You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1169 lines
40 KiB
1169 lines
40 KiB
From 7ea1f6a85b299b976cb3f756b2a7f0153f31b2b6 Mon Sep 17 00:00:00 2001 |
|
From: Matt Caswell <matt@openssl.org> |
|
Date: Tue, 4 Jun 2024 15:47:32 +0100 |
|
Subject: [PATCH 06/10] Allow an empty NPN/ALPN protocol list in the tests |
|
|
|
Allow ourselves to configure an empty NPN/ALPN protocol list and test what |
|
happens if we do. |
|
|
|
Follow on from CVE-2024-5535 |
|
|
|
Reviewed-by: Neil Horman <nhorman@openssl.org> |
|
Reviewed-by: Tomas Mraz <tomas@openssl.org> |
|
(Merged from https://github.com/openssl/openssl/pull/24717) |
|
--- |
|
test/helpers/handshake.c | 6 + |
|
test/ssl-tests/08-npn.cnf | 553 +++++++++++++++++++--------------- |
|
test/ssl-tests/08-npn.cnf.in | 35 +++ |
|
test/ssl-tests/09-alpn.cnf | 66 +++- |
|
test/ssl-tests/09-alpn.cnf.in | 33 ++ |
|
5 files changed, 449 insertions(+), 244 deletions(-) |
|
|
|
diff --git a/test/helpers/handshake.c b/test/helpers/handshake.c |
|
index e0422469e4..6b1629b942 100644 |
|
--- a/test/helpers/handshake.c |
|
+++ b/test/helpers/handshake.c |
|
@@ -348,6 +348,12 @@ static int parse_protos(const char *protos, unsigned char **out, size_t *outlen) |
|
|
|
len = strlen(protos); |
|
|
|
+ if (len == 0) { |
|
+ *out = NULL; |
|
+ *outlen = 0; |
|
+ return 1; |
|
+ } |
|
+ |
|
/* Should never have reuse. */ |
|
if (!TEST_ptr_null(*out) |
|
/* Test values are small, so we omit length limit checks. */ |
|
diff --git a/test/ssl-tests/08-npn.cnf b/test/ssl-tests/08-npn.cnf |
|
index f38b3f6975..1931d02de4 100644 |
|
--- a/test/ssl-tests/08-npn.cnf |
|
+++ b/test/ssl-tests/08-npn.cnf |
|
@@ -1,6 +1,6 @@ |
|
# Generated with generate_ssl_tests.pl |
|
|
|
-num_tests = 20 |
|
+num_tests = 22 |
|
|
|
test-0 = 0-npn-simple |
|
test-1 = 1-npn-client-finds-match |
|
@@ -8,20 +8,22 @@ test-2 = 2-npn-client-honours-server-pref |
|
test-3 = 3-npn-client-first-pref-on-mismatch |
|
test-4 = 4-npn-no-server-support |
|
test-5 = 5-npn-no-client-support |
|
-test-6 = 6-npn-with-sni-no-context-switch |
|
-test-7 = 7-npn-with-sni-context-switch |
|
-test-8 = 8-npn-selected-sni-server-supports-npn |
|
-test-9 = 9-npn-selected-sni-server-does-not-support-npn |
|
-test-10 = 10-alpn-preferred-over-npn |
|
-test-11 = 11-sni-npn-preferred-over-alpn |
|
-test-12 = 12-npn-simple-resumption |
|
-test-13 = 13-npn-server-switch-resumption |
|
-test-14 = 14-npn-client-switch-resumption |
|
-test-15 = 15-npn-client-first-pref-on-mismatch-resumption |
|
-test-16 = 16-npn-no-server-support-resumption |
|
-test-17 = 17-npn-no-client-support-resumption |
|
-test-18 = 18-alpn-preferred-over-npn-resumption |
|
-test-19 = 19-npn-used-if-alpn-not-supported-resumption |
|
+test-6 = 6-npn-empty-client-list |
|
+test-7 = 7-npn-empty-server-list |
|
+test-8 = 8-npn-with-sni-no-context-switch |
|
+test-9 = 9-npn-with-sni-context-switch |
|
+test-10 = 10-npn-selected-sni-server-supports-npn |
|
+test-11 = 11-npn-selected-sni-server-does-not-support-npn |
|
+test-12 = 12-alpn-preferred-over-npn |
|
+test-13 = 13-sni-npn-preferred-over-alpn |
|
+test-14 = 14-npn-simple-resumption |
|
+test-15 = 15-npn-server-switch-resumption |
|
+test-16 = 16-npn-client-switch-resumption |
|
+test-17 = 17-npn-client-first-pref-on-mismatch-resumption |
|
+test-18 = 18-npn-no-server-support-resumption |
|
+test-19 = 19-npn-no-client-support-resumption |
|
+test-20 = 20-alpn-preferred-over-npn-resumption |
|
+test-21 = 21-npn-used-if-alpn-not-supported-resumption |
|
# =========================================================== |
|
|
|
[0-npn-simple] |
|
@@ -206,253 +208,318 @@ NPNProtocols = foo |
|
|
|
# =========================================================== |
|
|
|
-[6-npn-with-sni-no-context-switch] |
|
-ssl_conf = 6-npn-with-sni-no-context-switch-ssl |
|
+[6-npn-empty-client-list] |
|
+ssl_conf = 6-npn-empty-client-list-ssl |
|
|
|
-[6-npn-with-sni-no-context-switch-ssl] |
|
-server = 6-npn-with-sni-no-context-switch-server |
|
-client = 6-npn-with-sni-no-context-switch-client |
|
-server2 = 6-npn-with-sni-no-context-switch-server2 |
|
+[6-npn-empty-client-list-ssl] |
|
+server = 6-npn-empty-client-list-server |
|
+client = 6-npn-empty-client-list-client |
|
|
|
-[6-npn-with-sni-no-context-switch-server] |
|
+[6-npn-empty-client-list-server] |
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
|
CipherString = DEFAULT |
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
|
|
|
-[6-npn-with-sni-no-context-switch-server2] |
|
+[6-npn-empty-client-list-client] |
|
+CipherString = DEFAULT |
|
+MaxProtocol = TLSv1.2 |
|
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem |
|
+VerifyMode = Peer |
|
+ |
|
+[test-6] |
|
+ExpectedClientAlert = HandshakeFailure |
|
+ExpectedResult = ClientFail |
|
+server = 6-npn-empty-client-list-server-extra |
|
+client = 6-npn-empty-client-list-client-extra |
|
+ |
|
+[6-npn-empty-client-list-server-extra] |
|
+NPNProtocols = foo |
|
+ |
|
+[6-npn-empty-client-list-client-extra] |
|
+NPNProtocols = |
|
+ |
|
+ |
|
+# =========================================================== |
|
+ |
|
+[7-npn-empty-server-list] |
|
+ssl_conf = 7-npn-empty-server-list-ssl |
|
+ |
|
+[7-npn-empty-server-list-ssl] |
|
+server = 7-npn-empty-server-list-server |
|
+client = 7-npn-empty-server-list-client |
|
+ |
|
+[7-npn-empty-server-list-server] |
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
|
CipherString = DEFAULT |
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
|
|
|
-[6-npn-with-sni-no-context-switch-client] |
|
+[7-npn-empty-server-list-client] |
|
CipherString = DEFAULT |
|
MaxProtocol = TLSv1.2 |
|
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem |
|
VerifyMode = Peer |
|
|
|
-[test-6] |
|
+[test-7] |
|
+ExpectedNPNProtocol = foo |
|
+server = 7-npn-empty-server-list-server-extra |
|
+client = 7-npn-empty-server-list-client-extra |
|
+ |
|
+[7-npn-empty-server-list-server-extra] |
|
+NPNProtocols = |
|
+ |
|
+[7-npn-empty-server-list-client-extra] |
|
+NPNProtocols = foo |
|
+ |
|
+ |
|
+# =========================================================== |
|
+ |
|
+[8-npn-with-sni-no-context-switch] |
|
+ssl_conf = 8-npn-with-sni-no-context-switch-ssl |
|
+ |
|
+[8-npn-with-sni-no-context-switch-ssl] |
|
+server = 8-npn-with-sni-no-context-switch-server |
|
+client = 8-npn-with-sni-no-context-switch-client |
|
+server2 = 8-npn-with-sni-no-context-switch-server2 |
|
+ |
|
+[8-npn-with-sni-no-context-switch-server] |
|
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
|
+CipherString = DEFAULT |
|
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
|
+ |
|
+[8-npn-with-sni-no-context-switch-server2] |
|
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
|
+CipherString = DEFAULT |
|
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
|
+ |
|
+[8-npn-with-sni-no-context-switch-client] |
|
+CipherString = DEFAULT |
|
+MaxProtocol = TLSv1.2 |
|
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem |
|
+VerifyMode = Peer |
|
+ |
|
+[test-8] |
|
ExpectedNPNProtocol = foo |
|
ExpectedServerName = server1 |
|
-server = 6-npn-with-sni-no-context-switch-server-extra |
|
-server2 = 6-npn-with-sni-no-context-switch-server2-extra |
|
-client = 6-npn-with-sni-no-context-switch-client-extra |
|
+server = 8-npn-with-sni-no-context-switch-server-extra |
|
+server2 = 8-npn-with-sni-no-context-switch-server2-extra |
|
+client = 8-npn-with-sni-no-context-switch-client-extra |
|
|
|
-[6-npn-with-sni-no-context-switch-server-extra] |
|
+[8-npn-with-sni-no-context-switch-server-extra] |
|
NPNProtocols = foo |
|
ServerNameCallback = IgnoreMismatch |
|
|
|
-[6-npn-with-sni-no-context-switch-server2-extra] |
|
+[8-npn-with-sni-no-context-switch-server2-extra] |
|
NPNProtocols = bar |
|
|
|
-[6-npn-with-sni-no-context-switch-client-extra] |
|
+[8-npn-with-sni-no-context-switch-client-extra] |
|
NPNProtocols = foo,bar |
|
ServerName = server1 |
|
|
|
|
|
# =========================================================== |
|
|
|
-[7-npn-with-sni-context-switch] |
|
-ssl_conf = 7-npn-with-sni-context-switch-ssl |
|
+[9-npn-with-sni-context-switch] |
|
+ssl_conf = 9-npn-with-sni-context-switch-ssl |
|
|
|
-[7-npn-with-sni-context-switch-ssl] |
|
-server = 7-npn-with-sni-context-switch-server |
|
-client = 7-npn-with-sni-context-switch-client |
|
-server2 = 7-npn-with-sni-context-switch-server2 |
|
+[9-npn-with-sni-context-switch-ssl] |
|
+server = 9-npn-with-sni-context-switch-server |
|
+client = 9-npn-with-sni-context-switch-client |
|
+server2 = 9-npn-with-sni-context-switch-server2 |
|
|
|
-[7-npn-with-sni-context-switch-server] |
|
+[9-npn-with-sni-context-switch-server] |
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
|
CipherString = DEFAULT |
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
|
|
|
-[7-npn-with-sni-context-switch-server2] |
|
+[9-npn-with-sni-context-switch-server2] |
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
|
CipherString = DEFAULT |
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
|
|
|
-[7-npn-with-sni-context-switch-client] |
|
+[9-npn-with-sni-context-switch-client] |
|
CipherString = DEFAULT |
|
MaxProtocol = TLSv1.2 |
|
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem |
|
VerifyMode = Peer |
|
|
|
-[test-7] |
|
+[test-9] |
|
ExpectedNPNProtocol = bar |
|
ExpectedServerName = server2 |
|
-server = 7-npn-with-sni-context-switch-server-extra |
|
-server2 = 7-npn-with-sni-context-switch-server2-extra |
|
-client = 7-npn-with-sni-context-switch-client-extra |
|
+server = 9-npn-with-sni-context-switch-server-extra |
|
+server2 = 9-npn-with-sni-context-switch-server2-extra |
|
+client = 9-npn-with-sni-context-switch-client-extra |
|
|
|
-[7-npn-with-sni-context-switch-server-extra] |
|
+[9-npn-with-sni-context-switch-server-extra] |
|
NPNProtocols = foo |
|
ServerNameCallback = IgnoreMismatch |
|
|
|
-[7-npn-with-sni-context-switch-server2-extra] |
|
+[9-npn-with-sni-context-switch-server2-extra] |
|
NPNProtocols = bar |
|
|
|
-[7-npn-with-sni-context-switch-client-extra] |
|
+[9-npn-with-sni-context-switch-client-extra] |
|
NPNProtocols = foo,bar |
|
ServerName = server2 |
|
|
|
|
|
# =========================================================== |
|
|
|
-[8-npn-selected-sni-server-supports-npn] |
|
-ssl_conf = 8-npn-selected-sni-server-supports-npn-ssl |
|
+[10-npn-selected-sni-server-supports-npn] |
|
+ssl_conf = 10-npn-selected-sni-server-supports-npn-ssl |
|
|
|
-[8-npn-selected-sni-server-supports-npn-ssl] |
|
-server = 8-npn-selected-sni-server-supports-npn-server |
|
-client = 8-npn-selected-sni-server-supports-npn-client |
|
-server2 = 8-npn-selected-sni-server-supports-npn-server2 |
|
+[10-npn-selected-sni-server-supports-npn-ssl] |
|
+server = 10-npn-selected-sni-server-supports-npn-server |
|
+client = 10-npn-selected-sni-server-supports-npn-client |
|
+server2 = 10-npn-selected-sni-server-supports-npn-server2 |
|
|
|
-[8-npn-selected-sni-server-supports-npn-server] |
|
+[10-npn-selected-sni-server-supports-npn-server] |
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
|
CipherString = DEFAULT |
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
|
|
|
-[8-npn-selected-sni-server-supports-npn-server2] |
|
+[10-npn-selected-sni-server-supports-npn-server2] |
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
|
CipherString = DEFAULT |
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
|
|
|
-[8-npn-selected-sni-server-supports-npn-client] |
|
+[10-npn-selected-sni-server-supports-npn-client] |
|
CipherString = DEFAULT |
|
MaxProtocol = TLSv1.2 |
|
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem |
|
VerifyMode = Peer |
|
|
|
-[test-8] |
|
+[test-10] |
|
ExpectedNPNProtocol = bar |
|
ExpectedServerName = server2 |
|
-server = 8-npn-selected-sni-server-supports-npn-server-extra |
|
-server2 = 8-npn-selected-sni-server-supports-npn-server2-extra |
|
-client = 8-npn-selected-sni-server-supports-npn-client-extra |
|
+server = 10-npn-selected-sni-server-supports-npn-server-extra |
|
+server2 = 10-npn-selected-sni-server-supports-npn-server2-extra |
|
+client = 10-npn-selected-sni-server-supports-npn-client-extra |
|
|
|
-[8-npn-selected-sni-server-supports-npn-server-extra] |
|
+[10-npn-selected-sni-server-supports-npn-server-extra] |
|
ServerNameCallback = IgnoreMismatch |
|
|
|
-[8-npn-selected-sni-server-supports-npn-server2-extra] |
|
+[10-npn-selected-sni-server-supports-npn-server2-extra] |
|
NPNProtocols = bar |
|
|
|
-[8-npn-selected-sni-server-supports-npn-client-extra] |
|
+[10-npn-selected-sni-server-supports-npn-client-extra] |
|
NPNProtocols = foo,bar |
|
ServerName = server2 |
|
|
|
|
|
# =========================================================== |
|
|
|
-[9-npn-selected-sni-server-does-not-support-npn] |
|
-ssl_conf = 9-npn-selected-sni-server-does-not-support-npn-ssl |
|
+[11-npn-selected-sni-server-does-not-support-npn] |
|
+ssl_conf = 11-npn-selected-sni-server-does-not-support-npn-ssl |
|
|
|
-[9-npn-selected-sni-server-does-not-support-npn-ssl] |
|
-server = 9-npn-selected-sni-server-does-not-support-npn-server |
|
-client = 9-npn-selected-sni-server-does-not-support-npn-client |
|
-server2 = 9-npn-selected-sni-server-does-not-support-npn-server2 |
|
+[11-npn-selected-sni-server-does-not-support-npn-ssl] |
|
+server = 11-npn-selected-sni-server-does-not-support-npn-server |
|
+client = 11-npn-selected-sni-server-does-not-support-npn-client |
|
+server2 = 11-npn-selected-sni-server-does-not-support-npn-server2 |
|
|
|
-[9-npn-selected-sni-server-does-not-support-npn-server] |
|
+[11-npn-selected-sni-server-does-not-support-npn-server] |
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
|
CipherString = DEFAULT |
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
|
|
|
-[9-npn-selected-sni-server-does-not-support-npn-server2] |
|
+[11-npn-selected-sni-server-does-not-support-npn-server2] |
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
|
CipherString = DEFAULT |
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
|
|
|
-[9-npn-selected-sni-server-does-not-support-npn-client] |
|
+[11-npn-selected-sni-server-does-not-support-npn-client] |
|
CipherString = DEFAULT |
|
MaxProtocol = TLSv1.2 |
|
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem |
|
VerifyMode = Peer |
|
|
|
-[test-9] |
|
+[test-11] |
|
ExpectedServerName = server2 |
|
-server = 9-npn-selected-sni-server-does-not-support-npn-server-extra |
|
-client = 9-npn-selected-sni-server-does-not-support-npn-client-extra |
|
+server = 11-npn-selected-sni-server-does-not-support-npn-server-extra |
|
+client = 11-npn-selected-sni-server-does-not-support-npn-client-extra |
|
|
|
-[9-npn-selected-sni-server-does-not-support-npn-server-extra] |
|
+[11-npn-selected-sni-server-does-not-support-npn-server-extra] |
|
NPNProtocols = bar |
|
ServerNameCallback = IgnoreMismatch |
|
|
|
-[9-npn-selected-sni-server-does-not-support-npn-client-extra] |
|
+[11-npn-selected-sni-server-does-not-support-npn-client-extra] |
|
NPNProtocols = foo,bar |
|
ServerName = server2 |
|
|
|
|
|
# =========================================================== |
|
|
|
-[10-alpn-preferred-over-npn] |
|
-ssl_conf = 10-alpn-preferred-over-npn-ssl |
|
+[12-alpn-preferred-over-npn] |
|
+ssl_conf = 12-alpn-preferred-over-npn-ssl |
|
|
|
-[10-alpn-preferred-over-npn-ssl] |
|
-server = 10-alpn-preferred-over-npn-server |
|
-client = 10-alpn-preferred-over-npn-client |
|
+[12-alpn-preferred-over-npn-ssl] |
|
+server = 12-alpn-preferred-over-npn-server |
|
+client = 12-alpn-preferred-over-npn-client |
|
|
|
-[10-alpn-preferred-over-npn-server] |
|
+[12-alpn-preferred-over-npn-server] |
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
|
CipherString = DEFAULT |
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
|
|
|
-[10-alpn-preferred-over-npn-client] |
|
+[12-alpn-preferred-over-npn-client] |
|
CipherString = DEFAULT |
|
MaxProtocol = TLSv1.2 |
|
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem |
|
VerifyMode = Peer |
|
|
|
-[test-10] |
|
+[test-12] |
|
ExpectedALPNProtocol = foo |
|
-server = 10-alpn-preferred-over-npn-server-extra |
|
-client = 10-alpn-preferred-over-npn-client-extra |
|
+server = 12-alpn-preferred-over-npn-server-extra |
|
+client = 12-alpn-preferred-over-npn-client-extra |
|
|
|
-[10-alpn-preferred-over-npn-server-extra] |
|
+[12-alpn-preferred-over-npn-server-extra] |
|
ALPNProtocols = foo |
|
NPNProtocols = bar |
|
|
|
-[10-alpn-preferred-over-npn-client-extra] |
|
+[12-alpn-preferred-over-npn-client-extra] |
|
ALPNProtocols = foo |
|
NPNProtocols = bar |
|
|
|
|
|
# =========================================================== |
|
|
|
-[11-sni-npn-preferred-over-alpn] |
|
-ssl_conf = 11-sni-npn-preferred-over-alpn-ssl |
|
+[13-sni-npn-preferred-over-alpn] |
|
+ssl_conf = 13-sni-npn-preferred-over-alpn-ssl |
|
|
|
-[11-sni-npn-preferred-over-alpn-ssl] |
|
-server = 11-sni-npn-preferred-over-alpn-server |
|
-client = 11-sni-npn-preferred-over-alpn-client |
|
-server2 = 11-sni-npn-preferred-over-alpn-server2 |
|
+[13-sni-npn-preferred-over-alpn-ssl] |
|
+server = 13-sni-npn-preferred-over-alpn-server |
|
+client = 13-sni-npn-preferred-over-alpn-client |
|
+server2 = 13-sni-npn-preferred-over-alpn-server2 |
|
|
|
-[11-sni-npn-preferred-over-alpn-server] |
|
+[13-sni-npn-preferred-over-alpn-server] |
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
|
CipherString = DEFAULT |
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
|
|
|
-[11-sni-npn-preferred-over-alpn-server2] |
|
+[13-sni-npn-preferred-over-alpn-server2] |
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
|
CipherString = DEFAULT |
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
|
|
|
-[11-sni-npn-preferred-over-alpn-client] |
|
+[13-sni-npn-preferred-over-alpn-client] |
|
CipherString = DEFAULT |
|
MaxProtocol = TLSv1.2 |
|
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem |
|
VerifyMode = Peer |
|
|
|
-[test-11] |
|
+[test-13] |
|
ExpectedNPNProtocol = bar |
|
ExpectedServerName = server2 |
|
-server = 11-sni-npn-preferred-over-alpn-server-extra |
|
-server2 = 11-sni-npn-preferred-over-alpn-server2-extra |
|
-client = 11-sni-npn-preferred-over-alpn-client-extra |
|
+server = 13-sni-npn-preferred-over-alpn-server-extra |
|
+server2 = 13-sni-npn-preferred-over-alpn-server2-extra |
|
+client = 13-sni-npn-preferred-over-alpn-client-extra |
|
|
|
-[11-sni-npn-preferred-over-alpn-server-extra] |
|
+[13-sni-npn-preferred-over-alpn-server-extra] |
|
ALPNProtocols = foo |
|
ServerNameCallback = IgnoreMismatch |
|
|
|
-[11-sni-npn-preferred-over-alpn-server2-extra] |
|
+[13-sni-npn-preferred-over-alpn-server2-extra] |
|
NPNProtocols = bar |
|
|
|
-[11-sni-npn-preferred-over-alpn-client-extra] |
|
+[13-sni-npn-preferred-over-alpn-client-extra] |
|
ALPNProtocols = foo |
|
NPNProtocols = bar |
|
ServerName = server2 |
|
@@ -460,356 +527,356 @@ ServerName = server2 |
|
|
|
# =========================================================== |
|
|
|
-[12-npn-simple-resumption] |
|
-ssl_conf = 12-npn-simple-resumption-ssl |
|
+[14-npn-simple-resumption] |
|
+ssl_conf = 14-npn-simple-resumption-ssl |
|
|
|
-[12-npn-simple-resumption-ssl] |
|
-server = 12-npn-simple-resumption-server |
|
-client = 12-npn-simple-resumption-client |
|
-resume-server = 12-npn-simple-resumption-server |
|
-resume-client = 12-npn-simple-resumption-client |
|
+[14-npn-simple-resumption-ssl] |
|
+server = 14-npn-simple-resumption-server |
|
+client = 14-npn-simple-resumption-client |
|
+resume-server = 14-npn-simple-resumption-server |
|
+resume-client = 14-npn-simple-resumption-client |
|
|
|
-[12-npn-simple-resumption-server] |
|
+[14-npn-simple-resumption-server] |
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
|
CipherString = DEFAULT |
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
|
|
|
-[12-npn-simple-resumption-client] |
|
+[14-npn-simple-resumption-client] |
|
CipherString = DEFAULT |
|
MaxProtocol = TLSv1.2 |
|
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem |
|
VerifyMode = Peer |
|
|
|
-[test-12] |
|
+[test-14] |
|
ExpectedNPNProtocol = foo |
|
HandshakeMode = Resume |
|
ResumptionExpected = Yes |
|
-server = 12-npn-simple-resumption-server-extra |
|
-resume-server = 12-npn-simple-resumption-server-extra |
|
-client = 12-npn-simple-resumption-client-extra |
|
-resume-client = 12-npn-simple-resumption-client-extra |
|
+server = 14-npn-simple-resumption-server-extra |
|
+resume-server = 14-npn-simple-resumption-server-extra |
|
+client = 14-npn-simple-resumption-client-extra |
|
+resume-client = 14-npn-simple-resumption-client-extra |
|
|
|
-[12-npn-simple-resumption-server-extra] |
|
+[14-npn-simple-resumption-server-extra] |
|
NPNProtocols = foo |
|
|
|
-[12-npn-simple-resumption-client-extra] |
|
+[14-npn-simple-resumption-client-extra] |
|
NPNProtocols = foo |
|
|
|
|
|
# =========================================================== |
|
|
|
-[13-npn-server-switch-resumption] |
|
-ssl_conf = 13-npn-server-switch-resumption-ssl |
|
+[15-npn-server-switch-resumption] |
|
+ssl_conf = 15-npn-server-switch-resumption-ssl |
|
|
|
-[13-npn-server-switch-resumption-ssl] |
|
-server = 13-npn-server-switch-resumption-server |
|
-client = 13-npn-server-switch-resumption-client |
|
-resume-server = 13-npn-server-switch-resumption-resume-server |
|
-resume-client = 13-npn-server-switch-resumption-client |
|
+[15-npn-server-switch-resumption-ssl] |
|
+server = 15-npn-server-switch-resumption-server |
|
+client = 15-npn-server-switch-resumption-client |
|
+resume-server = 15-npn-server-switch-resumption-resume-server |
|
+resume-client = 15-npn-server-switch-resumption-client |
|
|
|
-[13-npn-server-switch-resumption-server] |
|
+[15-npn-server-switch-resumption-server] |
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
|
CipherString = DEFAULT |
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
|
|
|
-[13-npn-server-switch-resumption-resume-server] |
|
+[15-npn-server-switch-resumption-resume-server] |
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
|
CipherString = DEFAULT |
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
|
|
|
-[13-npn-server-switch-resumption-client] |
|
+[15-npn-server-switch-resumption-client] |
|
CipherString = DEFAULT |
|
MaxProtocol = TLSv1.2 |
|
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem |
|
VerifyMode = Peer |
|
|
|
-[test-13] |
|
+[test-15] |
|
ExpectedNPNProtocol = baz |
|
HandshakeMode = Resume |
|
ResumptionExpected = Yes |
|
-server = 13-npn-server-switch-resumption-server-extra |
|
-resume-server = 13-npn-server-switch-resumption-resume-server-extra |
|
-client = 13-npn-server-switch-resumption-client-extra |
|
-resume-client = 13-npn-server-switch-resumption-client-extra |
|
+server = 15-npn-server-switch-resumption-server-extra |
|
+resume-server = 15-npn-server-switch-resumption-resume-server-extra |
|
+client = 15-npn-server-switch-resumption-client-extra |
|
+resume-client = 15-npn-server-switch-resumption-client-extra |
|
|
|
-[13-npn-server-switch-resumption-server-extra] |
|
+[15-npn-server-switch-resumption-server-extra] |
|
NPNProtocols = bar,foo |
|
|
|
-[13-npn-server-switch-resumption-resume-server-extra] |
|
+[15-npn-server-switch-resumption-resume-server-extra] |
|
NPNProtocols = baz,foo |
|
|
|
-[13-npn-server-switch-resumption-client-extra] |
|
+[15-npn-server-switch-resumption-client-extra] |
|
NPNProtocols = foo,bar,baz |
|
|
|
|
|
# =========================================================== |
|
|
|
-[14-npn-client-switch-resumption] |
|
-ssl_conf = 14-npn-client-switch-resumption-ssl |
|
+[16-npn-client-switch-resumption] |
|
+ssl_conf = 16-npn-client-switch-resumption-ssl |
|
|
|
-[14-npn-client-switch-resumption-ssl] |
|
-server = 14-npn-client-switch-resumption-server |
|
-client = 14-npn-client-switch-resumption-client |
|
-resume-server = 14-npn-client-switch-resumption-server |
|
-resume-client = 14-npn-client-switch-resumption-resume-client |
|
+[16-npn-client-switch-resumption-ssl] |
|
+server = 16-npn-client-switch-resumption-server |
|
+client = 16-npn-client-switch-resumption-client |
|
+resume-server = 16-npn-client-switch-resumption-server |
|
+resume-client = 16-npn-client-switch-resumption-resume-client |
|
|
|
-[14-npn-client-switch-resumption-server] |
|
+[16-npn-client-switch-resumption-server] |
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
|
CipherString = DEFAULT |
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
|
|
|
-[14-npn-client-switch-resumption-client] |
|
+[16-npn-client-switch-resumption-client] |
|
CipherString = DEFAULT |
|
MaxProtocol = TLSv1.2 |
|
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem |
|
VerifyMode = Peer |
|
|
|
-[14-npn-client-switch-resumption-resume-client] |
|
+[16-npn-client-switch-resumption-resume-client] |
|
CipherString = DEFAULT |
|
MaxProtocol = TLSv1.2 |
|
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem |
|
VerifyMode = Peer |
|
|
|
-[test-14] |
|
+[test-16] |
|
ExpectedNPNProtocol = bar |
|
HandshakeMode = Resume |
|
ResumptionExpected = Yes |
|
-server = 14-npn-client-switch-resumption-server-extra |
|
-resume-server = 14-npn-client-switch-resumption-server-extra |
|
-client = 14-npn-client-switch-resumption-client-extra |
|
-resume-client = 14-npn-client-switch-resumption-resume-client-extra |
|
+server = 16-npn-client-switch-resumption-server-extra |
|
+resume-server = 16-npn-client-switch-resumption-server-extra |
|
+client = 16-npn-client-switch-resumption-client-extra |
|
+resume-client = 16-npn-client-switch-resumption-resume-client-extra |
|
|
|
-[14-npn-client-switch-resumption-server-extra] |
|
+[16-npn-client-switch-resumption-server-extra] |
|
NPNProtocols = foo,bar,baz |
|
|
|
-[14-npn-client-switch-resumption-client-extra] |
|
+[16-npn-client-switch-resumption-client-extra] |
|
NPNProtocols = foo,baz |
|
|
|
-[14-npn-client-switch-resumption-resume-client-extra] |
|
+[16-npn-client-switch-resumption-resume-client-extra] |
|
NPNProtocols = bar,baz |
|
|
|
|
|
# =========================================================== |
|
|
|
-[15-npn-client-first-pref-on-mismatch-resumption] |
|
-ssl_conf = 15-npn-client-first-pref-on-mismatch-resumption-ssl |
|
+[17-npn-client-first-pref-on-mismatch-resumption] |
|
+ssl_conf = 17-npn-client-first-pref-on-mismatch-resumption-ssl |
|
|
|
-[15-npn-client-first-pref-on-mismatch-resumption-ssl] |
|
-server = 15-npn-client-first-pref-on-mismatch-resumption-server |
|
-client = 15-npn-client-first-pref-on-mismatch-resumption-client |
|
-resume-server = 15-npn-client-first-pref-on-mismatch-resumption-resume-server |
|
-resume-client = 15-npn-client-first-pref-on-mismatch-resumption-client |
|
+[17-npn-client-first-pref-on-mismatch-resumption-ssl] |
|
+server = 17-npn-client-first-pref-on-mismatch-resumption-server |
|
+client = 17-npn-client-first-pref-on-mismatch-resumption-client |
|
+resume-server = 17-npn-client-first-pref-on-mismatch-resumption-resume-server |
|
+resume-client = 17-npn-client-first-pref-on-mismatch-resumption-client |
|
|
|
-[15-npn-client-first-pref-on-mismatch-resumption-server] |
|
+[17-npn-client-first-pref-on-mismatch-resumption-server] |
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
|
CipherString = DEFAULT |
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
|
|
|
-[15-npn-client-first-pref-on-mismatch-resumption-resume-server] |
|
+[17-npn-client-first-pref-on-mismatch-resumption-resume-server] |
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
|
CipherString = DEFAULT |
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
|
|
|
-[15-npn-client-first-pref-on-mismatch-resumption-client] |
|
+[17-npn-client-first-pref-on-mismatch-resumption-client] |
|
CipherString = DEFAULT |
|
MaxProtocol = TLSv1.2 |
|
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem |
|
VerifyMode = Peer |
|
|
|
-[test-15] |
|
+[test-17] |
|
ExpectedNPNProtocol = foo |
|
HandshakeMode = Resume |
|
ResumptionExpected = Yes |
|
-server = 15-npn-client-first-pref-on-mismatch-resumption-server-extra |
|
-resume-server = 15-npn-client-first-pref-on-mismatch-resumption-resume-server-extra |
|
-client = 15-npn-client-first-pref-on-mismatch-resumption-client-extra |
|
-resume-client = 15-npn-client-first-pref-on-mismatch-resumption-client-extra |
|
+server = 17-npn-client-first-pref-on-mismatch-resumption-server-extra |
|
+resume-server = 17-npn-client-first-pref-on-mismatch-resumption-resume-server-extra |
|
+client = 17-npn-client-first-pref-on-mismatch-resumption-client-extra |
|
+resume-client = 17-npn-client-first-pref-on-mismatch-resumption-client-extra |
|
|
|
-[15-npn-client-first-pref-on-mismatch-resumption-server-extra] |
|
+[17-npn-client-first-pref-on-mismatch-resumption-server-extra] |
|
NPNProtocols = bar |
|
|
|
-[15-npn-client-first-pref-on-mismatch-resumption-resume-server-extra] |
|
+[17-npn-client-first-pref-on-mismatch-resumption-resume-server-extra] |
|
NPNProtocols = baz |
|
|
|
-[15-npn-client-first-pref-on-mismatch-resumption-client-extra] |
|
+[17-npn-client-first-pref-on-mismatch-resumption-client-extra] |
|
NPNProtocols = foo,bar |
|
|
|
|
|
# =========================================================== |
|
|
|
-[16-npn-no-server-support-resumption] |
|
-ssl_conf = 16-npn-no-server-support-resumption-ssl |
|
+[18-npn-no-server-support-resumption] |
|
+ssl_conf = 18-npn-no-server-support-resumption-ssl |
|
|
|
-[16-npn-no-server-support-resumption-ssl] |
|
-server = 16-npn-no-server-support-resumption-server |
|
-client = 16-npn-no-server-support-resumption-client |
|
-resume-server = 16-npn-no-server-support-resumption-resume-server |
|
-resume-client = 16-npn-no-server-support-resumption-client |
|
+[18-npn-no-server-support-resumption-ssl] |
|
+server = 18-npn-no-server-support-resumption-server |
|
+client = 18-npn-no-server-support-resumption-client |
|
+resume-server = 18-npn-no-server-support-resumption-resume-server |
|
+resume-client = 18-npn-no-server-support-resumption-client |
|
|
|
-[16-npn-no-server-support-resumption-server] |
|
+[18-npn-no-server-support-resumption-server] |
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
|
CipherString = DEFAULT |
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
|
|
|
-[16-npn-no-server-support-resumption-resume-server] |
|
+[18-npn-no-server-support-resumption-resume-server] |
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
|
CipherString = DEFAULT |
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
|
|
|
-[16-npn-no-server-support-resumption-client] |
|
+[18-npn-no-server-support-resumption-client] |
|
CipherString = DEFAULT |
|
MaxProtocol = TLSv1.2 |
|
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem |
|
VerifyMode = Peer |
|
|
|
-[test-16] |
|
+[test-18] |
|
HandshakeMode = Resume |
|
ResumptionExpected = Yes |
|
-server = 16-npn-no-server-support-resumption-server-extra |
|
-client = 16-npn-no-server-support-resumption-client-extra |
|
-resume-client = 16-npn-no-server-support-resumption-client-extra |
|
+server = 18-npn-no-server-support-resumption-server-extra |
|
+client = 18-npn-no-server-support-resumption-client-extra |
|
+resume-client = 18-npn-no-server-support-resumption-client-extra |
|
|
|
-[16-npn-no-server-support-resumption-server-extra] |
|
+[18-npn-no-server-support-resumption-server-extra] |
|
NPNProtocols = foo |
|
|
|
-[16-npn-no-server-support-resumption-client-extra] |
|
+[18-npn-no-server-support-resumption-client-extra] |
|
NPNProtocols = foo |
|
|
|
|
|
# =========================================================== |
|
|
|
-[17-npn-no-client-support-resumption] |
|
-ssl_conf = 17-npn-no-client-support-resumption-ssl |
|
+[19-npn-no-client-support-resumption] |
|
+ssl_conf = 19-npn-no-client-support-resumption-ssl |
|
|
|
-[17-npn-no-client-support-resumption-ssl] |
|
-server = 17-npn-no-client-support-resumption-server |
|
-client = 17-npn-no-client-support-resumption-client |
|
-resume-server = 17-npn-no-client-support-resumption-server |
|
-resume-client = 17-npn-no-client-support-resumption-resume-client |
|
+[19-npn-no-client-support-resumption-ssl] |
|
+server = 19-npn-no-client-support-resumption-server |
|
+client = 19-npn-no-client-support-resumption-client |
|
+resume-server = 19-npn-no-client-support-resumption-server |
|
+resume-client = 19-npn-no-client-support-resumption-resume-client |
|
|
|
-[17-npn-no-client-support-resumption-server] |
|
+[19-npn-no-client-support-resumption-server] |
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
|
CipherString = DEFAULT |
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
|
|
|
-[17-npn-no-client-support-resumption-client] |
|
+[19-npn-no-client-support-resumption-client] |
|
CipherString = DEFAULT |
|
MaxProtocol = TLSv1.2 |
|
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem |
|
VerifyMode = Peer |
|
|
|
-[17-npn-no-client-support-resumption-resume-client] |
|
+[19-npn-no-client-support-resumption-resume-client] |
|
CipherString = DEFAULT |
|
MaxProtocol = TLSv1.2 |
|
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem |
|
VerifyMode = Peer |
|
|
|
-[test-17] |
|
+[test-19] |
|
HandshakeMode = Resume |
|
ResumptionExpected = Yes |
|
-server = 17-npn-no-client-support-resumption-server-extra |
|
-resume-server = 17-npn-no-client-support-resumption-server-extra |
|
-client = 17-npn-no-client-support-resumption-client-extra |
|
+server = 19-npn-no-client-support-resumption-server-extra |
|
+resume-server = 19-npn-no-client-support-resumption-server-extra |
|
+client = 19-npn-no-client-support-resumption-client-extra |
|
|
|
-[17-npn-no-client-support-resumption-server-extra] |
|
+[19-npn-no-client-support-resumption-server-extra] |
|
NPNProtocols = foo |
|
|
|
-[17-npn-no-client-support-resumption-client-extra] |
|
+[19-npn-no-client-support-resumption-client-extra] |
|
NPNProtocols = foo |
|
|
|
|
|
# =========================================================== |
|
|
|
-[18-alpn-preferred-over-npn-resumption] |
|
-ssl_conf = 18-alpn-preferred-over-npn-resumption-ssl |
|
+[20-alpn-preferred-over-npn-resumption] |
|
+ssl_conf = 20-alpn-preferred-over-npn-resumption-ssl |
|
|
|
-[18-alpn-preferred-over-npn-resumption-ssl] |
|
-server = 18-alpn-preferred-over-npn-resumption-server |
|
-client = 18-alpn-preferred-over-npn-resumption-client |
|
-resume-server = 18-alpn-preferred-over-npn-resumption-resume-server |
|
-resume-client = 18-alpn-preferred-over-npn-resumption-client |
|
+[20-alpn-preferred-over-npn-resumption-ssl] |
|
+server = 20-alpn-preferred-over-npn-resumption-server |
|
+client = 20-alpn-preferred-over-npn-resumption-client |
|
+resume-server = 20-alpn-preferred-over-npn-resumption-resume-server |
|
+resume-client = 20-alpn-preferred-over-npn-resumption-client |
|
|
|
-[18-alpn-preferred-over-npn-resumption-server] |
|
+[20-alpn-preferred-over-npn-resumption-server] |
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
|
CipherString = DEFAULT |
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
|
|
|
-[18-alpn-preferred-over-npn-resumption-resume-server] |
|
+[20-alpn-preferred-over-npn-resumption-resume-server] |
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
|
CipherString = DEFAULT |
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
|
|
|
-[18-alpn-preferred-over-npn-resumption-client] |
|
+[20-alpn-preferred-over-npn-resumption-client] |
|
CipherString = DEFAULT |
|
MaxProtocol = TLSv1.2 |
|
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem |
|
VerifyMode = Peer |
|
|
|
-[test-18] |
|
+[test-20] |
|
ExpectedALPNProtocol = foo |
|
HandshakeMode = Resume |
|
ResumptionExpected = Yes |
|
-server = 18-alpn-preferred-over-npn-resumption-server-extra |
|
-resume-server = 18-alpn-preferred-over-npn-resumption-resume-server-extra |
|
-client = 18-alpn-preferred-over-npn-resumption-client-extra |
|
-resume-client = 18-alpn-preferred-over-npn-resumption-client-extra |
|
+server = 20-alpn-preferred-over-npn-resumption-server-extra |
|
+resume-server = 20-alpn-preferred-over-npn-resumption-resume-server-extra |
|
+client = 20-alpn-preferred-over-npn-resumption-client-extra |
|
+resume-client = 20-alpn-preferred-over-npn-resumption-client-extra |
|
|
|
-[18-alpn-preferred-over-npn-resumption-server-extra] |
|
+[20-alpn-preferred-over-npn-resumption-server-extra] |
|
NPNProtocols = bar |
|
|
|
-[18-alpn-preferred-over-npn-resumption-resume-server-extra] |
|
+[20-alpn-preferred-over-npn-resumption-resume-server-extra] |
|
ALPNProtocols = foo |
|
NPNProtocols = baz |
|
|
|
-[18-alpn-preferred-over-npn-resumption-client-extra] |
|
+[20-alpn-preferred-over-npn-resumption-client-extra] |
|
ALPNProtocols = foo |
|
NPNProtocols = bar,baz |
|
|
|
|
|
# =========================================================== |
|
|
|
-[19-npn-used-if-alpn-not-supported-resumption] |
|
-ssl_conf = 19-npn-used-if-alpn-not-supported-resumption-ssl |
|
+[21-npn-used-if-alpn-not-supported-resumption] |
|
+ssl_conf = 21-npn-used-if-alpn-not-supported-resumption-ssl |
|
|
|
-[19-npn-used-if-alpn-not-supported-resumption-ssl] |
|
-server = 19-npn-used-if-alpn-not-supported-resumption-server |
|
-client = 19-npn-used-if-alpn-not-supported-resumption-client |
|
-resume-server = 19-npn-used-if-alpn-not-supported-resumption-resume-server |
|
-resume-client = 19-npn-used-if-alpn-not-supported-resumption-client |
|
+[21-npn-used-if-alpn-not-supported-resumption-ssl] |
|
+server = 21-npn-used-if-alpn-not-supported-resumption-server |
|
+client = 21-npn-used-if-alpn-not-supported-resumption-client |
|
+resume-server = 21-npn-used-if-alpn-not-supported-resumption-resume-server |
|
+resume-client = 21-npn-used-if-alpn-not-supported-resumption-client |
|
|
|
-[19-npn-used-if-alpn-not-supported-resumption-server] |
|
+[21-npn-used-if-alpn-not-supported-resumption-server] |
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
|
CipherString = DEFAULT |
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
|
|
|
-[19-npn-used-if-alpn-not-supported-resumption-resume-server] |
|
+[21-npn-used-if-alpn-not-supported-resumption-resume-server] |
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
|
CipherString = DEFAULT |
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
|
|
|
-[19-npn-used-if-alpn-not-supported-resumption-client] |
|
+[21-npn-used-if-alpn-not-supported-resumption-client] |
|
CipherString = DEFAULT |
|
MaxProtocol = TLSv1.2 |
|
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem |
|
VerifyMode = Peer |
|
|
|
-[test-19] |
|
+[test-21] |
|
ExpectedNPNProtocol = baz |
|
HandshakeMode = Resume |
|
ResumptionExpected = Yes |
|
-server = 19-npn-used-if-alpn-not-supported-resumption-server-extra |
|
-resume-server = 19-npn-used-if-alpn-not-supported-resumption-resume-server-extra |
|
-client = 19-npn-used-if-alpn-not-supported-resumption-client-extra |
|
-resume-client = 19-npn-used-if-alpn-not-supported-resumption-client-extra |
|
+server = 21-npn-used-if-alpn-not-supported-resumption-server-extra |
|
+resume-server = 21-npn-used-if-alpn-not-supported-resumption-resume-server-extra |
|
+client = 21-npn-used-if-alpn-not-supported-resumption-client-extra |
|
+resume-client = 21-npn-used-if-alpn-not-supported-resumption-client-extra |
|
|
|
-[19-npn-used-if-alpn-not-supported-resumption-server-extra] |
|
+[21-npn-used-if-alpn-not-supported-resumption-server-extra] |
|
ALPNProtocols = foo |
|
NPNProtocols = bar |
|
|
|
-[19-npn-used-if-alpn-not-supported-resumption-resume-server-extra] |
|
+[21-npn-used-if-alpn-not-supported-resumption-resume-server-extra] |
|
NPNProtocols = baz |
|
|
|
-[19-npn-used-if-alpn-not-supported-resumption-client-extra] |
|
+[21-npn-used-if-alpn-not-supported-resumption-client-extra] |
|
ALPNProtocols = foo |
|
NPNProtocols = bar,baz |
|
|
|
diff --git a/test/ssl-tests/08-npn.cnf.in b/test/ssl-tests/08-npn.cnf.in |
|
index 30783e45eb..1dc2704bdb 100644 |
|
--- a/test/ssl-tests/08-npn.cnf.in |
|
+++ b/test/ssl-tests/08-npn.cnf.in |
|
@@ -110,6 +110,41 @@ our @tests = ( |
|
"ExpectedNPNProtocol" => undef, |
|
}, |
|
}, |
|
+ { |
|
+ name => "npn-empty-client-list", |
|
+ server => { |
|
+ extra => { |
|
+ "NPNProtocols" => "foo", |
|
+ }, |
|
+ }, |
|
+ client => { |
|
+ extra => { |
|
+ "NPNProtocols" => "", |
|
+ }, |
|
+ "MaxProtocol" => "TLSv1.2" |
|
+ }, |
|
+ test => { |
|
+ "ExpectedResult" => "ClientFail", |
|
+ "ExpectedClientAlert" => "HandshakeFailure" |
|
+ }, |
|
+ }, |
|
+ { |
|
+ name => "npn-empty-server-list", |
|
+ server => { |
|
+ extra => { |
|
+ "NPNProtocols" => "", |
|
+ }, |
|
+ }, |
|
+ client => { |
|
+ extra => { |
|
+ "NPNProtocols" => "foo", |
|
+ }, |
|
+ "MaxProtocol" => "TLSv1.2" |
|
+ }, |
|
+ test => { |
|
+ "ExpectedNPNProtocol" => "foo" |
|
+ }, |
|
+ }, |
|
{ |
|
name => "npn-with-sni-no-context-switch", |
|
server => { |
|
diff --git a/test/ssl-tests/09-alpn.cnf b/test/ssl-tests/09-alpn.cnf |
|
index e7e6cb9534..dd668739ab 100644 |
|
--- a/test/ssl-tests/09-alpn.cnf |
|
+++ b/test/ssl-tests/09-alpn.cnf |
|
@@ -1,6 +1,6 @@ |
|
# Generated with generate_ssl_tests.pl |
|
|
|
-num_tests = 16 |
|
+num_tests = 18 |
|
|
|
test-0 = 0-alpn-simple |
|
test-1 = 1-alpn-server-finds-match |
|
@@ -18,6 +18,8 @@ test-12 = 12-alpn-client-switch-resumption |
|
test-13 = 13-alpn-alert-on-mismatch-resumption |
|
test-14 = 14-alpn-no-server-support-resumption |
|
test-15 = 15-alpn-no-client-support-resumption |
|
+test-16 = 16-alpn-empty-client-list |
|
+test-17 = 17-alpn-empty-server-list |
|
# =========================================================== |
|
|
|
[0-alpn-simple] |
|
@@ -617,3 +619,65 @@ ALPNProtocols = foo |
|
ALPNProtocols = foo |
|
|
|
|
|
+# =========================================================== |
|
+ |
|
+[16-alpn-empty-client-list] |
|
+ssl_conf = 16-alpn-empty-client-list-ssl |
|
+ |
|
+[16-alpn-empty-client-list-ssl] |
|
+server = 16-alpn-empty-client-list-server |
|
+client = 16-alpn-empty-client-list-client |
|
+ |
|
+[16-alpn-empty-client-list-server] |
|
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
|
+CipherString = DEFAULT |
|
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
|
+ |
|
+[16-alpn-empty-client-list-client] |
|
+CipherString = DEFAULT |
|
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem |
|
+VerifyMode = Peer |
|
+ |
|
+[test-16] |
|
+server = 16-alpn-empty-client-list-server-extra |
|
+client = 16-alpn-empty-client-list-client-extra |
|
+ |
|
+[16-alpn-empty-client-list-server-extra] |
|
+ALPNProtocols = foo |
|
+ |
|
+[16-alpn-empty-client-list-client-extra] |
|
+ALPNProtocols = |
|
+ |
|
+ |
|
+# =========================================================== |
|
+ |
|
+[17-alpn-empty-server-list] |
|
+ssl_conf = 17-alpn-empty-server-list-ssl |
|
+ |
|
+[17-alpn-empty-server-list-ssl] |
|
+server = 17-alpn-empty-server-list-server |
|
+client = 17-alpn-empty-server-list-client |
|
+ |
|
+[17-alpn-empty-server-list-server] |
|
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
|
+CipherString = DEFAULT |
|
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
|
+ |
|
+[17-alpn-empty-server-list-client] |
|
+CipherString = DEFAULT |
|
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem |
|
+VerifyMode = Peer |
|
+ |
|
+[test-17] |
|
+ExpectedResult = ServerFail |
|
+ExpectedServerAlert = NoApplicationProtocol |
|
+server = 17-alpn-empty-server-list-server-extra |
|
+client = 17-alpn-empty-server-list-client-extra |
|
+ |
|
+[17-alpn-empty-server-list-server-extra] |
|
+ALPNProtocols = |
|
+ |
|
+[17-alpn-empty-server-list-client-extra] |
|
+ALPNProtocols = foo |
|
+ |
|
+ |
|
diff --git a/test/ssl-tests/09-alpn.cnf.in b/test/ssl-tests/09-alpn.cnf.in |
|
index 81330756c6..322b7096a6 100644 |
|
--- a/test/ssl-tests/09-alpn.cnf.in |
|
+++ b/test/ssl-tests/09-alpn.cnf.in |
|
@@ -322,4 +322,37 @@ our @tests = ( |
|
"ExpectedALPNProtocol" => undef, |
|
}, |
|
}, |
|
+ { |
|
+ name => "alpn-empty-client-list", |
|
+ server => { |
|
+ extra => { |
|
+ "ALPNProtocols" => "foo", |
|
+ }, |
|
+ }, |
|
+ client => { |
|
+ extra => { |
|
+ "ALPNProtocols" => "", |
|
+ }, |
|
+ }, |
|
+ test => { |
|
+ "ExpectedALPNProtocol" => undef, |
|
+ }, |
|
+ }, |
|
+ { |
|
+ name => "alpn-empty-server-list", |
|
+ server => { |
|
+ extra => { |
|
+ "ALPNProtocols" => "", |
|
+ }, |
|
+ }, |
|
+ client => { |
|
+ extra => { |
|
+ "ALPNProtocols" => "foo", |
|
+ }, |
|
+ }, |
|
+ test => { |
|
+ "ExpectedResult" => "ServerFail", |
|
+ "ExpectedServerAlert" => "NoApplicationProtocol", |
|
+ }, |
|
+ }, |
|
); |
|
-- |
|
2.46.0 |
|
|
|
|