Skip to content

Commit

Permalink
fixup! Adds DTLSv1.3 to protocol_version.pm for additional protocol v…
Browse files Browse the repository at this point in the history
…ersion tests.
  • Loading branch information
fwh-dc committed May 10, 2024
1 parent 63ccd3e commit f943531
Show file tree
Hide file tree
Showing 2 changed files with 78 additions and 125 deletions.
56 changes: 1 addition & 55 deletions test/ssl-tests/02-protocol-version.cnf
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Generated with generate_ssl_tests.pl

num_tests = 680
num_tests = 678

test-0 = 0-version-negotiation
test-1 = 1-version-negotiation
Expand Down Expand Up @@ -680,8 +680,6 @@ test-674 = 674-version-negotiation
test-675 = 675-version-negotiation
test-676 = 676-ciphersuite-sanity-check-tls-client
test-677 = 677-ciphersuite-sanity-check-tls-server
test-678 = 678-ciphersuite-sanity-check-dtls-client
test-679 = 679-ciphersuite-sanity-check-dtls-server
# ===========================================================

[0-version-negotiation]
Expand Down Expand Up @@ -18824,55 +18822,3 @@ ExpectedResult = ServerFail
Method = TLS


# ===========================================================

[678-ciphersuite-sanity-check-dtls-client]
ssl_conf = 678-ciphersuite-sanity-check-dtls-client-ssl

[678-ciphersuite-sanity-check-dtls-client-ssl]
server = 678-ciphersuite-sanity-check-dtls-client-server
client = 678-ciphersuite-sanity-check-dtls-client-client

[678-ciphersuite-sanity-check-dtls-client-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
MaxProtocol = DTLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[678-ciphersuite-sanity-check-dtls-client-client]
CipherString = AES128-SHA
Ciphersuites =
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer

[test-678]
ExpectedResult = ClientFail
Method = DTLS


# ===========================================================

[679-ciphersuite-sanity-check-dtls-server]
ssl_conf = 679-ciphersuite-sanity-check-dtls-server-ssl

[679-ciphersuite-sanity-check-dtls-server-ssl]
server = 679-ciphersuite-sanity-check-dtls-server-server
client = 679-ciphersuite-sanity-check-dtls-server-client

[679-ciphersuite-sanity-check-dtls-server-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = AES128-SHA
Ciphersuites =
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[679-ciphersuite-sanity-check-dtls-server-client]
CipherString = AES128-SHA
MaxProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer

[test-679]
ExpectedResult = ServerFail
Method = DTLS


147 changes: 77 additions & 70 deletions test/ssl-tests/protocol_version.pm
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ sub max_prot_enabled {

foreach my $i (0..$#protocols) {
if (!$is_disabled[$i]
&& (($protocols[$i] ne "TLSv1.3")
&& ($protocols[$i] ne "TLSv1.3"
|| !disabled("ec")
|| !disabled("dh"))
&& ($protocols[$i] ne "DTLSv1.3"
Expand Down Expand Up @@ -181,75 +181,82 @@ sub generate_version_tests {
}
}
}
return @tests
if disabled("tls1_3")
|| disabled("tls1_2")
|| (disabled("ec") && disabled("dh"))
|| $dtls;

#Add some version/ciphersuite sanity check tests
push @tests, {
"name" => "ciphersuite-sanity-check-tls-client",
"client" => {
#Offering only <=TLSv1.2 ciphersuites with TLSv1.3 should fail
"CipherString" => "AES128-SHA",
"Ciphersuites" => "",
},
"server" => {
"MaxProtocol" => "TLSv1.2"
},
"test" => {
"Method" => "TLS",
"ExpectedResult" => "ClientFail",
}
};
push @tests, {
"name" => "ciphersuite-sanity-check-tls-server",
"client" => {
"CipherString" => "AES128-SHA",
"MaxProtocol" => "TLSv1.2"
},
"server" => {
#Allowing only <=TLSv1.2 ciphersuites with TLSv1.3 should fail
"CipherString" => "AES128-SHA",
"Ciphersuites" => "",
},
"test" => {
"Method" => "TLS",
"ExpectedResult" => "ServerFail",
}
};
push @tests, {
"name" => "ciphersuite-sanity-check-dtls-client",
"client" => {
#Offering only <=DTLSv1.2 ciphersuites with DTLSv1.3 should fail
"CipherString" => "AES128-SHA",
"Ciphersuites" => "",
},
"server" => {
"MaxProtocol" => "DTLSv1.2"
},
"test" => {
"Method" => "DTLS",
"ExpectedResult" => "ClientFail",
}
};
push @tests, {
"name" => "ciphersuite-sanity-check-dtls-server",
"client" => {
"CipherString" => "AES128-SHA",
"MaxProtocol" => "DTLSv1.2"
},
"server" => {
#Allowing only <=DTLSv1.2 ciphersuites with DTLSv1.3 should fail
"CipherString" => "AES128-SHA",
"Ciphersuites" => "",
},
"test" => {
"Method" => "DTLS",
"ExpectedResult" => "ServerFail",
}
};

if (!$dtls && !(disabled("tls1_3")
|| disabled("tls1_2")
|| (disabled("ec") && disabled("dh"))))
{
#Add some version/ciphersuite sanity check tests
push @tests, {
"name" => "ciphersuite-sanity-check-tls-client",
"client" => {
#Offering only <=TLSv1.2 ciphersuites with TLSv1.3 should fail
"CipherString" => "AES128-SHA",
"Ciphersuites" => "",
},
"server" => {
"MaxProtocol" => "TLSv1.2"
},
"test" => {
"Method" => "TLS",
"ExpectedResult" => "ClientFail",
}
};
push @tests, {
"name" => "ciphersuite-sanity-check-tls-server",
"client" => {
"CipherString" => "AES128-SHA",
"MaxProtocol" => "TLSv1.2"
},
"server" => {
#Allowing only <=TLSv1.2 ciphersuites with TLSv1.3 should fail
"CipherString" => "AES128-SHA",
"Ciphersuites" => "",
},
"test" => {
"Method" => "TLS",
"ExpectedResult" => "ServerFail",
}
};
}

if ($dtls && !(disabled("dtls1_3")
|| disabled("dtls1_2")
|| (disabled("ec") && disabled("dh"))))
{
#Add some version/ciphersuite sanity check tests
push @tests, {
"name" => "ciphersuite-sanity-check-dtls-client",
"client" => {
#Offering only <=DTLSv1.2 ciphersuites with DTLSv1.3 should fail
"CipherString" => "AES128-SHA",
"Ciphersuites" => "",
},
"server" => {
"MaxProtocol" => "DTLSv1.2"
},
"test" => {
"Method" => "DTLS",
"ExpectedResult" => "ClientFail",
}
};
push @tests, {
"name" => "ciphersuite-sanity-check-dtls-server",
"client" => {
"CipherString" => "AES128-SHA",
"MaxProtocol" => "DTLSv1.2"
},
"server" => {
#Allowing only <=DTLSv1.2 ciphersuites with DTLSv1.3 should fail
"CipherString" => "AES128-SHA",
"Ciphersuites" => "",
},
"test" => {
"Method" => "DTLS",
"ExpectedResult" => "ServerFail",
}
};
}

return @tests;
}
Expand Down

0 comments on commit f943531

Please sign in to comment.