summaryrefslogtreecommitdiffstats
path: root/src/ssl/test/runner/runner.go
diff options
context:
space:
mode:
Diffstat (limited to 'src/ssl/test/runner/runner.go')
-rw-r--r--src/ssl/test/runner/runner.go242
1 files changed, 35 insertions, 207 deletions
diff --git a/src/ssl/test/runner/runner.go b/src/ssl/test/runner/runner.go
index 17fdff9..269a955 100644
--- a/src/ssl/test/runner/runner.go
+++ b/src/ssl/test/runner/runner.go
@@ -1,4 +1,4 @@
-package runner
+package main
import (
"bytes"
@@ -149,9 +149,6 @@ type testCase struct {
// expectedNextProto controls whether the connection should
// negotiate a next protocol via NPN or ALPN.
expectedNextProto string
- // expectNoNextProto, if true, means that no next protocol should be
- // negotiated.
- expectNoNextProto bool
// expectedNextProtoType, if non-zero, is the expected next
// protocol negotiation mechanism.
expectedNextProtoType int
@@ -206,9 +203,9 @@ type testCase struct {
// connection immediately after the handshake rather than echoing
// messages from the runner.
shimShutsDown bool
- // renegotiate indicates the number of times the connection should be
- // renegotiated during the exchange.
- renegotiate int
+ // renegotiate indicates the the connection should be renegotiated
+ // during the exchange.
+ renegotiate bool
// renegotiateCiphers is a list of ciphersuite ids that will be
// switched in just before renegotiation.
renegotiateCiphers []uint16
@@ -331,12 +328,6 @@ func doExchange(test *testCase, config *Config, conn net.Conn, isResume bool) er
}
}
- if test.expectNoNextProto {
- if actual := connState.NegotiatedProtocol; actual != "" {
- return fmt.Errorf("got unexpected next proto %s", actual)
- }
- }
-
if test.expectedNextProtoType != 0 {
if (test.expectedNextProtoType == alpn) != connState.NegotiatedProtocolFromALPN {
return fmt.Errorf("next proto type mismatch")
@@ -403,14 +394,12 @@ func doExchange(test *testCase, config *Config, conn net.Conn, isResume bool) er
tlsConn.SendAlert(alertLevelWarning, alertUnexpectedMessage)
}
- if test.renegotiate > 0 {
+ if test.renegotiate {
if test.renegotiateCiphers != nil {
config.CipherSuites = test.renegotiateCiphers
}
- for i := 0; i < test.renegotiate; i++ {
- if err := tlsConn.Renegotiate(); err != nil {
- return err
- }
+ if err := tlsConn.Renegotiate(); err != nil {
+ return err
}
} else if test.renegotiateCiphers != nil {
panic("renegotiateCiphers without renegotiate")
@@ -1971,18 +1960,6 @@ func addBasicTests() {
// does not fail.
expectMessageDropped: true,
},
- {
- name: "SendEmptySessionTicket",
- config: Config{
- Bugs: ProtocolBugs{
- SendEmptySessionTicket: true,
- FailIfSessionOffered: true,
- },
- },
- flags: []string{"-expect-no-session"},
- resumeSession: true,
- expectResumeRejected: true,
- },
}
testCases = append(testCases, basicTests...)
}
@@ -2585,7 +2562,7 @@ func addStateMachineCoverageTests(async, splitHandshake bool, protocol protocol)
// TLS client auth.
tests = append(tests, testCase{
testType: clientTest,
- name: "ClientAuth-RSA-Client",
+ name: "ClientAuth-Client",
config: Config{
ClientAuth: RequireAnyClientCert,
},
@@ -2594,50 +2571,35 @@ func addStateMachineCoverageTests(async, splitHandshake bool, protocol protocol)
"-key-file", path.Join(*resourceDir, rsaKeyFile),
},
})
- tests = append(tests, testCase{
- testType: clientTest,
- name: "ClientAuth-ECDSA-Client",
- config: Config{
- ClientAuth: RequireAnyClientCert,
- },
- flags: []string{
- "-cert-file", path.Join(*resourceDir, ecdsaCertificateFile),
- "-key-file", path.Join(*resourceDir, ecdsaKeyFile),
- },
- })
if async {
- // Test async keys against each key exchange.
tests = append(tests, testCase{
- testType: serverTest,
- name: "Basic-Server-RSA",
+ testType: clientTest,
+ name: "ClientAuth-Client-AsyncKey",
config: Config{
- CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
+ ClientAuth: RequireAnyClientCert,
},
flags: []string{
"-cert-file", path.Join(*resourceDir, rsaCertificateFile),
"-key-file", path.Join(*resourceDir, rsaKeyFile),
+ "-use-async-private-key",
},
})
tests = append(tests, testCase{
testType: serverTest,
- name: "Basic-Server-ECDHE-RSA",
- config: Config{
- CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
- },
+ name: "Basic-Server-RSAAsyncKey",
flags: []string{
"-cert-file", path.Join(*resourceDir, rsaCertificateFile),
"-key-file", path.Join(*resourceDir, rsaKeyFile),
+ "-use-async-private-key",
},
})
tests = append(tests, testCase{
testType: serverTest,
- name: "Basic-Server-ECDHE-ECDSA",
- config: Config{
- CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
- },
+ name: "Basic-Server-ECDSAAsyncKey",
flags: []string{
"-cert-file", path.Join(*resourceDir, ecdsaCertificateFile),
"-key-file", path.Join(*resourceDir, ecdsaKeyFile),
+ "-use-async-private-key",
},
})
}
@@ -2739,11 +2701,7 @@ func addStateMachineCoverageTests(async, splitHandshake bool, protocol protocol)
if protocol == tls {
tests = append(tests, testCase{
name: "Renegotiate-Client",
- renegotiate: 1,
- flags: []string{
- "-renegotiate-freely",
- "-expect-total-renegotiations", "1",
- },
+ renegotiate: true,
})
// NPN on client and server; results in post-handshake message.
tests = append(tests, testCase{
@@ -3381,18 +3339,6 @@ func addExtensionTests() {
shouldFail: true,
expectedError: ":NEGOTIATED_BOTH_NPN_AND_ALPN:",
})
- // Test that NPN can be disabled with SSL_OP_DISABLE_NPN.
- testCases = append(testCases, testCase{
- name: "DisableNPN",
- config: Config{
- NextProtos: []string{"foo"},
- },
- flags: []string{
- "-select-next-proto", "foo",
- "-disable-npn",
- },
- expectNoNextProto: true,
- })
// Resume with a corrupt ticket.
testCases = append(testCases, testCase{
testType: serverTest,
@@ -3546,68 +3492,6 @@ func addExtensionTests() {
// long.
flags: []string{"-host-name", "01234567890123456789012345678901234567890123456789012345678901234567890123456789.com"},
})
-
- // Extensions should not function in SSL 3.0.
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "SSLv3Extensions-NoALPN",
- config: Config{
- MaxVersion: VersionSSL30,
- NextProtos: []string{"foo", "bar", "baz"},
- },
- flags: []string{
- "-select-alpn", "foo",
- },
- expectNoNextProto: true,
- })
-
- // Test session tickets separately as they follow a different codepath.
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "SSLv3Extensions-NoTickets",
- config: Config{
- MaxVersion: VersionSSL30,
- Bugs: ProtocolBugs{
- // Historically, session tickets in SSL 3.0
- // failed in different ways depending on whether
- // the client supported renegotiation_info.
- NoRenegotiationInfo: true,
- },
- },
- resumeSession: true,
- })
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "SSLv3Extensions-NoTickets2",
- config: Config{
- MaxVersion: VersionSSL30,
- },
- resumeSession: true,
- })
-
- // But SSL 3.0 does send and process renegotiation_info.
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "SSLv3Extensions-RenegotiationInfo",
- config: Config{
- MaxVersion: VersionSSL30,
- Bugs: ProtocolBugs{
- RequireRenegotiationInfo: true,
- },
- },
- })
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "SSLv3Extensions-RenegotiationInfo-SCSV",
- config: Config{
- MaxVersion: VersionSSL30,
- Bugs: ProtocolBugs{
- NoRenegotiationInfo: true,
- SendRenegotiationSCSV: true,
- RequireRenegotiationInfo: true,
- },
- },
- })
}
func addResumptionVersionTests() {
@@ -3719,7 +3603,8 @@ func addRenegotiationTests() {
testCases = append(testCases, testCase{
testType: serverTest,
name: "Renegotiate-Server-Forbidden",
- renegotiate: 1,
+ renegotiate: true,
+ flags: []string{"-reject-peer-renegotiations"},
shouldFail: true,
expectedError: ":NO_RENEGOTIATION:",
expectedLocalError: "remote error: no renegotiation",
@@ -3758,33 +3643,27 @@ func addRenegotiationTests() {
FailIfResumeOnRenego: true,
},
},
- renegotiate: 1,
- flags: []string{
- "-renegotiate-freely",
- "-expect-total-renegotiations", "1",
- },
+ renegotiate: true,
})
testCases = append(testCases, testCase{
name: "Renegotiate-Client-EmptyExt",
- renegotiate: 1,
+ renegotiate: true,
config: Config{
Bugs: ProtocolBugs{
EmptyRenegotiationInfo: true,
},
},
- flags: []string{"-renegotiate-freely"},
shouldFail: true,
expectedError: ":RENEGOTIATION_MISMATCH:",
})
testCases = append(testCases, testCase{
name: "Renegotiate-Client-BadExt",
- renegotiate: 1,
+ renegotiate: true,
config: Config{
Bugs: ProtocolBugs{
BadRenegotiationInfo: true,
},
},
- flags: []string{"-renegotiate-freely"},
shouldFail: true,
expectedError: ":RENEGOTIATION_MISMATCH:",
})
@@ -3801,58 +3680,50 @@ func addRenegotiationTests() {
})
testCases = append(testCases, testCase{
name: "Renegotiate-Client-NoExt-Allowed",
- renegotiate: 1,
+ renegotiate: true,
config: Config{
Bugs: ProtocolBugs{
NoRenegotiationInfo: true,
},
},
- flags: []string{
- "-renegotiate-freely",
- "-expect-total-renegotiations", "1",
- },
})
testCases = append(testCases, testCase{
name: "Renegotiate-Client-SwitchCiphers",
- renegotiate: 1,
+ renegotiate: true,
config: Config{
CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
},
renegotiateCiphers: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
- flags: []string{
- "-renegotiate-freely",
- "-expect-total-renegotiations", "1",
- },
})
testCases = append(testCases, testCase{
name: "Renegotiate-Client-SwitchCiphers2",
- renegotiate: 1,
+ renegotiate: true,
config: Config{
CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
},
renegotiateCiphers: []uint16{TLS_RSA_WITH_RC4_128_SHA},
- flags: []string{
- "-renegotiate-freely",
- "-expect-total-renegotiations", "1",
- },
+ })
+ testCases = append(testCases, testCase{
+ name: "Renegotiate-Client-Forbidden",
+ renegotiate: true,
+ flags: []string{"-reject-peer-renegotiations"},
+ shouldFail: true,
+ expectedError: ":NO_RENEGOTIATION:",
+ expectedLocalError: "remote error: no renegotiation",
})
testCases = append(testCases, testCase{
name: "Renegotiate-SameClientVersion",
- renegotiate: 1,
+ renegotiate: true,
config: Config{
MaxVersion: VersionTLS10,
Bugs: ProtocolBugs{
RequireSameRenegoClientVersion: true,
},
},
- flags: []string{
- "-renegotiate-freely",
- "-expect-total-renegotiations", "1",
- },
})
testCases = append(testCases, testCase{
name: "Renegotiate-FalseStart",
- renegotiate: 1,
+ renegotiate: true,
config: Config{
CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
NextProtos: []string{"foo"},
@@ -3860,52 +3731,9 @@ func addRenegotiationTests() {
flags: []string{
"-false-start",
"-select-next-proto", "foo",
- "-renegotiate-freely",
- "-expect-total-renegotiations", "1",
},
shimWritesFirst: true,
})
-
- // Client-side renegotiation controls.
- testCases = append(testCases, testCase{
- name: "Renegotiate-Client-Forbidden-1",
- renegotiate: 1,
- shouldFail: true,
- expectedError: ":NO_RENEGOTIATION:",
- expectedLocalError: "remote error: no renegotiation",
- })
- testCases = append(testCases, testCase{
- name: "Renegotiate-Client-Once-1",
- renegotiate: 1,
- flags: []string{
- "-renegotiate-once",
- "-expect-total-renegotiations", "1",
- },
- })
- testCases = append(testCases, testCase{
- name: "Renegotiate-Client-Freely-1",
- renegotiate: 1,
- flags: []string{
- "-renegotiate-freely",
- "-expect-total-renegotiations", "1",
- },
- })
- testCases = append(testCases, testCase{
- name: "Renegotiate-Client-Once-2",
- renegotiate: 2,
- flags: []string{"-renegotiate-once"},
- shouldFail: true,
- expectedError: ":NO_RENEGOTIATION:",
- expectedLocalError: "remote error: no renegotiation",
- })
- testCases = append(testCases, testCase{
- name: "Renegotiate-Client-Freely-2",
- renegotiate: 2,
- flags: []string{
- "-renegotiate-freely",
- "-expect-total-renegotiations", "2",
- },
- })
}
func addDTLSReplayTests() {
generated by cgit v1.1 at 2024-05-20 04:08:13 +0000