diff options
author | jsing <> | 2025-03-12 14:07:35 +0000 |
---|---|---|
committer | jsing <> | 2025-03-12 14:07:35 +0000 |
commit | 8627628c24553fa0821bff8f761d620577f97c3b (patch) | |
tree | 87750726a2424680f01680c0cd443a59907fa38d | |
parent | cc5a28ea6d2a0de9bcd56f07684bdc53cdfd10af (diff) | |
download | openbsd-8627628c24553fa0821bff8f761d620577f97c3b.tar.gz openbsd-8627628c24553fa0821bff8f761d620577f97c3b.tar.bz2 openbsd-8627628c24553fa0821bff8f761d620577f97c3b.zip |
Test SSL_OP_NO_RENEGOTIATION and SSL_OP_ALLOW_CLIENT_RENEGOTIATION.
Extend renegotiation tests to cover SSL_OP_NO_RENEGOTIATION and
SSL_OP_ALLOW_CLIENT_RENEGOTIATION.
-rw-r--r-- | src/regress/lib/libssl/renegotiation/renegotiation_test.c | 57 |
1 files changed, 56 insertions, 1 deletions
diff --git a/src/regress/lib/libssl/renegotiation/renegotiation_test.c b/src/regress/lib/libssl/renegotiation/renegotiation_test.c index 45e8bc297e..1c9f35237f 100644 --- a/src/regress/lib/libssl/renegotiation/renegotiation_test.c +++ b/src/regress/lib/libssl/renegotiation/renegotiation_test.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: renegotiation_test.c,v 1.2 2025/02/01 14:13:17 jsing Exp $ */ | 1 | /* $OpenBSD: renegotiation_test.c,v 1.3 2025/03/12 14:07:35 jsing Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2020,2025 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2020,2025 Joel Sing <jsing@openbsd.org> |
4 | * | 4 | * |
@@ -291,6 +291,61 @@ static const struct tls_reneg_test tls_reneg_tests[] = { | |||
291 | .want_client_alert = SSL3_AL_FATAL << 8 | SSL_AD_NO_RENEGOTIATION, | 291 | .want_client_alert = SSL3_AL_FATAL << 8 | SSL_AD_NO_RENEGOTIATION, |
292 | }, | 292 | }, |
293 | { | 293 | { |
294 | .desc = "TLSv1.2 - Client renegotiation not permitted, client " | ||
295 | "initiated renegotiation", | ||
296 | .ssl_max_proto_version = TLS1_2_VERSION, | ||
297 | .ssl_server_options = SSL_OP_NO_RENEGOTIATION, | ||
298 | .renegotiate_client = 1, | ||
299 | .want_client_alert = SSL3_AL_FATAL << 8 | SSL_AD_NO_RENEGOTIATION, | ||
300 | }, | ||
301 | { | ||
302 | .desc = "TLSv1.2 - Server renegotiation not permitted, server " | ||
303 | "initiated renegotiation", | ||
304 | .ssl_max_proto_version = TLS1_2_VERSION, | ||
305 | .ssl_client_options = SSL_OP_NO_RENEGOTIATION, | ||
306 | .renegotiate_server = 1, | ||
307 | .client_ignored = 1, | ||
308 | .want_server_alert = SSL3_AL_WARNING << 8 | SSL_AD_NO_RENEGOTIATION, | ||
309 | }, | ||
310 | { | ||
311 | .desc = "TLSv1.2 - Client renegotiation permitted, client " | ||
312 | "initiated renegotiation", | ||
313 | .ssl_max_proto_version = TLS1_2_VERSION, | ||
314 | .ssl_server_options = SSL_OP_NO_RENEGOTIATION | | ||
315 | SSL_OP_ALLOW_CLIENT_RENEGOTIATION, | ||
316 | .renegotiate_client = 1, | ||
317 | }, | ||
318 | { | ||
319 | .desc = "TLSv1.2 - Client renegotiation permitted, server " | ||
320 | "initiated renegotiation", | ||
321 | .ssl_max_proto_version = TLS1_2_VERSION, | ||
322 | .ssl_server_options = SSL_OP_ALLOW_CLIENT_RENEGOTIATION, | ||
323 | .renegotiate_server = 1, | ||
324 | }, | ||
325 | { | ||
326 | .desc = "TLSv1.2 - Client renegotiation permitted, client " | ||
327 | "initiated renegotiation", | ||
328 | .ssl_max_proto_version = TLS1_2_VERSION, | ||
329 | .ssl_server_options = SSL_OP_ALLOW_CLIENT_RENEGOTIATION, | ||
330 | .renegotiate_client = 1, | ||
331 | }, | ||
332 | { | ||
333 | .desc = "TLSv1.2 - Client renegotiation disabled, client " | ||
334 | "initiated renegotiation", | ||
335 | .ssl_max_proto_version = TLS1_2_VERSION, | ||
336 | .ssl_client_options = SSL_OP_NO_RENEGOTIATION, | ||
337 | .renegotiate_client = 1, | ||
338 | .want_failure = 1, | ||
339 | }, | ||
340 | { | ||
341 | .desc = "TLSv1.2 - Server renegotiation disabled, server " | ||
342 | "initiated renegotiation", | ||
343 | .ssl_max_proto_version = TLS1_2_VERSION, | ||
344 | .ssl_server_options = SSL_OP_NO_RENEGOTIATION, | ||
345 | .renegotiate_server = 1, | ||
346 | .want_failure = 1, | ||
347 | }, | ||
348 | { | ||
294 | .desc = "TLSv1.3 - No renegotiation supported, no renegotiation", | 349 | .desc = "TLSv1.3 - No renegotiation supported, no renegotiation", |
295 | .ssl_max_proto_version = TLS1_3_VERSION, | 350 | .ssl_max_proto_version = TLS1_3_VERSION, |
296 | }, | 351 | }, |