summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjsing <>2025-03-12 14:07:35 +0000
committerjsing <>2025-03-12 14:07:35 +0000
commit8627628c24553fa0821bff8f761d620577f97c3b (patch)
tree87750726a2424680f01680c0cd443a59907fa38d
parentcc5a28ea6d2a0de9bcd56f07684bdc53cdfd10af (diff)
downloadopenbsd-8627628c24553fa0821bff8f761d620577f97c3b.tar.gz
openbsd-8627628c24553fa0821bff8f761d620577f97c3b.tar.bz2
openbsd-8627628c24553fa0821bff8f761d620577f97c3b.zip
Test SSL_OP_NO_RENEGOTIATION and SSL_OP_ALLOW_CLIENT_RENEGOTIATION.
Extend renegotiation tests to cover SSL_OP_NO_RENEGOTIATION and SSL_OP_ALLOW_CLIENT_RENEGOTIATION.
-rw-r--r--src/regress/lib/libssl/renegotiation/renegotiation_test.c57
1 files changed, 56 insertions, 1 deletions
diff --git a/src/regress/lib/libssl/renegotiation/renegotiation_test.c b/src/regress/lib/libssl/renegotiation/renegotiation_test.c
index 45e8bc297e..1c9f35237f 100644
--- a/src/regress/lib/libssl/renegotiation/renegotiation_test.c
+++ b/src/regress/lib/libssl/renegotiation/renegotiation_test.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: renegotiation_test.c,v 1.2 2025/02/01 14:13:17 jsing Exp $ */ 1/* $OpenBSD: renegotiation_test.c,v 1.3 2025/03/12 14:07:35 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2020,2025 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2020,2025 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -291,6 +291,61 @@ static const struct tls_reneg_test tls_reneg_tests[] = {
291 .want_client_alert = SSL3_AL_FATAL << 8 | SSL_AD_NO_RENEGOTIATION, 291 .want_client_alert = SSL3_AL_FATAL << 8 | SSL_AD_NO_RENEGOTIATION,
292 }, 292 },
293 { 293 {
294 .desc = "TLSv1.2 - Client renegotiation not permitted, client "
295 "initiated renegotiation",
296 .ssl_max_proto_version = TLS1_2_VERSION,
297 .ssl_server_options = SSL_OP_NO_RENEGOTIATION,
298 .renegotiate_client = 1,
299 .want_client_alert = SSL3_AL_FATAL << 8 | SSL_AD_NO_RENEGOTIATION,
300 },
301 {
302 .desc = "TLSv1.2 - Server renegotiation not permitted, server "
303 "initiated renegotiation",
304 .ssl_max_proto_version = TLS1_2_VERSION,
305 .ssl_client_options = SSL_OP_NO_RENEGOTIATION,
306 .renegotiate_server = 1,
307 .client_ignored = 1,
308 .want_server_alert = SSL3_AL_WARNING << 8 | SSL_AD_NO_RENEGOTIATION,
309 },
310 {
311 .desc = "TLSv1.2 - Client renegotiation permitted, client "
312 "initiated renegotiation",
313 .ssl_max_proto_version = TLS1_2_VERSION,
314 .ssl_server_options = SSL_OP_NO_RENEGOTIATION |
315 SSL_OP_ALLOW_CLIENT_RENEGOTIATION,
316 .renegotiate_client = 1,
317 },
318 {
319 .desc = "TLSv1.2 - Client renegotiation permitted, server "
320 "initiated renegotiation",
321 .ssl_max_proto_version = TLS1_2_VERSION,
322 .ssl_server_options = SSL_OP_ALLOW_CLIENT_RENEGOTIATION,
323 .renegotiate_server = 1,
324 },
325 {
326 .desc = "TLSv1.2 - Client renegotiation permitted, client "
327 "initiated renegotiation",
328 .ssl_max_proto_version = TLS1_2_VERSION,
329 .ssl_server_options = SSL_OP_ALLOW_CLIENT_RENEGOTIATION,
330 .renegotiate_client = 1,
331 },
332 {
333 .desc = "TLSv1.2 - Client renegotiation disabled, client "
334 "initiated renegotiation",
335 .ssl_max_proto_version = TLS1_2_VERSION,
336 .ssl_client_options = SSL_OP_NO_RENEGOTIATION,
337 .renegotiate_client = 1,
338 .want_failure = 1,
339 },
340 {
341 .desc = "TLSv1.2 - Server renegotiation disabled, server "
342 "initiated renegotiation",
343 .ssl_max_proto_version = TLS1_2_VERSION,
344 .ssl_server_options = SSL_OP_NO_RENEGOTIATION,
345 .renegotiate_server = 1,
346 .want_failure = 1,
347 },
348 {
294 .desc = "TLSv1.3 - No renegotiation supported, no renegotiation", 349 .desc = "TLSv1.3 - No renegotiation supported, no renegotiation",
295 .ssl_max_proto_version = TLS1_3_VERSION, 350 .ssl_max_proto_version = TLS1_3_VERSION,
296 }, 351 },