f3cb03b52a
The first patch caused a QUIC test to fail, so backport the entire series, which looks reasonable and adds good additional safeguards and checks. Resolves: RHEL-45692 Signed-off-by: Clemens Lang <cllang@redhat.com>
1170 lines
40 KiB
Diff
1170 lines
40 KiB
Diff
From 7ea1f6a85b299b976cb3f756b2a7f0153f31b2b6 Mon Sep 17 00:00:00 2001
|
|
From: Matt Caswell <matt@openssl.org>
|
|
Date: Tue, 4 Jun 2024 15:47:32 +0100
|
|
Subject: [PATCH 06/10] Allow an empty NPN/ALPN protocol list in the tests
|
|
|
|
Allow ourselves to configure an empty NPN/ALPN protocol list and test what
|
|
happens if we do.
|
|
|
|
Follow on from CVE-2024-5535
|
|
|
|
Reviewed-by: Neil Horman <nhorman@openssl.org>
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
|
(Merged from https://github.com/openssl/openssl/pull/24717)
|
|
---
|
|
test/helpers/handshake.c | 6 +
|
|
test/ssl-tests/08-npn.cnf | 553 +++++++++++++++++++---------------
|
|
test/ssl-tests/08-npn.cnf.in | 35 +++
|
|
test/ssl-tests/09-alpn.cnf | 66 +++-
|
|
test/ssl-tests/09-alpn.cnf.in | 33 ++
|
|
5 files changed, 449 insertions(+), 244 deletions(-)
|
|
|
|
diff --git a/test/helpers/handshake.c b/test/helpers/handshake.c
|
|
index e0422469e4..6b1629b942 100644
|
|
--- a/test/helpers/handshake.c
|
|
+++ b/test/helpers/handshake.c
|
|
@@ -348,6 +348,12 @@ static int parse_protos(const char *protos, unsigned char **out, size_t *outlen)
|
|
|
|
len = strlen(protos);
|
|
|
|
+ if (len == 0) {
|
|
+ *out = NULL;
|
|
+ *outlen = 0;
|
|
+ return 1;
|
|
+ }
|
|
+
|
|
/* Should never have reuse. */
|
|
if (!TEST_ptr_null(*out)
|
|
/* Test values are small, so we omit length limit checks. */
|
|
diff --git a/test/ssl-tests/08-npn.cnf b/test/ssl-tests/08-npn.cnf
|
|
index f38b3f6975..1931d02de4 100644
|
|
--- a/test/ssl-tests/08-npn.cnf
|
|
+++ b/test/ssl-tests/08-npn.cnf
|
|
@@ -1,6 +1,6 @@
|
|
# Generated with generate_ssl_tests.pl
|
|
|
|
-num_tests = 20
|
|
+num_tests = 22
|
|
|
|
test-0 = 0-npn-simple
|
|
test-1 = 1-npn-client-finds-match
|
|
@@ -8,20 +8,22 @@ test-2 = 2-npn-client-honours-server-pref
|
|
test-3 = 3-npn-client-first-pref-on-mismatch
|
|
test-4 = 4-npn-no-server-support
|
|
test-5 = 5-npn-no-client-support
|
|
-test-6 = 6-npn-with-sni-no-context-switch
|
|
-test-7 = 7-npn-with-sni-context-switch
|
|
-test-8 = 8-npn-selected-sni-server-supports-npn
|
|
-test-9 = 9-npn-selected-sni-server-does-not-support-npn
|
|
-test-10 = 10-alpn-preferred-over-npn
|
|
-test-11 = 11-sni-npn-preferred-over-alpn
|
|
-test-12 = 12-npn-simple-resumption
|
|
-test-13 = 13-npn-server-switch-resumption
|
|
-test-14 = 14-npn-client-switch-resumption
|
|
-test-15 = 15-npn-client-first-pref-on-mismatch-resumption
|
|
-test-16 = 16-npn-no-server-support-resumption
|
|
-test-17 = 17-npn-no-client-support-resumption
|
|
-test-18 = 18-alpn-preferred-over-npn-resumption
|
|
-test-19 = 19-npn-used-if-alpn-not-supported-resumption
|
|
+test-6 = 6-npn-empty-client-list
|
|
+test-7 = 7-npn-empty-server-list
|
|
+test-8 = 8-npn-with-sni-no-context-switch
|
|
+test-9 = 9-npn-with-sni-context-switch
|
|
+test-10 = 10-npn-selected-sni-server-supports-npn
|
|
+test-11 = 11-npn-selected-sni-server-does-not-support-npn
|
|
+test-12 = 12-alpn-preferred-over-npn
|
|
+test-13 = 13-sni-npn-preferred-over-alpn
|
|
+test-14 = 14-npn-simple-resumption
|
|
+test-15 = 15-npn-server-switch-resumption
|
|
+test-16 = 16-npn-client-switch-resumption
|
|
+test-17 = 17-npn-client-first-pref-on-mismatch-resumption
|
|
+test-18 = 18-npn-no-server-support-resumption
|
|
+test-19 = 19-npn-no-client-support-resumption
|
|
+test-20 = 20-alpn-preferred-over-npn-resumption
|
|
+test-21 = 21-npn-used-if-alpn-not-supported-resumption
|
|
# ===========================================================
|
|
|
|
[0-npn-simple]
|
|
@@ -206,253 +208,318 @@ NPNProtocols = foo
|
|
|
|
# ===========================================================
|
|
|
|
-[6-npn-with-sni-no-context-switch]
|
|
-ssl_conf = 6-npn-with-sni-no-context-switch-ssl
|
|
+[6-npn-empty-client-list]
|
|
+ssl_conf = 6-npn-empty-client-list-ssl
|
|
|
|
-[6-npn-with-sni-no-context-switch-ssl]
|
|
-server = 6-npn-with-sni-no-context-switch-server
|
|
-client = 6-npn-with-sni-no-context-switch-client
|
|
-server2 = 6-npn-with-sni-no-context-switch-server2
|
|
+[6-npn-empty-client-list-ssl]
|
|
+server = 6-npn-empty-client-list-server
|
|
+client = 6-npn-empty-client-list-client
|
|
|
|
-[6-npn-with-sni-no-context-switch-server]
|
|
+[6-npn-empty-client-list-server]
|
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
|
CipherString = DEFAULT
|
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
|
|
|
-[6-npn-with-sni-no-context-switch-server2]
|
|
+[6-npn-empty-client-list-client]
|
|
+CipherString = DEFAULT
|
|
+MaxProtocol = TLSv1.2
|
|
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
|
|
+VerifyMode = Peer
|
|
+
|
|
+[test-6]
|
|
+ExpectedClientAlert = HandshakeFailure
|
|
+ExpectedResult = ClientFail
|
|
+server = 6-npn-empty-client-list-server-extra
|
|
+client = 6-npn-empty-client-list-client-extra
|
|
+
|
|
+[6-npn-empty-client-list-server-extra]
|
|
+NPNProtocols = foo
|
|
+
|
|
+[6-npn-empty-client-list-client-extra]
|
|
+NPNProtocols =
|
|
+
|
|
+
|
|
+# ===========================================================
|
|
+
|
|
+[7-npn-empty-server-list]
|
|
+ssl_conf = 7-npn-empty-server-list-ssl
|
|
+
|
|
+[7-npn-empty-server-list-ssl]
|
|
+server = 7-npn-empty-server-list-server
|
|
+client = 7-npn-empty-server-list-client
|
|
+
|
|
+[7-npn-empty-server-list-server]
|
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
|
CipherString = DEFAULT
|
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
|
|
|
-[6-npn-with-sni-no-context-switch-client]
|
|
+[7-npn-empty-server-list-client]
|
|
CipherString = DEFAULT
|
|
MaxProtocol = TLSv1.2
|
|
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
|
|
VerifyMode = Peer
|
|
|
|
-[test-6]
|
|
+[test-7]
|
|
+ExpectedNPNProtocol = foo
|
|
+server = 7-npn-empty-server-list-server-extra
|
|
+client = 7-npn-empty-server-list-client-extra
|
|
+
|
|
+[7-npn-empty-server-list-server-extra]
|
|
+NPNProtocols =
|
|
+
|
|
+[7-npn-empty-server-list-client-extra]
|
|
+NPNProtocols = foo
|
|
+
|
|
+
|
|
+# ===========================================================
|
|
+
|
|
+[8-npn-with-sni-no-context-switch]
|
|
+ssl_conf = 8-npn-with-sni-no-context-switch-ssl
|
|
+
|
|
+[8-npn-with-sni-no-context-switch-ssl]
|
|
+server = 8-npn-with-sni-no-context-switch-server
|
|
+client = 8-npn-with-sni-no-context-switch-client
|
|
+server2 = 8-npn-with-sni-no-context-switch-server2
|
|
+
|
|
+[8-npn-with-sni-no-context-switch-server]
|
|
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
|
+CipherString = DEFAULT
|
|
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
|
+
|
|
+[8-npn-with-sni-no-context-switch-server2]
|
|
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
|
+CipherString = DEFAULT
|
|
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
|
+
|
|
+[8-npn-with-sni-no-context-switch-client]
|
|
+CipherString = DEFAULT
|
|
+MaxProtocol = TLSv1.2
|
|
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
|
|
+VerifyMode = Peer
|
|
+
|
|
+[test-8]
|
|
ExpectedNPNProtocol = foo
|
|
ExpectedServerName = server1
|
|
-server = 6-npn-with-sni-no-context-switch-server-extra
|
|
-server2 = 6-npn-with-sni-no-context-switch-server2-extra
|
|
-client = 6-npn-with-sni-no-context-switch-client-extra
|
|
+server = 8-npn-with-sni-no-context-switch-server-extra
|
|
+server2 = 8-npn-with-sni-no-context-switch-server2-extra
|
|
+client = 8-npn-with-sni-no-context-switch-client-extra
|
|
|
|
-[6-npn-with-sni-no-context-switch-server-extra]
|
|
+[8-npn-with-sni-no-context-switch-server-extra]
|
|
NPNProtocols = foo
|
|
ServerNameCallback = IgnoreMismatch
|
|
|
|
-[6-npn-with-sni-no-context-switch-server2-extra]
|
|
+[8-npn-with-sni-no-context-switch-server2-extra]
|
|
NPNProtocols = bar
|
|
|
|
-[6-npn-with-sni-no-context-switch-client-extra]
|
|
+[8-npn-with-sni-no-context-switch-client-extra]
|
|
NPNProtocols = foo,bar
|
|
ServerName = server1
|
|
|
|
|
|
# ===========================================================
|
|
|
|
-[7-npn-with-sni-context-switch]
|
|
-ssl_conf = 7-npn-with-sni-context-switch-ssl
|
|
+[9-npn-with-sni-context-switch]
|
|
+ssl_conf = 9-npn-with-sni-context-switch-ssl
|
|
|
|
-[7-npn-with-sni-context-switch-ssl]
|
|
-server = 7-npn-with-sni-context-switch-server
|
|
-client = 7-npn-with-sni-context-switch-client
|
|
-server2 = 7-npn-with-sni-context-switch-server2
|
|
+[9-npn-with-sni-context-switch-ssl]
|
|
+server = 9-npn-with-sni-context-switch-server
|
|
+client = 9-npn-with-sni-context-switch-client
|
|
+server2 = 9-npn-with-sni-context-switch-server2
|
|
|
|
-[7-npn-with-sni-context-switch-server]
|
|
+[9-npn-with-sni-context-switch-server]
|
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
|
CipherString = DEFAULT
|
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
|
|
|
-[7-npn-with-sni-context-switch-server2]
|
|
+[9-npn-with-sni-context-switch-server2]
|
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
|
CipherString = DEFAULT
|
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
|
|
|
-[7-npn-with-sni-context-switch-client]
|
|
+[9-npn-with-sni-context-switch-client]
|
|
CipherString = DEFAULT
|
|
MaxProtocol = TLSv1.2
|
|
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
|
|
VerifyMode = Peer
|
|
|
|
-[test-7]
|
|
+[test-9]
|
|
ExpectedNPNProtocol = bar
|
|
ExpectedServerName = server2
|
|
-server = 7-npn-with-sni-context-switch-server-extra
|
|
-server2 = 7-npn-with-sni-context-switch-server2-extra
|
|
-client = 7-npn-with-sni-context-switch-client-extra
|
|
+server = 9-npn-with-sni-context-switch-server-extra
|
|
+server2 = 9-npn-with-sni-context-switch-server2-extra
|
|
+client = 9-npn-with-sni-context-switch-client-extra
|
|
|
|
-[7-npn-with-sni-context-switch-server-extra]
|
|
+[9-npn-with-sni-context-switch-server-extra]
|
|
NPNProtocols = foo
|
|
ServerNameCallback = IgnoreMismatch
|
|
|
|
-[7-npn-with-sni-context-switch-server2-extra]
|
|
+[9-npn-with-sni-context-switch-server2-extra]
|
|
NPNProtocols = bar
|
|
|
|
-[7-npn-with-sni-context-switch-client-extra]
|
|
+[9-npn-with-sni-context-switch-client-extra]
|
|
NPNProtocols = foo,bar
|
|
ServerName = server2
|
|
|
|
|
|
# ===========================================================
|
|
|
|
-[8-npn-selected-sni-server-supports-npn]
|
|
-ssl_conf = 8-npn-selected-sni-server-supports-npn-ssl
|
|
+[10-npn-selected-sni-server-supports-npn]
|
|
+ssl_conf = 10-npn-selected-sni-server-supports-npn-ssl
|
|
|
|
-[8-npn-selected-sni-server-supports-npn-ssl]
|
|
-server = 8-npn-selected-sni-server-supports-npn-server
|
|
-client = 8-npn-selected-sni-server-supports-npn-client
|
|
-server2 = 8-npn-selected-sni-server-supports-npn-server2
|
|
+[10-npn-selected-sni-server-supports-npn-ssl]
|
|
+server = 10-npn-selected-sni-server-supports-npn-server
|
|
+client = 10-npn-selected-sni-server-supports-npn-client
|
|
+server2 = 10-npn-selected-sni-server-supports-npn-server2
|
|
|
|
-[8-npn-selected-sni-server-supports-npn-server]
|
|
+[10-npn-selected-sni-server-supports-npn-server]
|
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
|
CipherString = DEFAULT
|
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
|
|
|
-[8-npn-selected-sni-server-supports-npn-server2]
|
|
+[10-npn-selected-sni-server-supports-npn-server2]
|
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
|
CipherString = DEFAULT
|
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
|
|
|
-[8-npn-selected-sni-server-supports-npn-client]
|
|
+[10-npn-selected-sni-server-supports-npn-client]
|
|
CipherString = DEFAULT
|
|
MaxProtocol = TLSv1.2
|
|
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
|
|
VerifyMode = Peer
|
|
|
|
-[test-8]
|
|
+[test-10]
|
|
ExpectedNPNProtocol = bar
|
|
ExpectedServerName = server2
|
|
-server = 8-npn-selected-sni-server-supports-npn-server-extra
|
|
-server2 = 8-npn-selected-sni-server-supports-npn-server2-extra
|
|
-client = 8-npn-selected-sni-server-supports-npn-client-extra
|
|
+server = 10-npn-selected-sni-server-supports-npn-server-extra
|
|
+server2 = 10-npn-selected-sni-server-supports-npn-server2-extra
|
|
+client = 10-npn-selected-sni-server-supports-npn-client-extra
|
|
|
|
-[8-npn-selected-sni-server-supports-npn-server-extra]
|
|
+[10-npn-selected-sni-server-supports-npn-server-extra]
|
|
ServerNameCallback = IgnoreMismatch
|
|
|
|
-[8-npn-selected-sni-server-supports-npn-server2-extra]
|
|
+[10-npn-selected-sni-server-supports-npn-server2-extra]
|
|
NPNProtocols = bar
|
|
|
|
-[8-npn-selected-sni-server-supports-npn-client-extra]
|
|
+[10-npn-selected-sni-server-supports-npn-client-extra]
|
|
NPNProtocols = foo,bar
|
|
ServerName = server2
|
|
|
|
|
|
# ===========================================================
|
|
|
|
-[9-npn-selected-sni-server-does-not-support-npn]
|
|
-ssl_conf = 9-npn-selected-sni-server-does-not-support-npn-ssl
|
|
+[11-npn-selected-sni-server-does-not-support-npn]
|
|
+ssl_conf = 11-npn-selected-sni-server-does-not-support-npn-ssl
|
|
|
|
-[9-npn-selected-sni-server-does-not-support-npn-ssl]
|
|
-server = 9-npn-selected-sni-server-does-not-support-npn-server
|
|
-client = 9-npn-selected-sni-server-does-not-support-npn-client
|
|
-server2 = 9-npn-selected-sni-server-does-not-support-npn-server2
|
|
+[11-npn-selected-sni-server-does-not-support-npn-ssl]
|
|
+server = 11-npn-selected-sni-server-does-not-support-npn-server
|
|
+client = 11-npn-selected-sni-server-does-not-support-npn-client
|
|
+server2 = 11-npn-selected-sni-server-does-not-support-npn-server2
|
|
|
|
-[9-npn-selected-sni-server-does-not-support-npn-server]
|
|
+[11-npn-selected-sni-server-does-not-support-npn-server]
|
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
|
CipherString = DEFAULT
|
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
|
|
|
-[9-npn-selected-sni-server-does-not-support-npn-server2]
|
|
+[11-npn-selected-sni-server-does-not-support-npn-server2]
|
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
|
CipherString = DEFAULT
|
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
|
|
|
-[9-npn-selected-sni-server-does-not-support-npn-client]
|
|
+[11-npn-selected-sni-server-does-not-support-npn-client]
|
|
CipherString = DEFAULT
|
|
MaxProtocol = TLSv1.2
|
|
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
|
|
VerifyMode = Peer
|
|
|
|
-[test-9]
|
|
+[test-11]
|
|
ExpectedServerName = server2
|
|
-server = 9-npn-selected-sni-server-does-not-support-npn-server-extra
|
|
-client = 9-npn-selected-sni-server-does-not-support-npn-client-extra
|
|
+server = 11-npn-selected-sni-server-does-not-support-npn-server-extra
|
|
+client = 11-npn-selected-sni-server-does-not-support-npn-client-extra
|
|
|
|
-[9-npn-selected-sni-server-does-not-support-npn-server-extra]
|
|
+[11-npn-selected-sni-server-does-not-support-npn-server-extra]
|
|
NPNProtocols = bar
|
|
ServerNameCallback = IgnoreMismatch
|
|
|
|
-[9-npn-selected-sni-server-does-not-support-npn-client-extra]
|
|
+[11-npn-selected-sni-server-does-not-support-npn-client-extra]
|
|
NPNProtocols = foo,bar
|
|
ServerName = server2
|
|
|
|
|
|
# ===========================================================
|
|
|
|
-[10-alpn-preferred-over-npn]
|
|
-ssl_conf = 10-alpn-preferred-over-npn-ssl
|
|
+[12-alpn-preferred-over-npn]
|
|
+ssl_conf = 12-alpn-preferred-over-npn-ssl
|
|
|
|
-[10-alpn-preferred-over-npn-ssl]
|
|
-server = 10-alpn-preferred-over-npn-server
|
|
-client = 10-alpn-preferred-over-npn-client
|
|
+[12-alpn-preferred-over-npn-ssl]
|
|
+server = 12-alpn-preferred-over-npn-server
|
|
+client = 12-alpn-preferred-over-npn-client
|
|
|
|
-[10-alpn-preferred-over-npn-server]
|
|
+[12-alpn-preferred-over-npn-server]
|
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
|
CipherString = DEFAULT
|
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
|
|
|
-[10-alpn-preferred-over-npn-client]
|
|
+[12-alpn-preferred-over-npn-client]
|
|
CipherString = DEFAULT
|
|
MaxProtocol = TLSv1.2
|
|
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
|
|
VerifyMode = Peer
|
|
|
|
-[test-10]
|
|
+[test-12]
|
|
ExpectedALPNProtocol = foo
|
|
-server = 10-alpn-preferred-over-npn-server-extra
|
|
-client = 10-alpn-preferred-over-npn-client-extra
|
|
+server = 12-alpn-preferred-over-npn-server-extra
|
|
+client = 12-alpn-preferred-over-npn-client-extra
|
|
|
|
-[10-alpn-preferred-over-npn-server-extra]
|
|
+[12-alpn-preferred-over-npn-server-extra]
|
|
ALPNProtocols = foo
|
|
NPNProtocols = bar
|
|
|
|
-[10-alpn-preferred-over-npn-client-extra]
|
|
+[12-alpn-preferred-over-npn-client-extra]
|
|
ALPNProtocols = foo
|
|
NPNProtocols = bar
|
|
|
|
|
|
# ===========================================================
|
|
|
|
-[11-sni-npn-preferred-over-alpn]
|
|
-ssl_conf = 11-sni-npn-preferred-over-alpn-ssl
|
|
+[13-sni-npn-preferred-over-alpn]
|
|
+ssl_conf = 13-sni-npn-preferred-over-alpn-ssl
|
|
|
|
-[11-sni-npn-preferred-over-alpn-ssl]
|
|
-server = 11-sni-npn-preferred-over-alpn-server
|
|
-client = 11-sni-npn-preferred-over-alpn-client
|
|
-server2 = 11-sni-npn-preferred-over-alpn-server2
|
|
+[13-sni-npn-preferred-over-alpn-ssl]
|
|
+server = 13-sni-npn-preferred-over-alpn-server
|
|
+client = 13-sni-npn-preferred-over-alpn-client
|
|
+server2 = 13-sni-npn-preferred-over-alpn-server2
|
|
|
|
-[11-sni-npn-preferred-over-alpn-server]
|
|
+[13-sni-npn-preferred-over-alpn-server]
|
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
|
CipherString = DEFAULT
|
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
|
|
|
-[11-sni-npn-preferred-over-alpn-server2]
|
|
+[13-sni-npn-preferred-over-alpn-server2]
|
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
|
CipherString = DEFAULT
|
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
|
|
|
-[11-sni-npn-preferred-over-alpn-client]
|
|
+[13-sni-npn-preferred-over-alpn-client]
|
|
CipherString = DEFAULT
|
|
MaxProtocol = TLSv1.2
|
|
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
|
|
VerifyMode = Peer
|
|
|
|
-[test-11]
|
|
+[test-13]
|
|
ExpectedNPNProtocol = bar
|
|
ExpectedServerName = server2
|
|
-server = 11-sni-npn-preferred-over-alpn-server-extra
|
|
-server2 = 11-sni-npn-preferred-over-alpn-server2-extra
|
|
-client = 11-sni-npn-preferred-over-alpn-client-extra
|
|
+server = 13-sni-npn-preferred-over-alpn-server-extra
|
|
+server2 = 13-sni-npn-preferred-over-alpn-server2-extra
|
|
+client = 13-sni-npn-preferred-over-alpn-client-extra
|
|
|
|
-[11-sni-npn-preferred-over-alpn-server-extra]
|
|
+[13-sni-npn-preferred-over-alpn-server-extra]
|
|
ALPNProtocols = foo
|
|
ServerNameCallback = IgnoreMismatch
|
|
|
|
-[11-sni-npn-preferred-over-alpn-server2-extra]
|
|
+[13-sni-npn-preferred-over-alpn-server2-extra]
|
|
NPNProtocols = bar
|
|
|
|
-[11-sni-npn-preferred-over-alpn-client-extra]
|
|
+[13-sni-npn-preferred-over-alpn-client-extra]
|
|
ALPNProtocols = foo
|
|
NPNProtocols = bar
|
|
ServerName = server2
|
|
@@ -460,356 +527,356 @@ ServerName = server2
|
|
|
|
# ===========================================================
|
|
|
|
-[12-npn-simple-resumption]
|
|
-ssl_conf = 12-npn-simple-resumption-ssl
|
|
+[14-npn-simple-resumption]
|
|
+ssl_conf = 14-npn-simple-resumption-ssl
|
|
|
|
-[12-npn-simple-resumption-ssl]
|
|
-server = 12-npn-simple-resumption-server
|
|
-client = 12-npn-simple-resumption-client
|
|
-resume-server = 12-npn-simple-resumption-server
|
|
-resume-client = 12-npn-simple-resumption-client
|
|
+[14-npn-simple-resumption-ssl]
|
|
+server = 14-npn-simple-resumption-server
|
|
+client = 14-npn-simple-resumption-client
|
|
+resume-server = 14-npn-simple-resumption-server
|
|
+resume-client = 14-npn-simple-resumption-client
|
|
|
|
-[12-npn-simple-resumption-server]
|
|
+[14-npn-simple-resumption-server]
|
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
|
CipherString = DEFAULT
|
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
|
|
|
-[12-npn-simple-resumption-client]
|
|
+[14-npn-simple-resumption-client]
|
|
CipherString = DEFAULT
|
|
MaxProtocol = TLSv1.2
|
|
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
|
|
VerifyMode = Peer
|
|
|
|
-[test-12]
|
|
+[test-14]
|
|
ExpectedNPNProtocol = foo
|
|
HandshakeMode = Resume
|
|
ResumptionExpected = Yes
|
|
-server = 12-npn-simple-resumption-server-extra
|
|
-resume-server = 12-npn-simple-resumption-server-extra
|
|
-client = 12-npn-simple-resumption-client-extra
|
|
-resume-client = 12-npn-simple-resumption-client-extra
|
|
+server = 14-npn-simple-resumption-server-extra
|
|
+resume-server = 14-npn-simple-resumption-server-extra
|
|
+client = 14-npn-simple-resumption-client-extra
|
|
+resume-client = 14-npn-simple-resumption-client-extra
|
|
|
|
-[12-npn-simple-resumption-server-extra]
|
|
+[14-npn-simple-resumption-server-extra]
|
|
NPNProtocols = foo
|
|
|
|
-[12-npn-simple-resumption-client-extra]
|
|
+[14-npn-simple-resumption-client-extra]
|
|
NPNProtocols = foo
|
|
|
|
|
|
# ===========================================================
|
|
|
|
-[13-npn-server-switch-resumption]
|
|
-ssl_conf = 13-npn-server-switch-resumption-ssl
|
|
+[15-npn-server-switch-resumption]
|
|
+ssl_conf = 15-npn-server-switch-resumption-ssl
|
|
|
|
-[13-npn-server-switch-resumption-ssl]
|
|
-server = 13-npn-server-switch-resumption-server
|
|
-client = 13-npn-server-switch-resumption-client
|
|
-resume-server = 13-npn-server-switch-resumption-resume-server
|
|
-resume-client = 13-npn-server-switch-resumption-client
|
|
+[15-npn-server-switch-resumption-ssl]
|
|
+server = 15-npn-server-switch-resumption-server
|
|
+client = 15-npn-server-switch-resumption-client
|
|
+resume-server = 15-npn-server-switch-resumption-resume-server
|
|
+resume-client = 15-npn-server-switch-resumption-client
|
|
|
|
-[13-npn-server-switch-resumption-server]
|
|
+[15-npn-server-switch-resumption-server]
|
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
|
CipherString = DEFAULT
|
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
|
|
|
-[13-npn-server-switch-resumption-resume-server]
|
|
+[15-npn-server-switch-resumption-resume-server]
|
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
|
CipherString = DEFAULT
|
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
|
|
|
-[13-npn-server-switch-resumption-client]
|
|
+[15-npn-server-switch-resumption-client]
|
|
CipherString = DEFAULT
|
|
MaxProtocol = TLSv1.2
|
|
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
|
|
VerifyMode = Peer
|
|
|
|
-[test-13]
|
|
+[test-15]
|
|
ExpectedNPNProtocol = baz
|
|
HandshakeMode = Resume
|
|
ResumptionExpected = Yes
|
|
-server = 13-npn-server-switch-resumption-server-extra
|
|
-resume-server = 13-npn-server-switch-resumption-resume-server-extra
|
|
-client = 13-npn-server-switch-resumption-client-extra
|
|
-resume-client = 13-npn-server-switch-resumption-client-extra
|
|
+server = 15-npn-server-switch-resumption-server-extra
|
|
+resume-server = 15-npn-server-switch-resumption-resume-server-extra
|
|
+client = 15-npn-server-switch-resumption-client-extra
|
|
+resume-client = 15-npn-server-switch-resumption-client-extra
|
|
|
|
-[13-npn-server-switch-resumption-server-extra]
|
|
+[15-npn-server-switch-resumption-server-extra]
|
|
NPNProtocols = bar,foo
|
|
|
|
-[13-npn-server-switch-resumption-resume-server-extra]
|
|
+[15-npn-server-switch-resumption-resume-server-extra]
|
|
NPNProtocols = baz,foo
|
|
|
|
-[13-npn-server-switch-resumption-client-extra]
|
|
+[15-npn-server-switch-resumption-client-extra]
|
|
NPNProtocols = foo,bar,baz
|
|
|
|
|
|
# ===========================================================
|
|
|
|
-[14-npn-client-switch-resumption]
|
|
-ssl_conf = 14-npn-client-switch-resumption-ssl
|
|
+[16-npn-client-switch-resumption]
|
|
+ssl_conf = 16-npn-client-switch-resumption-ssl
|
|
|
|
-[14-npn-client-switch-resumption-ssl]
|
|
-server = 14-npn-client-switch-resumption-server
|
|
-client = 14-npn-client-switch-resumption-client
|
|
-resume-server = 14-npn-client-switch-resumption-server
|
|
-resume-client = 14-npn-client-switch-resumption-resume-client
|
|
+[16-npn-client-switch-resumption-ssl]
|
|
+server = 16-npn-client-switch-resumption-server
|
|
+client = 16-npn-client-switch-resumption-client
|
|
+resume-server = 16-npn-client-switch-resumption-server
|
|
+resume-client = 16-npn-client-switch-resumption-resume-client
|
|
|
|
-[14-npn-client-switch-resumption-server]
|
|
+[16-npn-client-switch-resumption-server]
|
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
|
CipherString = DEFAULT
|
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
|
|
|
-[14-npn-client-switch-resumption-client]
|
|
+[16-npn-client-switch-resumption-client]
|
|
CipherString = DEFAULT
|
|
MaxProtocol = TLSv1.2
|
|
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
|
|
VerifyMode = Peer
|
|
|
|
-[14-npn-client-switch-resumption-resume-client]
|
|
+[16-npn-client-switch-resumption-resume-client]
|
|
CipherString = DEFAULT
|
|
MaxProtocol = TLSv1.2
|
|
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
|
|
VerifyMode = Peer
|
|
|
|
-[test-14]
|
|
+[test-16]
|
|
ExpectedNPNProtocol = bar
|
|
HandshakeMode = Resume
|
|
ResumptionExpected = Yes
|
|
-server = 14-npn-client-switch-resumption-server-extra
|
|
-resume-server = 14-npn-client-switch-resumption-server-extra
|
|
-client = 14-npn-client-switch-resumption-client-extra
|
|
-resume-client = 14-npn-client-switch-resumption-resume-client-extra
|
|
+server = 16-npn-client-switch-resumption-server-extra
|
|
+resume-server = 16-npn-client-switch-resumption-server-extra
|
|
+client = 16-npn-client-switch-resumption-client-extra
|
|
+resume-client = 16-npn-client-switch-resumption-resume-client-extra
|
|
|
|
-[14-npn-client-switch-resumption-server-extra]
|
|
+[16-npn-client-switch-resumption-server-extra]
|
|
NPNProtocols = foo,bar,baz
|
|
|
|
-[14-npn-client-switch-resumption-client-extra]
|
|
+[16-npn-client-switch-resumption-client-extra]
|
|
NPNProtocols = foo,baz
|
|
|
|
-[14-npn-client-switch-resumption-resume-client-extra]
|
|
+[16-npn-client-switch-resumption-resume-client-extra]
|
|
NPNProtocols = bar,baz
|
|
|
|
|
|
# ===========================================================
|
|
|
|
-[15-npn-client-first-pref-on-mismatch-resumption]
|
|
-ssl_conf = 15-npn-client-first-pref-on-mismatch-resumption-ssl
|
|
+[17-npn-client-first-pref-on-mismatch-resumption]
|
|
+ssl_conf = 17-npn-client-first-pref-on-mismatch-resumption-ssl
|
|
|
|
-[15-npn-client-first-pref-on-mismatch-resumption-ssl]
|
|
-server = 15-npn-client-first-pref-on-mismatch-resumption-server
|
|
-client = 15-npn-client-first-pref-on-mismatch-resumption-client
|
|
-resume-server = 15-npn-client-first-pref-on-mismatch-resumption-resume-server
|
|
-resume-client = 15-npn-client-first-pref-on-mismatch-resumption-client
|
|
+[17-npn-client-first-pref-on-mismatch-resumption-ssl]
|
|
+server = 17-npn-client-first-pref-on-mismatch-resumption-server
|
|
+client = 17-npn-client-first-pref-on-mismatch-resumption-client
|
|
+resume-server = 17-npn-client-first-pref-on-mismatch-resumption-resume-server
|
|
+resume-client = 17-npn-client-first-pref-on-mismatch-resumption-client
|
|
|
|
-[15-npn-client-first-pref-on-mismatch-resumption-server]
|
|
+[17-npn-client-first-pref-on-mismatch-resumption-server]
|
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
|
CipherString = DEFAULT
|
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
|
|
|
-[15-npn-client-first-pref-on-mismatch-resumption-resume-server]
|
|
+[17-npn-client-first-pref-on-mismatch-resumption-resume-server]
|
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
|
CipherString = DEFAULT
|
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
|
|
|
-[15-npn-client-first-pref-on-mismatch-resumption-client]
|
|
+[17-npn-client-first-pref-on-mismatch-resumption-client]
|
|
CipherString = DEFAULT
|
|
MaxProtocol = TLSv1.2
|
|
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
|
|
VerifyMode = Peer
|
|
|
|
-[test-15]
|
|
+[test-17]
|
|
ExpectedNPNProtocol = foo
|
|
HandshakeMode = Resume
|
|
ResumptionExpected = Yes
|
|
-server = 15-npn-client-first-pref-on-mismatch-resumption-server-extra
|
|
-resume-server = 15-npn-client-first-pref-on-mismatch-resumption-resume-server-extra
|
|
-client = 15-npn-client-first-pref-on-mismatch-resumption-client-extra
|
|
-resume-client = 15-npn-client-first-pref-on-mismatch-resumption-client-extra
|
|
+server = 17-npn-client-first-pref-on-mismatch-resumption-server-extra
|
|
+resume-server = 17-npn-client-first-pref-on-mismatch-resumption-resume-server-extra
|
|
+client = 17-npn-client-first-pref-on-mismatch-resumption-client-extra
|
|
+resume-client = 17-npn-client-first-pref-on-mismatch-resumption-client-extra
|
|
|
|
-[15-npn-client-first-pref-on-mismatch-resumption-server-extra]
|
|
+[17-npn-client-first-pref-on-mismatch-resumption-server-extra]
|
|
NPNProtocols = bar
|
|
|
|
-[15-npn-client-first-pref-on-mismatch-resumption-resume-server-extra]
|
|
+[17-npn-client-first-pref-on-mismatch-resumption-resume-server-extra]
|
|
NPNProtocols = baz
|
|
|
|
-[15-npn-client-first-pref-on-mismatch-resumption-client-extra]
|
|
+[17-npn-client-first-pref-on-mismatch-resumption-client-extra]
|
|
NPNProtocols = foo,bar
|
|
|
|
|
|
# ===========================================================
|
|
|
|
-[16-npn-no-server-support-resumption]
|
|
-ssl_conf = 16-npn-no-server-support-resumption-ssl
|
|
+[18-npn-no-server-support-resumption]
|
|
+ssl_conf = 18-npn-no-server-support-resumption-ssl
|
|
|
|
-[16-npn-no-server-support-resumption-ssl]
|
|
-server = 16-npn-no-server-support-resumption-server
|
|
-client = 16-npn-no-server-support-resumption-client
|
|
-resume-server = 16-npn-no-server-support-resumption-resume-server
|
|
-resume-client = 16-npn-no-server-support-resumption-client
|
|
+[18-npn-no-server-support-resumption-ssl]
|
|
+server = 18-npn-no-server-support-resumption-server
|
|
+client = 18-npn-no-server-support-resumption-client
|
|
+resume-server = 18-npn-no-server-support-resumption-resume-server
|
|
+resume-client = 18-npn-no-server-support-resumption-client
|
|
|
|
-[16-npn-no-server-support-resumption-server]
|
|
+[18-npn-no-server-support-resumption-server]
|
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
|
CipherString = DEFAULT
|
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
|
|
|
-[16-npn-no-server-support-resumption-resume-server]
|
|
+[18-npn-no-server-support-resumption-resume-server]
|
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
|
CipherString = DEFAULT
|
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
|
|
|
-[16-npn-no-server-support-resumption-client]
|
|
+[18-npn-no-server-support-resumption-client]
|
|
CipherString = DEFAULT
|
|
MaxProtocol = TLSv1.2
|
|
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
|
|
VerifyMode = Peer
|
|
|
|
-[test-16]
|
|
+[test-18]
|
|
HandshakeMode = Resume
|
|
ResumptionExpected = Yes
|
|
-server = 16-npn-no-server-support-resumption-server-extra
|
|
-client = 16-npn-no-server-support-resumption-client-extra
|
|
-resume-client = 16-npn-no-server-support-resumption-client-extra
|
|
+server = 18-npn-no-server-support-resumption-server-extra
|
|
+client = 18-npn-no-server-support-resumption-client-extra
|
|
+resume-client = 18-npn-no-server-support-resumption-client-extra
|
|
|
|
-[16-npn-no-server-support-resumption-server-extra]
|
|
+[18-npn-no-server-support-resumption-server-extra]
|
|
NPNProtocols = foo
|
|
|
|
-[16-npn-no-server-support-resumption-client-extra]
|
|
+[18-npn-no-server-support-resumption-client-extra]
|
|
NPNProtocols = foo
|
|
|
|
|
|
# ===========================================================
|
|
|
|
-[17-npn-no-client-support-resumption]
|
|
-ssl_conf = 17-npn-no-client-support-resumption-ssl
|
|
+[19-npn-no-client-support-resumption]
|
|
+ssl_conf = 19-npn-no-client-support-resumption-ssl
|
|
|
|
-[17-npn-no-client-support-resumption-ssl]
|
|
-server = 17-npn-no-client-support-resumption-server
|
|
-client = 17-npn-no-client-support-resumption-client
|
|
-resume-server = 17-npn-no-client-support-resumption-server
|
|
-resume-client = 17-npn-no-client-support-resumption-resume-client
|
|
+[19-npn-no-client-support-resumption-ssl]
|
|
+server = 19-npn-no-client-support-resumption-server
|
|
+client = 19-npn-no-client-support-resumption-client
|
|
+resume-server = 19-npn-no-client-support-resumption-server
|
|
+resume-client = 19-npn-no-client-support-resumption-resume-client
|
|
|
|
-[17-npn-no-client-support-resumption-server]
|
|
+[19-npn-no-client-support-resumption-server]
|
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
|
CipherString = DEFAULT
|
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
|
|
|
-[17-npn-no-client-support-resumption-client]
|
|
+[19-npn-no-client-support-resumption-client]
|
|
CipherString = DEFAULT
|
|
MaxProtocol = TLSv1.2
|
|
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
|
|
VerifyMode = Peer
|
|
|
|
-[17-npn-no-client-support-resumption-resume-client]
|
|
+[19-npn-no-client-support-resumption-resume-client]
|
|
CipherString = DEFAULT
|
|
MaxProtocol = TLSv1.2
|
|
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
|
|
VerifyMode = Peer
|
|
|
|
-[test-17]
|
|
+[test-19]
|
|
HandshakeMode = Resume
|
|
ResumptionExpected = Yes
|
|
-server = 17-npn-no-client-support-resumption-server-extra
|
|
-resume-server = 17-npn-no-client-support-resumption-server-extra
|
|
-client = 17-npn-no-client-support-resumption-client-extra
|
|
+server = 19-npn-no-client-support-resumption-server-extra
|
|
+resume-server = 19-npn-no-client-support-resumption-server-extra
|
|
+client = 19-npn-no-client-support-resumption-client-extra
|
|
|
|
-[17-npn-no-client-support-resumption-server-extra]
|
|
+[19-npn-no-client-support-resumption-server-extra]
|
|
NPNProtocols = foo
|
|
|
|
-[17-npn-no-client-support-resumption-client-extra]
|
|
+[19-npn-no-client-support-resumption-client-extra]
|
|
NPNProtocols = foo
|
|
|
|
|
|
# ===========================================================
|
|
|
|
-[18-alpn-preferred-over-npn-resumption]
|
|
-ssl_conf = 18-alpn-preferred-over-npn-resumption-ssl
|
|
+[20-alpn-preferred-over-npn-resumption]
|
|
+ssl_conf = 20-alpn-preferred-over-npn-resumption-ssl
|
|
|
|
-[18-alpn-preferred-over-npn-resumption-ssl]
|
|
-server = 18-alpn-preferred-over-npn-resumption-server
|
|
-client = 18-alpn-preferred-over-npn-resumption-client
|
|
-resume-server = 18-alpn-preferred-over-npn-resumption-resume-server
|
|
-resume-client = 18-alpn-preferred-over-npn-resumption-client
|
|
+[20-alpn-preferred-over-npn-resumption-ssl]
|
|
+server = 20-alpn-preferred-over-npn-resumption-server
|
|
+client = 20-alpn-preferred-over-npn-resumption-client
|
|
+resume-server = 20-alpn-preferred-over-npn-resumption-resume-server
|
|
+resume-client = 20-alpn-preferred-over-npn-resumption-client
|
|
|
|
-[18-alpn-preferred-over-npn-resumption-server]
|
|
+[20-alpn-preferred-over-npn-resumption-server]
|
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
|
CipherString = DEFAULT
|
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
|
|
|
-[18-alpn-preferred-over-npn-resumption-resume-server]
|
|
+[20-alpn-preferred-over-npn-resumption-resume-server]
|
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
|
CipherString = DEFAULT
|
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
|
|
|
-[18-alpn-preferred-over-npn-resumption-client]
|
|
+[20-alpn-preferred-over-npn-resumption-client]
|
|
CipherString = DEFAULT
|
|
MaxProtocol = TLSv1.2
|
|
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
|
|
VerifyMode = Peer
|
|
|
|
-[test-18]
|
|
+[test-20]
|
|
ExpectedALPNProtocol = foo
|
|
HandshakeMode = Resume
|
|
ResumptionExpected = Yes
|
|
-server = 18-alpn-preferred-over-npn-resumption-server-extra
|
|
-resume-server = 18-alpn-preferred-over-npn-resumption-resume-server-extra
|
|
-client = 18-alpn-preferred-over-npn-resumption-client-extra
|
|
-resume-client = 18-alpn-preferred-over-npn-resumption-client-extra
|
|
+server = 20-alpn-preferred-over-npn-resumption-server-extra
|
|
+resume-server = 20-alpn-preferred-over-npn-resumption-resume-server-extra
|
|
+client = 20-alpn-preferred-over-npn-resumption-client-extra
|
|
+resume-client = 20-alpn-preferred-over-npn-resumption-client-extra
|
|
|
|
-[18-alpn-preferred-over-npn-resumption-server-extra]
|
|
+[20-alpn-preferred-over-npn-resumption-server-extra]
|
|
NPNProtocols = bar
|
|
|
|
-[18-alpn-preferred-over-npn-resumption-resume-server-extra]
|
|
+[20-alpn-preferred-over-npn-resumption-resume-server-extra]
|
|
ALPNProtocols = foo
|
|
NPNProtocols = baz
|
|
|
|
-[18-alpn-preferred-over-npn-resumption-client-extra]
|
|
+[20-alpn-preferred-over-npn-resumption-client-extra]
|
|
ALPNProtocols = foo
|
|
NPNProtocols = bar,baz
|
|
|
|
|
|
# ===========================================================
|
|
|
|
-[19-npn-used-if-alpn-not-supported-resumption]
|
|
-ssl_conf = 19-npn-used-if-alpn-not-supported-resumption-ssl
|
|
+[21-npn-used-if-alpn-not-supported-resumption]
|
|
+ssl_conf = 21-npn-used-if-alpn-not-supported-resumption-ssl
|
|
|
|
-[19-npn-used-if-alpn-not-supported-resumption-ssl]
|
|
-server = 19-npn-used-if-alpn-not-supported-resumption-server
|
|
-client = 19-npn-used-if-alpn-not-supported-resumption-client
|
|
-resume-server = 19-npn-used-if-alpn-not-supported-resumption-resume-server
|
|
-resume-client = 19-npn-used-if-alpn-not-supported-resumption-client
|
|
+[21-npn-used-if-alpn-not-supported-resumption-ssl]
|
|
+server = 21-npn-used-if-alpn-not-supported-resumption-server
|
|
+client = 21-npn-used-if-alpn-not-supported-resumption-client
|
|
+resume-server = 21-npn-used-if-alpn-not-supported-resumption-resume-server
|
|
+resume-client = 21-npn-used-if-alpn-not-supported-resumption-client
|
|
|
|
-[19-npn-used-if-alpn-not-supported-resumption-server]
|
|
+[21-npn-used-if-alpn-not-supported-resumption-server]
|
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
|
CipherString = DEFAULT
|
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
|
|
|
-[19-npn-used-if-alpn-not-supported-resumption-resume-server]
|
|
+[21-npn-used-if-alpn-not-supported-resumption-resume-server]
|
|
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
|
CipherString = DEFAULT
|
|
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
|
|
|
-[19-npn-used-if-alpn-not-supported-resumption-client]
|
|
+[21-npn-used-if-alpn-not-supported-resumption-client]
|
|
CipherString = DEFAULT
|
|
MaxProtocol = TLSv1.2
|
|
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
|
|
VerifyMode = Peer
|
|
|
|
-[test-19]
|
|
+[test-21]
|
|
ExpectedNPNProtocol = baz
|
|
HandshakeMode = Resume
|
|
ResumptionExpected = Yes
|
|
-server = 19-npn-used-if-alpn-not-supported-resumption-server-extra
|
|
-resume-server = 19-npn-used-if-alpn-not-supported-resumption-resume-server-extra
|
|
-client = 19-npn-used-if-alpn-not-supported-resumption-client-extra
|
|
-resume-client = 19-npn-used-if-alpn-not-supported-resumption-client-extra
|
|
+server = 21-npn-used-if-alpn-not-supported-resumption-server-extra
|
|
+resume-server = 21-npn-used-if-alpn-not-supported-resumption-resume-server-extra
|
|
+client = 21-npn-used-if-alpn-not-supported-resumption-client-extra
|
|
+resume-client = 21-npn-used-if-alpn-not-supported-resumption-client-extra
|
|
|
|
-[19-npn-used-if-alpn-not-supported-resumption-server-extra]
|
|
+[21-npn-used-if-alpn-not-supported-resumption-server-extra]
|
|
ALPNProtocols = foo
|
|
NPNProtocols = bar
|
|
|
|
-[19-npn-used-if-alpn-not-supported-resumption-resume-server-extra]
|
|
+[21-npn-used-if-alpn-not-supported-resumption-resume-server-extra]
|
|
NPNProtocols = baz
|
|
|
|
-[19-npn-used-if-alpn-not-supported-resumption-client-extra]
|
|
+[21-npn-used-if-alpn-not-supported-resumption-client-extra]
|
|
ALPNProtocols = foo
|
|
NPNProtocols = bar,baz
|
|
|
|
diff --git a/test/ssl-tests/08-npn.cnf.in b/test/ssl-tests/08-npn.cnf.in
|
|
index 30783e45eb..1dc2704bdb 100644
|
|
--- a/test/ssl-tests/08-npn.cnf.in
|
|
+++ b/test/ssl-tests/08-npn.cnf.in
|
|
@@ -110,6 +110,41 @@ our @tests = (
|
|
"ExpectedNPNProtocol" => undef,
|
|
},
|
|
},
|
|
+ {
|
|
+ name => "npn-empty-client-list",
|
|
+ server => {
|
|
+ extra => {
|
|
+ "NPNProtocols" => "foo",
|
|
+ },
|
|
+ },
|
|
+ client => {
|
|
+ extra => {
|
|
+ "NPNProtocols" => "",
|
|
+ },
|
|
+ "MaxProtocol" => "TLSv1.2"
|
|
+ },
|
|
+ test => {
|
|
+ "ExpectedResult" => "ClientFail",
|
|
+ "ExpectedClientAlert" => "HandshakeFailure"
|
|
+ },
|
|
+ },
|
|
+ {
|
|
+ name => "npn-empty-server-list",
|
|
+ server => {
|
|
+ extra => {
|
|
+ "NPNProtocols" => "",
|
|
+ },
|
|
+ },
|
|
+ client => {
|
|
+ extra => {
|
|
+ "NPNProtocols" => "foo",
|
|
+ },
|
|
+ "MaxProtocol" => "TLSv1.2"
|
|
+ },
|
|
+ test => {
|
|
+ "ExpectedNPNProtocol" => "foo"
|
|
+ },
|
|
+ },
|
|
{
|
|
name => "npn-with-sni-no-context-switch",
|
|
server => {
|
|
diff --git a/test/ssl-tests/09-alpn.cnf b/test/ssl-tests/09-alpn.cnf
|
|
index e7e6cb9534..dd668739ab 100644
|
|
--- a/test/ssl-tests/09-alpn.cnf
|
|
+++ b/test/ssl-tests/09-alpn.cnf
|
|
@@ -1,6 +1,6 @@
|
|
# Generated with generate_ssl_tests.pl
|
|
|
|
-num_tests = 16
|
|
+num_tests = 18
|
|
|
|
test-0 = 0-alpn-simple
|
|
test-1 = 1-alpn-server-finds-match
|
|
@@ -18,6 +18,8 @@ test-12 = 12-alpn-client-switch-resumption
|
|
test-13 = 13-alpn-alert-on-mismatch-resumption
|
|
test-14 = 14-alpn-no-server-support-resumption
|
|
test-15 = 15-alpn-no-client-support-resumption
|
|
+test-16 = 16-alpn-empty-client-list
|
|
+test-17 = 17-alpn-empty-server-list
|
|
# ===========================================================
|
|
|
|
[0-alpn-simple]
|
|
@@ -617,3 +619,65 @@ ALPNProtocols = foo
|
|
ALPNProtocols = foo
|
|
|
|
|
|
+# ===========================================================
|
|
+
|
|
+[16-alpn-empty-client-list]
|
|
+ssl_conf = 16-alpn-empty-client-list-ssl
|
|
+
|
|
+[16-alpn-empty-client-list-ssl]
|
|
+server = 16-alpn-empty-client-list-server
|
|
+client = 16-alpn-empty-client-list-client
|
|
+
|
|
+[16-alpn-empty-client-list-server]
|
|
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
|
+CipherString = DEFAULT
|
|
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
|
+
|
|
+[16-alpn-empty-client-list-client]
|
|
+CipherString = DEFAULT
|
|
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
|
|
+VerifyMode = Peer
|
|
+
|
|
+[test-16]
|
|
+server = 16-alpn-empty-client-list-server-extra
|
|
+client = 16-alpn-empty-client-list-client-extra
|
|
+
|
|
+[16-alpn-empty-client-list-server-extra]
|
|
+ALPNProtocols = foo
|
|
+
|
|
+[16-alpn-empty-client-list-client-extra]
|
|
+ALPNProtocols =
|
|
+
|
|
+
|
|
+# ===========================================================
|
|
+
|
|
+[17-alpn-empty-server-list]
|
|
+ssl_conf = 17-alpn-empty-server-list-ssl
|
|
+
|
|
+[17-alpn-empty-server-list-ssl]
|
|
+server = 17-alpn-empty-server-list-server
|
|
+client = 17-alpn-empty-server-list-client
|
|
+
|
|
+[17-alpn-empty-server-list-server]
|
|
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
|
+CipherString = DEFAULT
|
|
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
|
+
|
|
+[17-alpn-empty-server-list-client]
|
|
+CipherString = DEFAULT
|
|
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
|
|
+VerifyMode = Peer
|
|
+
|
|
+[test-17]
|
|
+ExpectedResult = ServerFail
|
|
+ExpectedServerAlert = NoApplicationProtocol
|
|
+server = 17-alpn-empty-server-list-server-extra
|
|
+client = 17-alpn-empty-server-list-client-extra
|
|
+
|
|
+[17-alpn-empty-server-list-server-extra]
|
|
+ALPNProtocols =
|
|
+
|
|
+[17-alpn-empty-server-list-client-extra]
|
|
+ALPNProtocols = foo
|
|
+
|
|
+
|
|
diff --git a/test/ssl-tests/09-alpn.cnf.in b/test/ssl-tests/09-alpn.cnf.in
|
|
index 81330756c6..322b7096a6 100644
|
|
--- a/test/ssl-tests/09-alpn.cnf.in
|
|
+++ b/test/ssl-tests/09-alpn.cnf.in
|
|
@@ -322,4 +322,37 @@ our @tests = (
|
|
"ExpectedALPNProtocol" => undef,
|
|
},
|
|
},
|
|
+ {
|
|
+ name => "alpn-empty-client-list",
|
|
+ server => {
|
|
+ extra => {
|
|
+ "ALPNProtocols" => "foo",
|
|
+ },
|
|
+ },
|
|
+ client => {
|
|
+ extra => {
|
|
+ "ALPNProtocols" => "",
|
|
+ },
|
|
+ },
|
|
+ test => {
|
|
+ "ExpectedALPNProtocol" => undef,
|
|
+ },
|
|
+ },
|
|
+ {
|
|
+ name => "alpn-empty-server-list",
|
|
+ server => {
|
|
+ extra => {
|
|
+ "ALPNProtocols" => "",
|
|
+ },
|
|
+ },
|
|
+ client => {
|
|
+ extra => {
|
|
+ "ALPNProtocols" => "foo",
|
|
+ },
|
|
+ },
|
|
+ test => {
|
|
+ "ExpectedResult" => "ServerFail",
|
|
+ "ExpectedServerAlert" => "NoApplicationProtocol",
|
|
+ },
|
|
+ },
|
|
);
|
|
--
|
|
2.46.0
|
|
|