commit aa31b193954508c612702d60213163e7ecab9ef6
author Jan Bruckner <jan@janbruckner.de> Mon Feb 06 12:54:29 2023 +0100
committer Jan Bruckner <jan@janbruckner.de> Mon Feb 06 12:54:29 2023 +0100
tree f38278e2ac1ae8289e39917002c6b16e34ab2b08
parent 94c9c96c945f5f95ca904b95f53c57049a11cdff

Extend test framework for Record Size Limit Extension

Fixes #7006

Signed-off-by: Jan Bruckner <jan@janbruckner.de>

tests/ssl-opt.sh

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 37936fc..c176d0d 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -669,6 +669,19 @@
     fi
 }
 
+# skip next test if GnuTLS does not support the record size limit extension
+requires_gnutls_record_size_limit() {
+    requires_gnutls_next
+    if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then
+        GNUTLS_RECORD_SIZE_LIMIT_AVAILABLE="NO"
+    else
+        GNUTLS_RECORD_SIZE_LIMIT_AVAILABLE="YES"
+    fi
+    if [ "$GNUTLS_RECORD_SIZE_LIMIT_AVAILABLE" = "NO" ]; then
+        SKIP_NEXT="YES"
+    fi
+}
+
 # skip next test if IPv6 isn't available on this host
 requires_ipv6() {
     if [ -z "${HAS_IPV6:-}" ]; then
@@ -4652,6 +4665,35 @@
             -c "found max_fragment_length extension" \
             -c "fragment larger than.*maximum"
 
+# Tests for Record Size Limit extension
+
+# gnutls feature tests: check if the record size limit extension is supported with TLS 1.2.
+requires_gnutls_record_size_limit
+run_test    "Record Size Limit: Test gnutls record size limit feature" \
+            "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:+CIPHER-ALL --disable-client-cert -d 4" \
+            "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2 -V -d 4" \
+            0 \
+            -c "Preparing extension (Record Size Limit/28) for 'client hello'"\
+            -s "Parsing extension 'Record Size Limit/28' (2 bytes)" \
+            -s "Preparing extension (Record Size Limit/28) for 'TLS 1.2 server hello'" \
+            -c "Parsing extension 'Record Size Limit/28' (2 bytes)" \
+            -s "Version: TLS1.2" \
+            -c "Version: TLS1.2"
+
+# gnutls feature tests: check if the record size limit extension is supported with TLS 1.3.
+requires_gnutls_tls1_3
+requires_gnutls_record_size_limit
+run_test    "Record Size Limit: TLS 1.3: Test gnutls record size limit feature" \
+            "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL --disable-client-cert -d 4" \
+            "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4" \
+            0 \
+            -c "Preparing extension (Record Size Limit/28) for 'client hello'"\
+            -s "Parsing extension 'Record Size Limit/28' (2 bytes)" \
+            -s "Preparing extension (Record Size Limit/28) for 'encrypted extensions'" \
+            -c "Parsing extension 'Record Size Limit/28' (2 bytes)" \
+            -s "Version: TLS1.3" \
+            -c "Version: TLS1.3"
+
 # Tests for renegotiation
 
 # Renegotiation SCSV always added, regardless of SSL_RENEGOTIATION