commit f6521de17b8f98a8b1876cb3a9e0cf9fe637ab57
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Apr 07 12:42:04 2014 +0200
committer Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Apr 07 12:42:04 2014 +0200
tree bda105326718fdc400f847875f6af3474380f702
parent 89e35798aec47c2a1eda1b0bc32d2914f002e1fc

Add ALPN tests to ssl-opt.sh

Only self-op for now, required peer versions are a bit high:
- OpenSSL 1.0.2-beta
- GnuTLS 3.2.0 (released 2013-05-10) (gnutls-cli only)

library/ssl_cli.c

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 999a39b..0a69f4d 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -396,7 +396,7 @@
         return;
     }
 
-    SSL_DEBUG_MSG( 3, ( "client hello, adding ALPN extension" ) );
+    SSL_DEBUG_MSG( 3, ( "client hello, adding alpn extension" ) );
 
     *p++ = (unsigned char)( ( TLS_EXT_ALPN >> 8 ) & 0xFF );
     *p++ = (unsigned char)( ( TLS_EXT_ALPN      ) & 0xFF );

library/ssl_srv.c

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 2cbc798..08f6eea 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1450,7 +1450,7 @@
 
 #if defined(POLARSSL_SSL_ALPN)
         case TLS_EXT_ALPN:
-            SSL_DEBUG_MSG( 3, ( "found ALPN extension" ) );
+            SSL_DEBUG_MSG( 3, ( "found alpn extension" ) );
 
             ret = ssl_parse_alpn_ext( ssl, ext + 4, ext_size );
             if( ret != 0 )
@@ -1708,7 +1708,7 @@
         return;
     }
 
-    SSL_DEBUG_MSG( 3, ( "server hello, alpn extension" ) );
+    SSL_DEBUG_MSG( 3, ( "server hello, adding alpn extension" ) );
 
     /*
      * 0 . 1    ext identifier

tests/ssl-opt.sh

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 60efe8d..cc89bfe 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -804,6 +804,8 @@
             -C "ssl_handshake returned" \
             -c "Read from server: .* bytes read"
 
+# Tests for version negotiation
+
 run_test    "Version check #1 (all -> 1.2)" \
             "$P_SRV" \
             "$P_CLI" \
@@ -874,6 +876,92 @@
             -c "ssl_handshake returned" \
             -s "SSL - Handshake protocol not within min/max boundaries"
 
+# Tests for ALPN extension
+
+run_test    "ALPN #0 (none)" \
+            "$P_SRV debug_level=4" \
+            "$P_CLI debug_level=4" \
+            0 \
+            -C "client hello, adding alpn extension" \
+            -S "found alpn extension" \
+            -C "got an alert message, type: \\[2:120]" \
+            -S "server hello, adding alpn extension" \
+            -C "found alpn extension " \
+            -C "Application Layer Protocol is" \
+            -S "Application Layer Protocol is"
+
+run_test    "ALPN #1 (client only)" \
+            "$P_SRV debug_level=4" \
+            "$P_CLI debug_level=4 alpn=abc,1234" \
+            0 \
+            -c "client hello, adding alpn extension" \
+            -s "found alpn extension" \
+            -C "got an alert message, type: \\[2:120]" \
+            -S "server hello, adding alpn extension" \
+            -C "found alpn extension " \
+            -c "Application Layer Protocol is (none)" \
+            -S "Application Layer Protocol is"
+
+run_test    "ALPN #2 (server only)" \
+            "$P_SRV debug_level=4 alpn=abc,1234" \
+            "$P_CLI debug_level=4" \
+            0 \
+            -C "client hello, adding alpn extension" \
+            -S "found alpn extension" \
+            -C "got an alert message, type: \\[2:120]" \
+            -S "server hello, adding alpn extension" \
+            -C "found alpn extension " \
+            -C "Application Layer Protocol is" \
+            -s "Application Layer Protocol is (none)"
+
+run_test    "ALPN #3 (both, common cli1-srv1)" \
+            "$P_SRV debug_level=4 alpn=abc,1234" \
+            "$P_CLI debug_level=4 alpn=abc,1234" \
+            0 \
+            -c "client hello, adding alpn extension" \
+            -s "found alpn extension" \
+            -C "got an alert message, type: \\[2:120]" \
+            -s "server hello, adding alpn extension" \
+            -c "found alpn extension" \
+            -c "Application Layer Protocol is abc" \
+            -s "Application Layer Protocol is abc"
+
+run_test    "ALPN #4 (both, common cli2-srv1)" \
+            "$P_SRV debug_level=4 alpn=abc,1234" \
+            "$P_CLI debug_level=4 alpn=1234,abc" \
+            0 \
+            -c "client hello, adding alpn extension" \
+            -s "found alpn extension" \
+            -C "got an alert message, type: \\[2:120]" \
+            -s "server hello, adding alpn extension" \
+            -c "found alpn extension" \
+            -c "Application Layer Protocol is abc" \
+            -s "Application Layer Protocol is abc"
+
+run_test    "ALPN #5 (both, common cli1-srv2)" \
+            "$P_SRV debug_level=4 alpn=abc,1234" \
+            "$P_CLI debug_level=4 alpn=1234,abcde" \
+            0 \
+            -c "client hello, adding alpn extension" \
+            -s "found alpn extension" \
+            -C "got an alert message, type: \\[2:120]" \
+            -s "server hello, adding alpn extension" \
+            -c "found alpn extension" \
+            -c "Application Layer Protocol is 1234" \
+            -s "Application Layer Protocol is 1234"
+
+run_test    "ALPN #6 (both, no common)" \
+            "$P_SRV debug_level=4 alpn=abc,123" \
+            "$P_CLI debug_level=4 alpn=1234,abcde" \
+            1 \
+            -c "client hello, adding alpn extension" \
+            -s "found alpn extension" \
+            -c "got an alert message, type: \\[2:120]" \
+            -S "server hello, adding alpn extension" \
+            -C "found alpn extension" \
+            -C "Application Layer Protocol is 1234" \
+            -S "Application Layer Protocol is 1234"
+
 # Final report
 
 echo "------------------------------------------------------------------------"