diff options
author | Emilia Kasper <emilia@openssl.org> | 2016-07-05 19:06:23 +0200 |
---|---|---|
committer | Emilia Kasper <emilia@openssl.org> | 2016-07-20 13:55:53 +0200 |
commit | 590ed3d7ea555b877859f6b491020112588fe1be (patch) | |
tree | 0461027d23e45e0e29fdaed81e92fbe4b324c065 /test/ssl_test.c | |
parent | 23dd0c9f8dc6f7edf4b872d13e5644dfbbee585b (diff) | |
download | openssl-590ed3d7ea555b877859f6b491020112588fe1be.tar.gz |
SSL test framework: port resumption tests
Systematically test every server-side version downgrade or upgrade.
Client version upgrade or downgrade could be tested analogously but will
be done in a later change.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'test/ssl_test.c')
-rw-r--r-- | test/ssl_test.c | 35 |
1 files changed, 33 insertions, 2 deletions
diff --git a/test/ssl_test.c b/test/ssl_test.c index 5a3aaa8d08..c5deeb209b 100644 --- a/test/ssl_test.c +++ b/test/ssl_test.c @@ -174,6 +174,21 @@ static int check_alpn(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) return ret; } +static int check_resumption(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) +{ + if (result->client_resumed != result->server_resumed) { + fprintf(stderr, "Resumption mismatch (client vs server): %d vs %d\n", + result->client_resumed, result->server_resumed); + return 0; + } + if (result->client_resumed != test_ctx->resumption_expected) { + fprintf(stderr, "ResumptionExpected mismatch: %d vs %d\n", + test_ctx->resumption_expected, result->client_resumed); + return 0; + } + return 1; +} + /* * This could be further simplified by constructing an expected * HANDSHAKE_RESULT, and implementing comparison methods for @@ -191,6 +206,7 @@ static int check_test(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) ret &= (result->session_ticket_do_not_call == 0); ret &= check_npn(result, test_ctx); ret &= check_alpn(result, test_ctx); + ret &= check_resumption(result, test_ctx); } return ret; } @@ -198,7 +214,8 @@ static int check_test(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) static int execute_test(SSL_TEST_FIXTURE fixture) { int ret = 0; - SSL_CTX *server_ctx = NULL, *server2_ctx = NULL, *client_ctx = NULL; + SSL_CTX *server_ctx = NULL, *server2_ctx = NULL, *client_ctx = NULL, + *resume_server_ctx = NULL; SSL_TEST_CTX *test_ctx = NULL; HANDSHAKE_RESULT *result = NULL; @@ -214,6 +231,10 @@ static int execute_test(SSL_TEST_FIXTURE fixture) OPENSSL_assert(server2_ctx != NULL); } client_ctx = SSL_CTX_new(DTLS_client_method()); + if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) { + resume_server_ctx = SSL_CTX_new(DTLS_server_method()); + OPENSSL_assert(resume_server_ctx != NULL); + } } #endif if (test_ctx->method == SSL_TEST_METHOD_TLS) { @@ -223,6 +244,11 @@ static int execute_test(SSL_TEST_FIXTURE fixture) OPENSSL_assert(server2_ctx != NULL); } client_ctx = SSL_CTX_new(TLS_client_method()); + + if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) { + resume_server_ctx = SSL_CTX_new(TLS_server_method()); + OPENSSL_assert(resume_server_ctx != NULL); + } } OPENSSL_assert(server_ctx != NULL && client_ctx != NULL); @@ -236,8 +262,12 @@ static int execute_test(SSL_TEST_FIXTURE fixture) if (server2_ctx != NULL && !SSL_CTX_config(server2_ctx, "server2")) goto err; + if (resume_server_ctx != NULL + && !SSL_CTX_config(resume_server_ctx, "resume-server")) + goto err; - result = do_handshake(server_ctx, server2_ctx, client_ctx, test_ctx); + result = do_handshake(server_ctx, server2_ctx, client_ctx, + resume_server_ctx, test_ctx); ret = check_test(result, test_ctx); @@ -246,6 +276,7 @@ err: SSL_CTX_free(server_ctx); SSL_CTX_free(server2_ctx); SSL_CTX_free(client_ctx); + SSL_CTX_free(resume_server_ctx); SSL_TEST_CTX_free(test_ctx); if (ret != 1) ERR_print_errors_fp(stderr); |