commit 151f64283ffc91d2c5d3ee7d122cd36ded42cec0
author Jan Bruckner <jan@janbruckner.de> Fri Feb 10 12:45:19 2023 +0100
committer Jan Bruckner <jan@janbruckner.de> Tue Mar 14 08:41:25 2023 +0100
tree 892dd677aaa2794f17b7aad8e6ef3b41beb78d1b
parent 5a3629b6132c7dd4a517ebb6e572bb6dbaeb9888

Add parsing for Record Size Limit extension in TLS 1.3

Fixes #7007

Signed-off-by: Jan Bruckner <jan@janbruckner.de>

tests/ssl-opt.sh

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index d73ef0f..f60edc5 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -4727,32 +4727,37 @@
 
 # Tests for Record Size Limit extension
 
-# gnutls feature tests: check if the record size limit extension is supported with TLS 1.2.
-requires_gnutls_record_size_limit
-run_test    "Record Size Limit: Test gnutls record size limit feature" \
-            "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:+CIPHER-ALL --disable-client-cert -d 4" \
-            "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2 -V -d 4" \
-            0 \
-            -c "Preparing extension (Record Size Limit/28) for 'client hello'"\
-            -s "Parsing extension 'Record Size Limit/28' (2 bytes)" \
-            -s "Preparing extension (Record Size Limit/28) for 'TLS 1.2 server hello'" \
-            -c "Parsing extension 'Record Size Limit/28' (2 bytes)" \
-            -s "Version: TLS1.2" \
-            -c "Version: TLS1.2"
-
-# gnutls feature tests: check if the record size limit extension is supported with TLS 1.3.
 requires_gnutls_tls1_3
 requires_gnutls_record_size_limit
-run_test    "Record Size Limit: TLS 1.3: Test gnutls record size limit feature" \
-            "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL --disable-client-cert -d 4" \
+requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
+run_test    "Record Size Limit: TLS 1.3: Server-side parsing, debug output and fatal alert" \
+            "$P_SRV debug_level=3 force_version=tls13" \
             "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4" \
+            1 \
+            -c "Preparing extension (Record Size Limit/28) for 'client hello'" \
+            -c "Sending extension Record Size Limit/28 (2 bytes)" \
+            -s "ClientHello: record_size_limit(28) extension received."\
+            -s "found record_size_limit extension" \
+            -s "RecordSizeLimit: 16385 Bytes" \
+            -c "Received alert \[110]: An unsupported extension was sent"
+
+requires_gnutls_tls1_3
+requires_gnutls_record_size_limit
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
+run_test    "Record Size Limit: TLS 1.3: Client-side parsing, debug output and fatal alert" \
+            "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert -d 4" \
+            "$P_CLI debug_level=4 force_version=tls13" \
             0 \
-            -c "Preparing extension (Record Size Limit/28) for 'client hello'"\
-            -s "Parsing extension 'Record Size Limit/28' (2 bytes)" \
-            -s "Preparing extension (Record Size Limit/28) for 'encrypted extensions'" \
-            -c "Parsing extension 'Record Size Limit/28' (2 bytes)" \
-            -s "Version: TLS1.3" \
-            -c "Version: TLS1.3"
+            -s "Preparing extension (Record Size Limit/28) for 'encrypted extensions'"
+# The P_CLI can not yet send the Record Size Limit extension. Thus, the G_NEXT_SRV does not send
+# a response in its EncryptedExtensions record.
+#            -s "Parsing extension 'Record Size Limit/28 (2 bytes)" \
+#            -s "Sending extension Record Size Limit/28 (2 bytes)" \
+#            -c "EncryptedExtensions: record_size_limit(28) extension received."\
+#            -c "found record_size_limit extension" \
+#            -c "RecordSizeLimit: 16385 Bytes" \
+#            -s "Received alert \[110]: An unsupported extension was sent"
 
 # Tests for renegotiation