diff options
author | Matt Caswell <matt@openssl.org> | 2016-12-02 09:14:15 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-01-06 10:25:13 +0000 |
commit | e96e0f8e420c42f28b0e86c9cf757f152f696321 (patch) | |
tree | aa40a232274c0948c52af07df051ea75ecb37218 /test/testlib | |
parent | f97d4c370844081e5e735711bd8b91979313ce7b (diff) | |
download | openssl-e96e0f8e420c42f28b0e86c9cf757f152f696321.tar.gz |
Create Certificate messages in TLS1.3 format
Also updates TLSProxy to be able to understand the format and parse the
contained extensions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)
Diffstat (limited to 'test/testlib')
-rw-r--r-- | test/testlib/checkhandshake.pm | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/test/testlib/checkhandshake.pm b/test/testlib/checkhandshake.pm index 9529b949bd..0c3df6fde2 100644 --- a/test/testlib/checkhandshake.pm +++ b/test/testlib/checkhandshake.pm @@ -73,8 +73,14 @@ sub checkhandshake($$$$) if (($handtype & RENEG_HANDSHAKE) != 0) { $numtests += $#extensions + 2; } - #In TLS1.3 there are 3 messages with extensions (and no renegotiations) - $numtests += 1 if ($proxy->is_tls13()); + #In TLS1.3 there are 4 messages with extensions (i.e. 2 extra) and no + #renegotiations: 1 ClientHello, 1 ServerHello, 1 EncryptedExtensions, + #1 Certificate + $numtests += 2 if ($proxy->is_tls13()); + #Except in Client auth where we have an extra Certificate message, and + #one extension gets checked twice (once in each Certificate message) + $numtests += 2 if ($proxy->is_tls13() + && ($handtype & CLIENT_AUTH_HANDSHAKE) != 0); plan tests => $numtests; @@ -101,7 +107,11 @@ sub checkhandshake($$$$) next if ($message->mt() != TLSProxy::Message::MT_CLIENT_HELLO && $message->mt() != TLSProxy::Message::MT_SERVER_HELLO && $message->mt() != - TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS); + TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS + && $message->mt() != TLSProxy::Message::MT_CERTIFICATE); + + next if $message->mt() == TLSProxy::Message::MT_CERTIFICATE + && !TLSProxy::Proxy::is_tls13(); if ($message->mt() == TLSProxy::Message::MT_CLIENT_HELLO) { #Add renegotiate extension we will expect if renegotiating |