tlsexttest: remove check that clients receive SNI before ALPN

The next commit will remove the kludge for compatibility of Apache with older libressl, so remove the corresponding regress coverage and only check that PSK is the last extension.
author: tb <> 2025-04-30 13:44:54 +0000
committer: tb <> 2025-04-30 13:44:54 +0000
commit: c2fc132851c07f7761eae31f7a9e2d0393a48192 (patch)
tree: 3251f7252cfa793e6fda81db4271a5409a7793a4 /src/regress/lib/libssl/tlsext/tlsexttest.c
parent: 6795d644ed761394e6993b76365e2279c069a80f (diff)
download: openbsd-c2fc132851c07f7761eae31f7a9e2d0393a48192.tar.gz
openbsd-c2fc132851c07f7761eae31f7a9e2d0393a48192.tar.bz2
openbsd-c2fc132851c07f7761eae31f7a9e2d0393a48192.zip
1 files changed, 3 insertions, 33 deletions
diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c
index 4adf27421d..32bad7ebc8 100644
--- a/src/regress/lib/libssl/tlsext/tlsexttest.c
+++ b/src/regress/lib/libssl/tlsext/tlsexttest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tlsexttest.c,v 1.92 2024/09/11 15:04:16 tb Exp $ */
+/* $OpenBSD: tlsexttest.c,v 1.93 2025/04/30 13:44:54 tb Exp $ */
 /*
 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -4542,12 +4542,10 @@ test_tlsext_valid_hostnames(void)
 #define N_TLSEXT_RANDOMIZATION_TESTS 1000
 static int
-test_tlsext_check_extension_order(SSL *ssl)
+test_tlsext_check_psk_is_last_extension(SSL *ssl)
 {
        const struct tls_extension *ext;
        uint16_t type;
-        size_t alpn_idx, sni_idx;
-        size_t i;
        if (ssl->tlsext_build_order_len == 0) {
                FAIL("Unexpected zero build order length");
@@ -4560,34 +4558,6 @@ test_tlsext_check_extension_order(SSL *ssl)
                return 1;
        }
-        if (ssl->server)
-                return 0;
-        alpn_idx = sni_idx = ssl->tlsext_build_order_len;
-        for (i = 0; i < ssl->tlsext_build_order_len; i++) {
-                ext = ssl->tlsext_build_order[i];
-                if (tls_extension_type(ext) == TLSEXT_TYPE_alpn)
-                        alpn_idx = i;
-                if (tls_extension_type(ext) == TLSEXT_TYPE_server_name)
-                        sni_idx = i;
-        }
-        if (alpn_idx == ssl->tlsext_build_order_len) {
-                FAIL("could not find alpn extension\n");
-                return 1;
-        }
-        if (sni_idx == ssl->tlsext_build_order_len) {
-                FAIL("could not find alpn extension\n");
-                return 1;
-        }
-        if (sni_idx >= alpn_idx) {
-                FAIL("sni does not precede alpn: %zu >= %zu\n",
-                    sni_idx, alpn_idx);
-                return 1;
-        }
        return 0;
 }
@@ -4600,7 +4570,7 @@ test_tlsext_randomized_extensions(SSL *ssl)
        for (i = 0; i < N_TLSEXT_RANDOMIZATION_TESTS; i++) {
                if (!tlsext_randomize_build_order(ssl))
                        errx(1, "failed to randomize extensions");
-                failed |= test_tlsext_check_extension_order(ssl);
+                failed |= test_tlsext_check_psk_is_last_extension(ssl);
        }
        return failed;
author	tb <>	2025-04-30 13:44:54 +0000
committer	tb <>	2025-04-30 13:44:54 +0000
commit	c2fc132851c07f7761eae31f7a9e2d0393a48192 (patch)
tree	3251f7252cfa793e6fda81db4271a5409a7793a4 /src/regress/lib/libssl/tlsext/tlsexttest.c
parent	6795d644ed761394e6993b76365e2279c069a80f (diff)
download	openbsd-c2fc132851c07f7761eae31f7a9e2d0393a48192.tar.gz openbsd-c2fc132851c07f7761eae31f7a9e2d0393a48192.tar.bz2 openbsd-c2fc132851c07f7761eae31f7a9e2d0393a48192.zip

diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c index 4adf27421d..32bad7ebc8 100644 --- a/src/regress/lib/libssl/tlsext/tlsexttest.c +++ b/src/regress/lib/libssl/tlsext/tlsexttest.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tlsexttest.c,v 1.92 2024/09/11 15:04:16 tb Exp $ */	1	/* $OpenBSD: tlsexttest.c,v 1.93 2025/04/30 13:44:54 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2017 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>	4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -4542,12 +4542,10 @@ test_tlsext_valid_hostnames(void)
4542	#define N_TLSEXT_RANDOMIZATION_TESTS 1000	4542	#define N_TLSEXT_RANDOMIZATION_TESTS 1000
4543		4543
4544	static int	4544	static int
4545	test_tlsext_check_extension_order(SSL *ssl)	4545	test_tlsext_check_psk_is_last_extension(SSL *ssl)
4546	{	4546	{
4547	const struct tls_extension *ext;	4547	const struct tls_extension *ext;
4548	uint16_t type;	4548	uint16_t type;
4549	size_t alpn_idx, sni_idx;
4550	size_t i;
4551		4549
4552	if (ssl->tlsext_build_order_len == 0) {	4550	if (ssl->tlsext_build_order_len == 0) {
4553	FAIL("Unexpected zero build order length");	4551	FAIL("Unexpected zero build order length");
@@ -4560,34 +4558,6 @@ test_tlsext_check_extension_order(SSL *ssl)
4560	return 1;	4558	return 1;
4561	}	4559	}
4562		4560
4563	if (ssl->server)
4564	return 0;
4565
4566	alpn_idx = sni_idx = ssl->tlsext_build_order_len;
4567	for (i = 0; i < ssl->tlsext_build_order_len; i++) {
4568	ext = ssl->tlsext_build_order[i];
4569	if (tls_extension_type(ext) == TLSEXT_TYPE_alpn)
4570	alpn_idx = i;
4571	if (tls_extension_type(ext) == TLSEXT_TYPE_server_name)
4572	sni_idx = i;
4573	}
4574
4575	if (alpn_idx == ssl->tlsext_build_order_len) {
4576	FAIL("could not find alpn extension\n");
4577	return 1;
4578	}
4579
4580	if (sni_idx == ssl->tlsext_build_order_len) {
4581	FAIL("could not find alpn extension\n");
4582	return 1;
4583	}
4584
4585	if (sni_idx >= alpn_idx) {
4586	FAIL("sni does not precede alpn: %zu >= %zu\n",
4587	sni_idx, alpn_idx);
4588	return 1;
4589	}
4590
4591	return 0;	4561	return 0;
4592	}	4562	}
4593		4563
@@ -4600,7 +4570,7 @@ test_tlsext_randomized_extensions(SSL *ssl)
4600	for (i = 0; i < N_TLSEXT_RANDOMIZATION_TESTS; i++) {	4570	for (i = 0; i < N_TLSEXT_RANDOMIZATION_TESTS; i++) {
4601	if (!tlsext_randomize_build_order(ssl))	4571	if (!tlsext_randomize_build_order(ssl))
4602	errx(1, "failed to randomize extensions");	4572	errx(1, "failed to randomize extensions");
4603	failed \|= test_tlsext_check_extension_order(ssl);	4573	failed \|= test_tlsext_check_psk_is_last_extension(ssl);
4604	}	4574	}
4605		4575
4606	return failed;	4576	return failed;