diff options
author | Matt Caswell <matt@openssl.org> | 2018-07-30 09:13:14 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-07-31 09:31:50 +0100 |
commit | 43a0f2733a943799060ea275516fcce00d89eb38 (patch) | |
tree | f306c49491086a35ac38767945b1a026006191ce /test/ssl-tests | |
parent | 50db81633ece00593b245afed0ed9480d7ffb334 (diff) | |
download | openssl-43a0f2733a943799060ea275516fcce00d89eb38.tar.gz |
Fix some TLSv1.3 alert issues
Ensure that the certificate required alert actually gets sent (and doesn't
get translated into handshake failure in TLSv1.3).
Ensure that proper reason codes are given for the new TLSv1.3 alerts.
Remove an out of date macro for TLS13_AD_END_OF_EARLY_DATA. This is a left
over from an earlier TLSv1.3 draft that is no longer used.
Fixes #6804
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6809)
Diffstat (limited to 'test/ssl-tests')
-rw-r--r-- | test/ssl-tests/04-client_auth.conf | 2 | ||||
-rw-r--r-- | test/ssl-tests/04-client_auth.conf.in | 4 | ||||
-rw-r--r-- | test/ssl-tests/26-tls13_client_auth.conf | 2 | ||||
-rw-r--r-- | test/ssl-tests/26-tls13_client_auth.conf.in | 2 |
4 files changed, 6 insertions, 4 deletions
diff --git a/test/ssl-tests/04-client_auth.conf b/test/ssl-tests/04-client_auth.conf index 5696394c1b..8debb66fd0 100644 --- a/test/ssl-tests/04-client_auth.conf +++ b/test/ssl-tests/04-client_auth.conf @@ -108,7 +108,7 @@ VerifyMode = Peer [test-2] ExpectedResult = ServerFail -ExpectedServerAlert = HandshakeFailure +ExpectedServerAlert = CertificateRequired # =========================================================== diff --git a/test/ssl-tests/04-client_auth.conf.in b/test/ssl-tests/04-client_auth.conf.in index a780e00699..b9c014d2c0 100644 --- a/test/ssl-tests/04-client_auth.conf.in +++ b/test/ssl-tests/04-client_auth.conf.in @@ -101,7 +101,9 @@ sub generate_tests() { }, test => { "ExpectedResult" => "ServerFail", - "ExpectedServerAlert" => "HandshakeFailure", + "ExpectedServerAlert" => + ($protocol_name eq "flex" && !disabled("tls1_3")) + ? "CertificateRequired" : "HandshakeFailure", "Method" => $method, }, }; diff --git a/test/ssl-tests/26-tls13_client_auth.conf b/test/ssl-tests/26-tls13_client_auth.conf index f769b1238d..55361dde73 100644 --- a/test/ssl-tests/26-tls13_client_auth.conf +++ b/test/ssl-tests/26-tls13_client_auth.conf @@ -98,7 +98,7 @@ VerifyMode = Peer [test-2] ExpectedResult = ServerFail -ExpectedServerAlert = HandshakeFailure +ExpectedServerAlert = CertificateRequired # =========================================================== diff --git a/test/ssl-tests/26-tls13_client_auth.conf.in b/test/ssl-tests/26-tls13_client_auth.conf.in index 6da41686fd..e53cda2304 100644 --- a/test/ssl-tests/26-tls13_client_auth.conf.in +++ b/test/ssl-tests/26-tls13_client_auth.conf.in @@ -61,7 +61,7 @@ our @tests = ( }, test => { "ExpectedResult" => "ServerFail", - "ExpectedServerAlert" => "HandshakeFailure", + "ExpectedServerAlert" => "CertificateRequired", }, }, { |