Add dependency on SSL_RENEGOTIATION to renego tests in ssl-opt.sh

This commit is contained in:
Hanno Becker 2017-10-12 15:18:45 +01:00
parent 40f8b51221
commit 6a2436493f

View File

@ -1431,6 +1431,7 @@ run_test "Max fragment length: DTLS client, larger message" \
# Tests for renegotiation
# Renegotiation SCSV always added, regardless of SSL_RENEGOTIATION
run_test "Renegotiation: none, for reference" \
"$P_SRV debug_level=3 exchanges=2 auth_mode=optional" \
"$P_CLI debug_level=3 exchanges=2" \
@ -1444,6 +1445,7 @@ run_test "Renegotiation: none, for reference" \
-S "=> renegotiate" \
-S "write hello request"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Renegotiation: client-initiated" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \
"$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
@ -1457,6 +1459,7 @@ run_test "Renegotiation: client-initiated" \
-s "=> renegotiate" \
-S "write hello request"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Renegotiation: server-initiated" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \
"$P_CLI debug_level=3 exchanges=2 renegotiation=1" \
@ -1473,6 +1476,7 @@ run_test "Renegotiation: server-initiated" \
# Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that
# the server did not parse the Signature Algorithm extension. This test is valid only if an MD
# algorithm stronger than SHA-1 is enabled in config.h
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Renegotiation: Signature Algorithms parsing, client-initiated" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \
"$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
@ -1490,6 +1494,7 @@ run_test "Renegotiation: Signature Algorithms parsing, client-initiated" \
# Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that
# the server did not parse the Signature Algorithm extension. This test is valid only if an MD
# algorithm stronger than SHA-1 is enabled in config.h
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Renegotiation: Signature Algorithms parsing, server-initiated" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \
"$P_CLI debug_level=3 exchanges=2 renegotiation=1" \
@ -1504,6 +1509,7 @@ run_test "Renegotiation: Signature Algorithms parsing, server-initiated" \
-s "write hello request" \
-S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated?
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Renegotiation: double" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \
"$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
@ -1517,6 +1523,7 @@ run_test "Renegotiation: double" \
-s "=> renegotiate" \
-s "write hello request"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Renegotiation: client-initiated, server-rejected" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=0 auth_mode=optional" \
"$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
@ -1532,6 +1539,7 @@ run_test "Renegotiation: client-initiated, server-rejected" \
-c "SSL - Unexpected message at ServerHello in renegotiation" \
-c "failed"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Renegotiation: server-initiated, client-rejected, default" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 auth_mode=optional" \
"$P_CLI debug_level=3 exchanges=2 renegotiation=0" \
@ -1547,6 +1555,7 @@ run_test "Renegotiation: server-initiated, client-rejected, default" \
-S "SSL - An unexpected message was received from our peer" \
-S "failed"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Renegotiation: server-initiated, client-rejected, not enforced" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \
renego_delay=-1 auth_mode=optional" \
@ -1564,6 +1573,7 @@ run_test "Renegotiation: server-initiated, client-rejected, not enforced" \
-S "failed"
# delay 2 for 1 alert record + 1 application data record
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Renegotiation: server-initiated, client-rejected, delay 2" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \
renego_delay=2 auth_mode=optional" \
@ -1580,6 +1590,7 @@ run_test "Renegotiation: server-initiated, client-rejected, delay 2" \
-S "SSL - An unexpected message was received from our peer" \
-S "failed"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Renegotiation: server-initiated, client-rejected, delay 0" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \
renego_delay=0 auth_mode=optional" \
@ -1595,6 +1606,7 @@ run_test "Renegotiation: server-initiated, client-rejected, delay 0" \
-s "write hello request" \
-s "SSL - An unexpected message was received from our peer"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Renegotiation: server-initiated, client-accepted, delay 0" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \
renego_delay=0 auth_mode=optional" \
@ -1611,6 +1623,7 @@ run_test "Renegotiation: server-initiated, client-accepted, delay 0" \
-S "SSL - An unexpected message was received from our peer" \
-S "failed"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Renegotiation: periodic, just below period" \
"$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \
"$P_CLI debug_level=3 exchanges=2 renegotiation=1" \
@ -1628,6 +1641,7 @@ run_test "Renegotiation: periodic, just below period" \
-S "failed"
# one extra exchange to be able to complete renego
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Renegotiation: periodic, just above period" \
"$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \
"$P_CLI debug_level=3 exchanges=4 renegotiation=1" \
@ -1644,6 +1658,7 @@ run_test "Renegotiation: periodic, just above period" \
-S "SSL - An unexpected message was received from our peer" \
-S "failed"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Renegotiation: periodic, two times period" \
"$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \
"$P_CLI debug_level=3 exchanges=7 renegotiation=1" \
@ -1660,6 +1675,7 @@ run_test "Renegotiation: periodic, two times period" \
-S "SSL - An unexpected message was received from our peer" \
-S "failed"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Renegotiation: periodic, above period, disabled" \
"$P_SRV debug_level=3 exchanges=9 renegotiation=0 renego_period=3 auth_mode=optional" \
"$P_CLI debug_level=3 exchanges=4 renegotiation=1" \
@ -1676,6 +1692,7 @@ run_test "Renegotiation: periodic, above period, disabled" \
-S "SSL - An unexpected message was received from our peer" \
-S "failed"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Renegotiation: nbio, client-initiated" \
"$P_SRV debug_level=3 nbio=2 exchanges=2 renegotiation=1 auth_mode=optional" \
"$P_CLI debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \
@ -1689,6 +1706,7 @@ run_test "Renegotiation: nbio, client-initiated" \
-s "=> renegotiate" \
-S "write hello request"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Renegotiation: nbio, server-initiated" \
"$P_SRV debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1 auth_mode=optional" \
"$P_CLI debug_level=3 nbio=2 exchanges=2 renegotiation=1" \
@ -1702,6 +1720,7 @@ run_test "Renegotiation: nbio, server-initiated" \
-s "=> renegotiate" \
-s "write hello request"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Renegotiation: openssl server, client-initiated" \
"$O_SRV -www" \
"$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \
@ -1714,6 +1733,7 @@ run_test "Renegotiation: openssl server, client-initiated" \
-c "HTTP/1.0 200 [Oo][Kk]"
requires_gnutls
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Renegotiation: gnutls server strict, client-initiated" \
"$G_SRV --priority=NORMAL:%SAFE_RENEGOTIATION" \
"$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \
@ -1726,6 +1746,7 @@ run_test "Renegotiation: gnutls server strict, client-initiated" \
-c "HTTP/1.0 200 [Oo][Kk]"
requires_gnutls
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Renegotiation: gnutls server unsafe, client-initiated default" \
"$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
"$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \
@ -1738,6 +1759,7 @@ run_test "Renegotiation: gnutls server unsafe, client-initiated default" \
-C "HTTP/1.0 200 [Oo][Kk]"
requires_gnutls
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Renegotiation: gnutls server unsafe, client-inititated no legacy" \
"$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
"$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \
@ -1751,6 +1773,7 @@ run_test "Renegotiation: gnutls server unsafe, client-inititated no legacy" \
-C "HTTP/1.0 200 [Oo][Kk]"
requires_gnutls
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Renegotiation: gnutls server unsafe, client-inititated legacy" \
"$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
"$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \
@ -1763,6 +1786,7 @@ run_test "Renegotiation: gnutls server unsafe, client-inititated legacy" \
-C "error" \
-c "HTTP/1.0 200 [Oo][Kk]"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Renegotiation: DTLS, client-initiated" \
"$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1" \
"$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \
@ -1776,6 +1800,7 @@ run_test "Renegotiation: DTLS, client-initiated" \
-s "=> renegotiate" \
-S "write hello request"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Renegotiation: DTLS, server-initiated" \
"$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \
"$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 \
@ -1790,6 +1815,7 @@ run_test "Renegotiation: DTLS, server-initiated" \
-s "=> renegotiate" \
-s "write hello request"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Renegotiation: DTLS, renego_period overflow" \
"$P_SRV debug_level=3 dtls=1 exchanges=4 renegotiation=1 renego_period=18446462598732840962 auth_mode=optional" \
"$P_CLI debug_level=3 dtls=1 exchanges=4 renegotiation=1" \
@ -1801,9 +1827,10 @@ run_test "Renegotiation: DTLS, renego_period overflow" \
-s "record counter limit reached: renegotiate" \
-c "=> renegotiate" \
-s "=> renegotiate" \
-s "write hello request" \
-s "write hello request"
requires_gnutls
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Renegotiation: DTLS, gnutls server, client-initiated" \
"$G_SRV -u --mtu 4096" \
"$P_CLI debug_level=3 dtls=1 exchanges=1 renegotiation=1 renegotiate=1" \
@ -3696,6 +3723,7 @@ run_test "DTLS reassembly: more fragmentation, nbio (gnutls server)" \
-C "error"
requires_gnutls
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "DTLS reassembly: fragmentation, renego (gnutls server)" \
"$G_SRV -u --mtu 256" \
"$P_CLI debug_level=3 dtls=1 renegotiation=1 renegotiate=1" \
@ -3709,6 +3737,7 @@ run_test "DTLS reassembly: fragmentation, renego (gnutls server)" \
-s "Extra-header:"
requires_gnutls
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "DTLS reassembly: fragmentation, nbio, renego (gnutls server)" \
"$G_SRV -u --mtu 256" \
"$P_CLI debug_level=3 nbio=2 dtls=1 renegotiation=1 renegotiate=1" \
@ -3953,6 +3982,7 @@ run_test "DTLS proxy: 3d, min handshake, resumption, nbio" \
-c "HTTP/1.0 200 OK"
client_needs_more_time 4
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "DTLS proxy: 3d, min handshake, client-initiated renego" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \
@ -3967,6 +3997,7 @@ run_test "DTLS proxy: 3d, min handshake, client-initiated renego" \
-c "HTTP/1.0 200 OK"
client_needs_more_time 4
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "DTLS proxy: 3d, min handshake, client-initiated renego, nbio" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \
@ -3981,6 +4012,7 @@ run_test "DTLS proxy: 3d, min handshake, client-initiated renego, nbio" \
-c "HTTP/1.0 200 OK"
client_needs_more_time 4
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "DTLS proxy: 3d, min handshake, server-initiated renego" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \
@ -3996,6 +4028,7 @@ run_test "DTLS proxy: 3d, min handshake, server-initiated renego" \
-c "HTTP/1.0 200 OK"
client_needs_more_time 4
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "DTLS proxy: 3d, min handshake, server-initiated renego, nbio" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \