Test SSL_OP_NO_RENEGOTIATION and SSL_OP_ALLOW_CLIENT_RENEGOTIATION.

Extend renegotiation tests to cover SSL_OP_NO_RENEGOTIATION and SSL_OP_ALLOW_CLIENT_RENEGOTIATION.
author: jsing <> 2025-03-12 14:07:35 +0000
committer: jsing <> 2025-03-12 14:07:35 +0000
commit: 8627628c24553fa0821bff8f761d620577f97c3b (patch)
tree: 87750726a2424680f01680c0cd443a59907fa38d
parent: cc5a28ea6d2a0de9bcd56f07684bdc53cdfd10af (diff)
download: openbsd-8627628c24553fa0821bff8f761d620577f97c3b.tar.gz
openbsd-8627628c24553fa0821bff8f761d620577f97c3b.tar.bz2
openbsd-8627628c24553fa0821bff8f761d620577f97c3b.zip
1 files changed, 56 insertions, 1 deletions
diff --git a/src/regress/lib/libssl/renegotiation/renegotiation_test.c b/src/regress/lib/libssl/renegotiation/renegotiation_test.c
index 45e8bc297e..1c9f35237f 100644
--- a/src/regress/lib/libssl/renegotiation/renegotiation_test.c
+++ b/src/regress/lib/libssl/renegotiation/renegotiation_test.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: renegotiation_test.c,v 1.2 2025/02/01 14:13:17 jsing Exp $ */
+/* $OpenBSD: renegotiation_test.c,v 1.3 2025/03/12 14:07:35 jsing Exp $ */
 /*
 * Copyright (c) 2020,2025 Joel Sing <jsing@openbsd.org>
 *
@@ -291,6 +291,61 @@ static const struct tls_reneg_test tls_reneg_tests[] = {
                .want_client_alert = SSL3_AL_FATAL << 8 | SSL_AD_NO_RENEGOTIATION,
        },
        {
+                .desc = "TLSv1.2 - Client renegotiation not permitted, client "
+                    "initiated renegotiation",
+                .ssl_max_proto_version = TLS1_2_VERSION,
+                .ssl_server_options = SSL_OP_NO_RENEGOTIATION,
+                .renegotiate_client = 1,
+                .want_client_alert = SSL3_AL_FATAL << 8 | SSL_AD_NO_RENEGOTIATION,
+        },
+        {
+                .desc = "TLSv1.2 - Server renegotiation not permitted, server "
+                    "initiated renegotiation",
+                .ssl_max_proto_version = TLS1_2_VERSION,
+                .ssl_client_options = SSL_OP_NO_RENEGOTIATION,
+                .renegotiate_server = 1,
+                .client_ignored = 1,
+                .want_server_alert = SSL3_AL_WARNING << 8 | SSL_AD_NO_RENEGOTIATION,
+        },
+        {
+                .desc = "TLSv1.2 - Client renegotiation permitted, client "
+                    "initiated renegotiation",
+                .ssl_max_proto_version = TLS1_2_VERSION,
+                .ssl_server_options = SSL_OP_NO_RENEGOTIATION |
+                    SSL_OP_ALLOW_CLIENT_RENEGOTIATION,
+                .renegotiate_client = 1,
+        },
+        {
+                .desc = "TLSv1.2 - Client renegotiation permitted, server "
+                    "initiated renegotiation",
+                .ssl_max_proto_version = TLS1_2_VERSION,
+                .ssl_server_options = SSL_OP_ALLOW_CLIENT_RENEGOTIATION,
+                .renegotiate_server = 1,
+        },
+        {
+                .desc = "TLSv1.2 - Client renegotiation permitted, client "
+                    "initiated renegotiation",
+                .ssl_max_proto_version = TLS1_2_VERSION,
+                .ssl_server_options = SSL_OP_ALLOW_CLIENT_RENEGOTIATION,
+                .renegotiate_client = 1,
+        },
+        {
+                .desc = "TLSv1.2 - Client renegotiation disabled, client "
+                    "initiated renegotiation",
+                .ssl_max_proto_version = TLS1_2_VERSION,
+                .ssl_client_options = SSL_OP_NO_RENEGOTIATION,
+                .renegotiate_client = 1,
+                .want_failure = 1,
+        },
+        {
+                .desc = "TLSv1.2 - Server renegotiation disabled, server "
+                    "initiated renegotiation",
+                .ssl_max_proto_version = TLS1_2_VERSION,
+                .ssl_server_options = SSL_OP_NO_RENEGOTIATION,
+                .renegotiate_server = 1,
+                .want_failure = 1,
+        },
+        {
                .desc = "TLSv1.3 - No renegotiation supported, no renegotiation",
                .ssl_max_proto_version = TLS1_3_VERSION,
        },
author	jsing <>	2025-03-12 14:07:35 +0000
committer	jsing <>	2025-03-12 14:07:35 +0000
commit	8627628c24553fa0821bff8f761d620577f97c3b (patch)
tree	87750726a2424680f01680c0cd443a59907fa38d
parent	cc5a28ea6d2a0de9bcd56f07684bdc53cdfd10af (diff)
download	openbsd-8627628c24553fa0821bff8f761d620577f97c3b.tar.gz openbsd-8627628c24553fa0821bff8f761d620577f97c3b.tar.bz2 openbsd-8627628c24553fa0821bff8f761d620577f97c3b.zip

diff --git a/src/regress/lib/libssl/renegotiation/renegotiation_test.c b/src/regress/lib/libssl/renegotiation/renegotiation_test.c index 45e8bc297e..1c9f35237f 100644 --- a/src/regress/lib/libssl/renegotiation/renegotiation_test.c +++ b/src/regress/lib/libssl/renegotiation/renegotiation_test.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: renegotiation_test.c,v 1.2 2025/02/01 14:13:17 jsing Exp $ */	1	/* $OpenBSD: renegotiation_test.c,v 1.3 2025/03/12 14:07:35 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2020,2025 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2020,2025 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -291,6 +291,61 @@ static const struct tls_reneg_test tls_reneg_tests[] = {
291	.want_client_alert = SSL3_AL_FATAL << 8 \| SSL_AD_NO_RENEGOTIATION,	291	.want_client_alert = SSL3_AL_FATAL << 8 \| SSL_AD_NO_RENEGOTIATION,
292	},	292	},
293	{	293	{
		294	.desc = "TLSv1.2 - Client renegotiation not permitted, client "
		295	"initiated renegotiation",
		296	.ssl_max_proto_version = TLS1_2_VERSION,
		297	.ssl_server_options = SSL_OP_NO_RENEGOTIATION,
		298	.renegotiate_client = 1,
		299	.want_client_alert = SSL3_AL_FATAL << 8 \| SSL_AD_NO_RENEGOTIATION,
		300	},
		301	{
		302	.desc = "TLSv1.2 - Server renegotiation not permitted, server "
		303	"initiated renegotiation",
		304	.ssl_max_proto_version = TLS1_2_VERSION,
		305	.ssl_client_options = SSL_OP_NO_RENEGOTIATION,
		306	.renegotiate_server = 1,
		307	.client_ignored = 1,
		308	.want_server_alert = SSL3_AL_WARNING << 8 \| SSL_AD_NO_RENEGOTIATION,
		309	},
		310	{
		311	.desc = "TLSv1.2 - Client renegotiation permitted, client "
		312	"initiated renegotiation",
		313	.ssl_max_proto_version = TLS1_2_VERSION,
		314	.ssl_server_options = SSL_OP_NO_RENEGOTIATION \|
		315	SSL_OP_ALLOW_CLIENT_RENEGOTIATION,
		316	.renegotiate_client = 1,
		317	},
		318	{
		319	.desc = "TLSv1.2 - Client renegotiation permitted, server "
		320	"initiated renegotiation",
		321	.ssl_max_proto_version = TLS1_2_VERSION,
		322	.ssl_server_options = SSL_OP_ALLOW_CLIENT_RENEGOTIATION,
		323	.renegotiate_server = 1,
		324	},
		325	{
		326	.desc = "TLSv1.2 - Client renegotiation permitted, client "
		327	"initiated renegotiation",
		328	.ssl_max_proto_version = TLS1_2_VERSION,
		329	.ssl_server_options = SSL_OP_ALLOW_CLIENT_RENEGOTIATION,
		330	.renegotiate_client = 1,
		331	},
		332	{
		333	.desc = "TLSv1.2 - Client renegotiation disabled, client "
		334	"initiated renegotiation",
		335	.ssl_max_proto_version = TLS1_2_VERSION,
		336	.ssl_client_options = SSL_OP_NO_RENEGOTIATION,
		337	.renegotiate_client = 1,
		338	.want_failure = 1,
		339	},
		340	{
		341	.desc = "TLSv1.2 - Server renegotiation disabled, server "
		342	"initiated renegotiation",
		343	.ssl_max_proto_version = TLS1_2_VERSION,
		344	.ssl_server_options = SSL_OP_NO_RENEGOTIATION,
		345	.renegotiate_server = 1,
		346	.want_failure = 1,
		347	},
		348	{
294	.desc = "TLSv1.3 - No renegotiation supported, no renegotiation",	349	.desc = "TLSv1.3 - No renegotiation supported, no renegotiation",
295	.ssl_max_proto_version = TLS1_3_VERSION,	350	.ssl_max_proto_version = TLS1_3_VERSION,
296	},	351	},