mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 05:21:51 +08:00
Code Issues Packages Projects Releases Wiki Activity
df0aa7770e
openssl/test/recipes/70-test_sslsessiontick.t
Matt Caswell b02b574317 Skip the TLSProxy tests if environmental problems are an issue 
On some platforms we can't startup the TLSProxy due to environmental
problems (e.g. network set up on the build machine). These aren't OpenSSL
problems so we shouldn't treat them as test failures. Just visibly
indicate that we are skipping the test.

We only skip the first time we attempt to start up the proxy. If that works
then everything else should do...if not we should probably investigate and
so report as a failure.

This also removes test_networking...there is a danger that this turns into
a test of user's environmental set up rather than OpenSSL.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-16 16:32:14 +01:00

269 lines
8.7 KiB
Perl
Executable File
Raw Blame History

#! /usr/bin/env perl
# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
use strict;
use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/;
use OpenSSL::Test::Utils;
use TLSProxy::Proxy;
use File::Temp qw(tempfile);
my $test_name = "test_sslsessiontick";
setup($test_name);
plan skip_all => "TLSProxy isn't usable on $^O"
if $^O =~ /^(VMS|MSWin32)$/;
plan skip_all => "$test_name needs the dynamic engine feature enabled"
if disabled("engine") || disabled("dynamic-engine");
plan skip_all => "$test_name needs the sock feature enabled"
if disabled("sock");
plan skip_all => "$test_name needs TLS enabled"
if alldisabled(available_protocols("tls"));
$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
sub checkmessages($$$$$$);
sub clearclient();
sub clearall();
my $chellotickext = 0;
my $shellotickext = 0;
my $fullhand = 0;
my $ticketseen = 0;
my $proxy = TLSProxy::Proxy->new(
undef,
cmdstr(app(["openssl"]), display => 1),
srctop_file("apps", "server.pem"),
(!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
);
#Test 1: By default with no existing session we should get a session ticket
#Expected result: ClientHello extension seen; ServerHello extension seen
# NewSessionTicket message seen; Full handshake
$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
plan tests => 10;
checkmessages(1, "Default session ticket test", 1, 1, 1, 1);
#Test 2: If the server does not accept tickets we should get a normal handshake
#with no session tickets
#Expected result: ClientHello extension seen; ServerHello extension not seen
# NewSessionTicket message not seen; Full handshake
clearall();
$proxy->serverflags("-no_ticket");
$proxy->start();
checkmessages(2, "No server support session ticket test", 1, 0, 0, 1);
#Test 3: If the client does not accept tickets we should get a normal handshake
#with no session tickets
#Expected result: ClientHello extension not seen; ServerHello extension not seen
# NewSessionTicket message not seen; Full handshake
clearall();
$proxy->clientflags("-no_ticket");
$proxy->start();
checkmessages(3, "No client support session ticket test", 0, 0, 0, 1);
#Test 4: Test session resumption with session ticket
#Expected result: ClientHello extension seen; ServerHello extension not seen
# NewSessionTicket message not seen; Abbreviated handshake
clearall();
(undef, my $session) = tempfile();
$proxy->serverconnects(2);
$proxy->clientflags("-sess_out ".$session);
$proxy->start();
$proxy->clearClient();
$proxy->clientflags("-sess_in ".$session);
$proxy->clientstart();
checkmessages(4, "Session resumption session ticket test", 1, 0, 0, 0);
unlink $session;
#Test 5: Test session resumption with ticket capable client without a ticket
#Expected result: ClientHello extension seen; ServerHello extension seen
# NewSessionTicket message seen; Abbreviated handshake
clearall();
(undef, $session) = tempfile();
$proxy->serverconnects(2);
$proxy->clientflags("-sess_out ".$session." -no_ticket");
$proxy->start();
$proxy->clearClient();
$proxy->clientflags("-sess_in ".$session);
$proxy->clientstart();
checkmessages(5, "Session resumption with ticket capable client without a "
."ticket", 1, 1, 1, 0);
unlink $session;
#Test 6: Client accepts empty ticket.
#Expected result: ClientHello extension seen; ServerHello extension seen;
# NewSessionTicket message seen; Full handshake.
clearall();
$proxy->filter(\&ticket_filter);
$proxy->start();
checkmessages(6, "Empty ticket test", 1, 1, 1, 1);
#Test 7-8: Client keeps existing ticket on empty ticket.
clearall();
(undef, $session) = tempfile();
$proxy->serverconnects(3);
$proxy->filter(undef);
$proxy->clientflags("-sess_out ".$session);
$proxy->start();
$proxy->clearClient();
$proxy->clientflags("-sess_in ".$session." -sess_out ".$session);
$proxy->filter(\&inject_empty_ticket_filter);
$proxy->clientstart();
#Expected result: ClientHello extension seen; ServerHello extension seen;
# NewSessionTicket message seen; Abbreviated handshake.
checkmessages(7, "Empty ticket resumption test", 1, 1, 1, 0);
clearclient();
$proxy->clientflags("-sess_in ".$session);
$proxy->filter(undef);
$proxy->clientstart();
#Expected result: ClientHello extension seen; ServerHello extension not seen;
# NewSessionTicket message not seen; Abbreviated handshake.
checkmessages(8, "Empty ticket resumption test", 1, 0, 0, 0);
unlink $session;
#Test 9: Bad server sends the ServerHello extension but does not send a
#NewSessionTicket
#Expected result: Connection failure
clearall();
$proxy->serverflags("-no_ticket");
$proxy->filter(\&inject_ticket_extension_filter);
$proxy->start();
ok(TLSProxy::Message->fail, "Server sends ticket extension but no ticket test");
#Test10: Bad server does not send the ServerHello extension but does send a
#NewSessionTicket
#Expected result: Connection failure
clearall();
$proxy->serverflags("-no_ticket");
$proxy->filter(\&inject_empty_ticket_filter);
$proxy->start();
ok(TLSProxy::Message->fail, "No server ticket extension but ticket sent test");
sub ticket_filter
{
my $proxy = shift;
foreach my $message (@{$proxy->message_list}) {
if ($message->mt == TLSProxy::Message::MT_NEW_SESSION_TICKET) {
$message->ticket("");
$message->repack();
}
}
}
sub inject_empty_ticket_filter {
my $proxy = shift;
foreach my $message (@{$proxy->message_list}) {
if ($message->mt == TLSProxy::Message::MT_NEW_SESSION_TICKET) {
# Only inject the message first time we're called.
return;
}
}
my @new_message_list = ();
foreach my $message (@{$proxy->message_list}) {
push @new_message_list, $message;
if ($message->mt == TLSProxy::Message::MT_SERVER_HELLO) {
$message->set_extension(TLSProxy::Message::EXT_SESSION_TICKET, "");
$message->repack();
# Tack NewSessionTicket onto the ServerHello record.
# This only works if the ServerHello is exactly one record.
my $record = ${$message->records}[0];
my $offset = $message->startoffset + $message->encoded_length;
my $newsessionticket = TLSProxy::NewSessionTicket->new(
1, "", [$record], $offset, []);
$newsessionticket->repack();
push @new_message_list, $newsessionticket;
}
}
$proxy->message_list([@new_message_list]);
}
sub inject_ticket_extension_filter
{
my $proxy = shift;
# We're only interested in the initial ServerHello
if ($proxy->flight != 1) {
return;
}
foreach my $message (@{$proxy->message_list}) {
if ($message->mt == TLSProxy::Message::MT_SERVER_HELLO) {
#Add the session ticket extension to the ServerHello even though
#we are not going to send a NewSessionTicket message
$message->set_extension(TLSProxy::Message::EXT_SESSION_TICKET, "");
$message->repack();
}
}
}
sub checkmessages($$$$$$)
{
my ($testno, $testname, $testch, $testsh, $testtickseen, $testhand) = @_;
subtest $testname => sub {
foreach my $message (@{$proxy->message_list}) {
if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO
|| $message->mt == TLSProxy::Message::MT_SERVER_HELLO) {
#Get the extensions data
my %extensions = %{$message->extension_data};
if (defined
$extensions{TLSProxy::Message::EXT_SESSION_TICKET}) {
if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) {
$chellotickext = 1;
} else {
$shellotickext = 1;
}
}
} elsif ($message->mt == TLSProxy::Message::MT_CLIENT_KEY_EXCHANGE) {
#Must be doing a full handshake
$fullhand = 1;
} elsif ($message->mt == TLSProxy::Message::MT_NEW_SESSION_TICKET) {
$ticketseen = 1;
}
}
plan tests => 5;
ok(TLSProxy::Message->success, "Handshake");
ok(($testch && $chellotickext) || (!$testch && !$chellotickext),
"ClientHello extension Session Ticket check");
ok(($testsh && $shellotickext) || (!$testsh && !$shellotickext),
"ServerHello extension Session Ticket check");
ok(($testtickseen && $ticketseen) || (!$testtickseen && !$ticketseen),
"Session Ticket message presence check");
ok(($testhand && $fullhand) || (!$testhand && !$fullhand),
"Session Ticket full handshake check");
}
}
sub clearclient()
{
$chellotickext = 0;
$shellotickext = 0;
$fullhand = 0;
$ticketseen = 0;
$proxy->clearClient();
}
sub clearall()
{
clearclient();
$proxy->clear();
}
Reference in New Issue View Git Blame Copy Permalink