNPNProtocol" => undef, }, }, { @@ -235,9 +235,186 @@ our @tests = ( }, }, test => { - "ExpectedALPNProtocol" => undef, - "ExpectedNPNProtocol" => "bar", - "ExpectedServerName" => "server2", + "ExpectedALPNProtocol" => undef, + "ExpectedNPNProtocol" => "bar", + "ExpectedServerName" => "server2", + }, + }, + { + name => "npn-simple-resumption", + server => { + extra => { + "NPNProtocols" => "foo", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedNPNProtocol" => "foo", + }, + }, + { + name => "npn-server-switch-resumption", + server => { + extra => { + "NPNProtocols" => "bar,foo", + }, + }, + resume_server => { + extra => { + "NPNProtocols" => "baz,foo", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,bar,baz", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedNPNProtocol" => "baz", + }, + }, + { + name => "npn-client-switch-resumption", + server => { + extra => { + "NPNProtocols" => "foo,bar,baz", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,baz", + }, + }, + resume_client => { + extra => { + "NPNProtocols" => "bar,baz", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedNPNProtocol" => "bar", + }, + }, + { + name => "npn-client-first-pref-on-mismatch-resumption", + server => { + extra => { + "NPNProtocols" => "bar", + }, + }, + resume_server => { + extra => { + "NPNProtocols" => "baz", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,bar", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedNPNProtocol" => "foo", + }, + }, + { + name => "npn-no-server-support-resumption", + server => { + extra => { + "NPNProtocols" => "foo", + }, + }, + resume_server => { }, + client => { + extra => { + "NPNProtocols" => "foo", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedNPNProtocol" => undef, + }, + }, + { + name => "npn-no-client-support-resumption", + server => { + extra => { + "NPNProtocols" => "foo", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo", + }, + }, + resume_client => { }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedNPNProtocol" => undef, + }, + }, + { + name => "alpn-preferred-over-npn-resumption", + server => { + extra => { + "NPNProtocols" => "bar", + }, + }, + resume_server => { + extra => { + "ALPNProtocols" => "foo", + "NPNProtocols" => "baz", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo", + "NPNProtocols" => "bar,baz", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedALPNProtocol" => "foo", + "ExpectedNPNProtocol" => undef, + }, + }, + { + name => "npn-used-if-alpn-not-supported-resumption", + server => { + extra => { + "ALPNProtocols" => "foo", + "NPNProtocols" => "bar", + }, + }, + resume_server => { + extra => { + "NPNProtocols" => "baz", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo", + "NPNProtocols" => "bar,baz", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedALPNProtocol" => undef, + "ExpectedNPNProtocol" => "baz", }, }, ); diff --git a/test/ssl-tests/09-alpn.conf b/test/ssl-tests/09-alpn.conf index 58ddff3ab9..e7e6cb9534 100644 --- a/test/ssl-tests/09-alpn.conf +++ b/test/ssl-tests/09-alpn.conf @@ -1,6 +1,6 @@ # Generated with generate_ssl_tests.pl -num_tests = 10 +num_tests = 16 test-0 = 0-alpn-simple test-1 = 1-alpn-server-finds-match @@ -12,6 +12,12 @@ test-6 = 6-alpn-with-sni-no-context-switch test-7 = 7-alpn-with-sni-context-switch test-8 = 8-alpn-selected-sni-server-supports-alpn test-9 = 9-alpn-selected-sni-server-does-not-support-alpn +test-10 = 10-alpn-simple-resumption +test-11 = 11-alpn-server-switch-resumption +test-12 = 12-alpn-client-switch-resumption +test-13 = 13-alpn-alert-on-mismatch-resumption +test-14 = 14-alpn-no-server-support-resumption +test-15 = 15-alpn-no-client-support-resumption # =========================================================== [0-alpn-simple] @@ -359,3 +365,255 @@ ALPNProtocols = foo,bar ServerName = server2 +# =========================================================== + +[10-alpn-simple-resumption] +ssl_conf = 10-alpn-simple-resumption-ssl + +[10-alpn-simple-resumption-ssl] +server = 10-alpn-simple-resumption-server +client = 10-alpn-simple-resumption-client +resume-server = 10-alpn-simple-resumption-server +resume-client = 10-alpn-simple-resumption-client + +[10-alpn-simple-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-alpn-simple-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedALPNProtocol = foo +HandshakeMode = Resume +ResumptionExpected = Yes +server = 10-alpn-simple-resumption-server-extra +resume-server = 10-alpn-simple-resumption-server-extra +client = 10-alpn-simple-resumption-client-extra +resume-client = 10-alpn-simple-resumption-client-extra + +[10-alpn-simple-resumption-server-extra] +ALPNProtocols = foo + +[10-alpn-simple-resumption-client-extra] +ALPNProtocols = foo + + +# =========================================================== + +[11-alpn-server-switch-resumption] +ssl_conf = 11-alpn-server-switch-resumption-ssl + +[11-alpn-server-switch-resumption-ssl] +server = 11-alpn-server-switch-resumption-server +client = 11-alpn-server-switch-resumption-client +resume-server = 11-alpn-server-switch-resumption-resume-server +resume-client = 11-alpn-server-switch-resumption-client + +[11-alpn-server-switch-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-alpn-server-switch-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-alpn-server-switch-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedALPNProtocol = baz +HandshakeMode = Resume +ResumptionExpected = Yes +server = 11-alpn-server-switch-resumption-server-extra +resume-server = 11-alpn-server-switch-resumption-resume-server-extra +client = 11-alpn-server-switch-resumption-client-extra +resume-client = 11-alpn-server-switch-resumption-client-extra + +[11-alpn-server-switch-resumption-server-extra] +ALPNProtocols = bar,foo + +[11-alpn-server-switch-resumption-resume-server-extra] +ALPNProtocols = baz,foo + +[11-alpn-server-switch-resumption-client-extra] +ALPNProtocols = foo,bar,baz + + +# =========================================================== + +[12-alpn-client-switch-resumption] +ssl_conf = 12-alpn-client-switch-resumption-ssl + +[12-alpn-client-switch-resumption-ssl] +server = 12-alpn-client-switch-resumption-server +client = 12-alpn-client-switch-resumption-client +resume-server = 12-alpn-client-switch-resumption-server +resume-client = 12-alpn-client-switch-resumption-resume-client + +[12-alpn-client-switch-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-alpn-client-switch-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[12-alpn-client-switch-resumption-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedALPNProtocol = bar +HandshakeMode = Resume +ResumptionExpected = Yes +server = 12-alpn-client-switch-resumption-server-extra +resume-server = 12-alpn-client-switch-resumption-server-extra +client = 12-alpn-client-switch-resumption-client-extra +resume-client = 12-alpn-client-switch-resumption-resume-client-extra + +[12-alpn-client-switch-resumption-server-extra] +ALPNProtocols = foo,bar,baz + +[12-alpn-client-switch-resumption-client-extra] +ALPNProtocols = foo,baz + +[12-alpn-client-switch-resumption-resume-client-extra] +ALPNProtocols = bar,baz + + +# =========================================================== + +[13-alpn-alert-on-mismatch-resumption] +ssl_conf = 13-alpn-alert-on-mismatch-resumption-ssl + +[13-alpn-alert-on-mismatch-resumption-ssl] +server = 13-alpn-alert-on-mismatch-resumption-server +client = 13-alpn-alert-on-mismatch-resumption-client +resume-server = 13-alpn-alert-on-mismatch-resumption-resume-server +resume-client = 13-alpn-alert-on-mismatch-resumption-client + +[13-alpn-alert-on-mismatch-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-alpn-alert-on-mismatch-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-alpn-alert-on-mismatch-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedResult = ServerFail +ExpectedServerAlert = NoApplicationProtocol +HandshakeMode = Resume +server = 13-alpn-alert-on-mismatch-resumption-server-extra +resume-server = 13-alpn-alert-on-mismatch-resumption-resume-server-extra +client = 13-alpn-alert-on-mismatch-resumption-client-extra +resume-client = 13-alpn-alert-on-mismatch-resumption-client-extra + +[13-alpn-alert-on-mismatch-resumption-server-extra] +ALPNProtocols = bar + +[13-alpn-alert-on-mismatch-resumption-resume-server-extra] +ALPNProtocols = baz + +[13-alpn-alert-on-mismatch-resumption-client-extra] +ALPNProtocols = foo,bar + + +# =========================================================== + +[14-alpn-no-server-support-resumption] +ssl_conf = 14-alpn-no-server-support-resumption-ssl + +[14-alpn-no-server-support-resumption-ssl] +server = 14-alpn-no-server-support-resumption-server +client = 14-alpn-no-server-support-resumption-client +resume-server = 14-alpn-no-server-support-resumption-resume-server +resume-client = 14-alpn-no-server-support-resumption-client + +[14-alpn-no-server-support-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-alpn-no-server-support-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-alpn-no-server-support-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +HandshakeMode = Resume +ResumptionExpected = Yes +server = 14-alpn-no-server-support-resumption-server-extra +client = 14-alpn-no-server-support-resumption-client-extra +resume-client = 14-alpn-no-server-support-resumption-client-extra + +[14-alpn-no-server-support-resumption-server-extra] +ALPNProtocols = foo + +[14-alpn-no-server-support-resumption-client-extra] +ALPNProtocols = foo + + +# =========================================================== + +[15-alpn-no-client-support-resumption] +ssl_conf = 15-alpn-no-client-support-resumption-ssl + +[15-alpn-no-client-support-resumption-ssl] +server = 15-alpn-no-client-support-resumption-server +client = 15-alpn-no-client-support-resumption-client +resume-server = 15-alpn-no-client-support-resumption-server +resume-client = 15-alpn-no-client-support-resumption-resume-client + +[15-alpn-no-client-support-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-alpn-no-client-support-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[15-alpn-no-client-support-resumption-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +HandshakeMode = Resume +ResumptionExpected = Yes +server = 15-alpn-no-client-support-resumption-server-extra +resume-server = 15-alpn-no-client-support-resumption-server-extra +client = 15-alpn-no-client-support-resumption-client-extra + +[15-alpn-no-client-support-resumption-server-extra] +ALPNProtocols = foo + +[15-alpn-no-client-support-resumption-client-extra] +ALPNProtocols = foo + + diff --git a/test/ssl-tests/09-alpn.conf.in b/test/ssl-tests/09-alpn.conf.in index c637b3a11c..18560e1801 100644 --- a/test/ssl-tests/09-alpn.conf.in +++ b/test/ssl-tests/09-alpn.conf.in @@ -29,7 +29,7 @@ our @tests = ( }, }, test => { - "ExpectedALPNProtocol" => "foo", + "ExpectedALPNProtocol" => "foo", }, }, { @@ -45,7 +45,7 @@ our @tests = ( }, }, test => { - "ExpectedALPNProtocol" => "bar", + "ExpectedALPNProtocol" => "bar", }, }, { @@ -61,7 +61,7 @@ our @tests = ( }, }, test => { - "ExpectedALPNProtocol" => "bar", + "ExpectedALPNProtocol" => "bar", }, }, { @@ -77,8 +77,8 @@ our @tests = ( }, }, test => { - "ExpectedResult" => "ServerFail", - "ExpectedServerAlert" => "NoApplicationProtocol", + "ExpectedResult" => "ServerFail", + "ExpectedServerAlert" => "NoApplicationProtocol", }, }, { @@ -90,7 +90,7 @@ our @tests = ( }, }, test => { - "ExpectedALPNProtocol" => undef, + "ExpectedALPNProtocol" => undef, }, }, { @@ -102,7 +102,7 @@ our @tests = ( }, client => { }, test => { - "ExpectedALPNProtocol" => undef, + "ExpectedALPNProtocol" => undef, }, }, { @@ -125,8 +125,8 @@ our @tests = ( }, }, test => { - "ExpectedServerName" => "server1", - "ExpectedALPNProtocol" => "foo", + "ExpectedServerName" => "server1", + "ExpectedALPNProtocol" => "foo", }, }, { @@ -149,8 +149,8 @@ our @tests = ( }, }, test => { - "ExpectedServerName" => "server2", - "ExpectedALPNProtocol" => "bar", + "ExpectedServerName" => "server2", + "ExpectedALPNProtocol" => "bar", }, }, { @@ -172,8 +172,8 @@ our @tests = ( }, }, test => { - "ExpectedServerName" => "server2", - "ExpectedALPNProtocol" => "bar", + "ExpectedServerName" => "server2", + "ExpectedALPNProtocol" => "bar", }, }, { @@ -192,8 +192,133 @@ our @tests = ( }, }, test => { - "ExpectedServerName" => "server2", - "ExpectedALPNProtocol" => undef, + "ExpectedServerName" => "server2", + "ExpectedALPNProtocol" => undef, + }, + }, + { + name => "alpn-simple-resumption", + server => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedALPNProtocol" => "foo", + }, + }, + { + name => "alpn-server-switch-resumption", + server => { + extra => { + "ALPNProtocols" => "bar,foo", + }, + }, + resume_server => { + extra => { + "ALPNProtocols" => "baz,foo", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,bar,baz", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedALPNProtocol" => "baz", + }, + }, + { + name => "alpn-client-switch-resumption", + server => { + extra => { + "ALPNProtocols" => "foo,bar,baz", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,baz", + }, + }, + resume_client => { + extra => { + "ALPNProtocols" => "bar,baz", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedALPNProtocol" => "bar", + }, + }, + { + name => "alpn-alert-on-mismatch-resumption", + server => { + extra => { + "ALPNProtocols" => "bar", + }, + }, + resume_server => { + extra => { + "ALPNProtocols" => "baz", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,bar", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ExpectedResult" => "ServerFail", + "ExpectedServerAlert" => "NoApplicationProtocol", + }, + }, + { + name => "alpn-no-server-support-resumption", + server => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + resume_server => { }, + client => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedALPNProtocol" => undef, + }, + }, + { + name => "alpn-no-client-support-resumption", + server => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + resume_client => { }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedALPNProtocol" => undef, }, }, ); diff --git a/test/ssl_test.tmpl b/test/ssl_test.tmpl index cc3d99f94c..bdbfb11ace 100644 --- a/test/ssl_test.tmpl +++ b/test/ssl_test.tmpl @@ -85,7 +85,7 @@ client = {-$testname-}-client{- if (%resume_client && $resume_client{"extra"}) { $OUT .= "resume-client = $testname-resume-client-extra\n"; } elsif ($reuse_resume_client && $client{"extra"}) { - $OUT .= "client = $testname-client-extra\n"; + $OUT .= "resume-client = $testname-client-extra\n"; } if ($server{"extra"}) { -- GitLab