Add a test for CT in TLSv1.3

This also tests the SERVERINFO2 file format. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3298)
2025-04-06 20:20:50 +08:00 · 2017-04-13 16:55:45 +01:00 · 2017-04-13 16:55:45 +01:00 · c3a48c7b1d
commit c3a48c7b1d
parent b878afae4b
1 changed files with 25 additions and 19 deletions
--- a/test/recipes/70-test_tls13messages.t
+++ b/test/recipes/70-test_tls13messages.t
@ -126,6 +126,8 @@ $ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");

    [TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_STATUS_REQUEST,
        checkhandshake::STATUS_REQUEST_SRV_EXTENSION],
+    [TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_SCT,
+        checkhandshake::SCT_SRV_EXTENSION],

    [0,0,0]
 );
@ -257,25 +259,29 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
               | checkhandshake::ALPN_SRV_EXTENSION,
               "ALPN handshake test");

-#Test 13: SCT handshake (client request only)
-#TODO(TLS1.3): This only checks that the client side extension appears. The
-#SCT extension is unusual in that we have no built-in server side implementation
-#The server side implementation can nomrally be added using the custom
-#extensions framework (e.g. by using the "-serverinfo" s_server option). However
-#currently we only support <= TLS1.2 for custom extensions because the existing
-#framework and API has no knowledge of the TLS1.3 messages
-$proxy->clear();
-#Note: -ct also sends status_request
-$proxy->clientflags("-ct");
-$proxy->serverflags("-status_file "
-                    .srctop_file("test", "recipes", "ocsp-response.der"));
-$proxy->start();
-checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
-               checkhandshake::DEFAULT_EXTENSIONS
-               | checkhandshake::SCT_CLI_EXTENSION
-               | checkhandshake::STATUS_REQUEST_CLI_EXTENSION
-               | checkhandshake::STATUS_REQUEST_SRV_EXTENSION,
-               "SCT handshake test");
+SKIP: {
+    skip "No CT, EC or OCSP support in this OpenSSL build", 1
+        if disabled("ct") || disabled("ec") || disabled("ocsp");
+
+    #Test 13: SCT handshake (client request only)
+    $proxy->clear();
+    #Note: -ct also sends status_request
+    $proxy->clientflags("-ct");
+    $proxy->serverflags("-status_file "
+                        .srctop_file("test", "recipes", "ocsp-response.der")
+                        ." -serverinfo ".srctop_file("test", "serverinfo2.pem"));
+    $proxy->start();
+    checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
+                   checkhandshake::DEFAULT_EXTENSIONS
+                   | checkhandshake::SCT_CLI_EXTENSION
+                   | checkhandshake::SCT_SRV_EXTENSION
+                   | checkhandshake::STATUS_REQUEST_CLI_EXTENSION
+                   | checkhandshake::STATUS_REQUEST_SRV_EXTENSION,
+                   "SCT handshake test");
+}
+
+
+

 #Test 14: HRR Handshake
 $proxy->clear();