commit 780d671f9d88f71d64c5830ab11ecf6562de8757
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Thu Feb 20 17:19:59 2014 +0100
committer Manuel Pégourié-Gonnard <mpg@elzevir.fr> Fri Mar 14 08:41:00 2014 +0100
tree 27699d949715b8c2c4c647c2cb36b202ee90d113
parent de14378a53d154f3fbdba2b4931736ac46c8e3c1

Add tests for renegotiation

tests/ssl-opt.sh

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index ad0b2e5..0dd072b 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -32,7 +32,9 @@
     shift 2
 
     # check client exit code
-    if [ "$1" = 0 -a "$CLI_EXIT" != 0 ]; then
+    if [ \( "$1" = 0 -a "$CLI_EXIT" != 0 \) -o \
+         \( "$1" != 0 -a "$CLI_EXIT" = 0 \) ]
+    then
         echo "FAIL - client exit"
         return
     fi
@@ -84,12 +86,22 @@
 
 killall -q openssl ssl_server ssl_server2
 
-run_test    "Truncated HMAC" \
+# Tests for Truncated HMAC extension
+
+run_test    "Truncated HMAC #0" \
+            "debug_level=5" \
+            "trunc_hmac=0 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
+            0 \
+            -s "dumping 'computed mac' (20 bytes)"
+
+run_test    "Truncated HMAC #1" \
             "debug_level=5" \
             "trunc_hmac=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
             0 \
             -s "dumping 'computed mac' (10 bytes)"
 
+# Tests for Session Tickets
+
 run_test    "Session resume using tickets" \
             "debug_level=4 tickets=1" \
             "debug_level=4 reconnect=1 tickets=1" \
@@ -99,6 +111,8 @@
             -s "a session has been resumed" \
             -c "a session has been resumed"
 
+# Test for Session Resume base in session-ID and cache
+
 run_test    "Session resume using cache #1" \
             "debug_level=4 tickets=0" \
             "debug_level=4 reconnect=1 tickets=1" \
@@ -117,6 +131,8 @@
             -s "a session has been resumed" \
             -c "a session has been resumed"
 
+# Tests for Max Fragment Length extension
+
 run_test    "Max fragment length #1" \
             "debug_level=4" \
             "debug_level=4" \
@@ -143,3 +159,85 @@
             -S "found max fragment length extension" \
             -S "server hello, max_fragment_length extension" \
             -C "found max_fragment_length extension"
+
+# Tests for renegotiation
+
+run_test    "Renegotiation #0 (none)" \
+            "debug_level=4" \
+            "debug_level=4" \
+            0 \
+            -C "client hello, adding renegotiation extension" \
+            -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
+            -S "found renegotiation extension" \
+            -s "server hello, secure renegotiation extension" \
+            -c "found renegotiation extension" \
+            -C "renegotiate" \
+            -S "renegotiate" \
+            -S "write hello request"
+
+run_test    "Renegotiation #1 (enabled, client-initiated)" \
+            "debug_level=4" \
+            "debug_level=4 renegotiate=1" \
+            0 \
+            -c "client hello, adding renegotiation extension" \
+            -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
+            -s "found renegotiation extension" \
+            -s "server hello, secure renegotiation extension" \
+            -c "found renegotiation extension" \
+            -c "renegotiate" \
+            -s "renegotiate" \
+            -S "write hello request"
+
+run_test    "Renegotiation #2 (enabled, server-initiated)" \
+            "debug_level=4 renegotiate=1" \
+            "debug_level=4" \
+            0 \
+            -c "client hello, adding renegotiation extension" \
+            -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
+            -s "found renegotiation extension" \
+            -s "server hello, secure renegotiation extension" \
+            -c "found renegotiation extension" \
+            -c "renegotiate" \
+            -s "renegotiate" \
+            -s "write hello request"
+
+run_test    "Renegotiation #3 (enabled, double)" \
+            "debug_level=4 renegotiate=1" \
+            "debug_level=4 renegotiate=1" \
+            0 \
+            -c "client hello, adding renegotiation extension" \
+            -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
+            -s "found renegotiation extension" \
+            -s "server hello, secure renegotiation extension" \
+            -c "found renegotiation extension" \
+            -c "renegotiate" \
+            -s "renegotiate" \
+            -s "write hello request"
+
+run_test    "Renegotiation #4 (client-initiated, server-rejected)" \
+            "debug_level=4 renegotiation=0" \
+            "debug_level=4 renegotiate=1" \
+            1 \
+            -c "client hello, adding renegotiation extension" \
+            -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
+            -S "found renegotiation extension" \
+            -s "server hello, secure renegotiation extension" \
+            -c "found renegotiation extension" \
+            -c "renegotiate" \
+            -S "renegotiate" \
+            -S "write hello request"
+
+run_test    "Renegotiation #5 (server-initiated, client-rejected)" \
+            "debug_level=4 renegotiate=1" \
+            "debug_level=4 renegotiation=0" \
+            0 \
+            -C "client hello, adding renegotiation extension" \
+            -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
+            -S "found renegotiation extension" \
+            -s "server hello, secure renegotiation extension" \
+            -c "found renegotiation extension" \
+            -C "renegotiate" \
+            -S "renegotiate" \
+            -s "write hello request" \
+            -s "SSL - An unexpected message was received from our peer" \
+            -s "failed"