tls13: srv: Fail connection if ticket lifetime exceed 7 days Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> Signed-off-by: Ronald Cron <ronald.cron@arm.com>

commit: ce79488dd544be0081c13b301a9b0bfc946adb08 [log] [tgz]
author: Jerry Yu <jerry.h.yu@arm.com> Wed Nov 22 15:01:18 2023 +0800
committer: Ronald Cron <ronald.cron@arm.com> Sun Mar 10 17:42:43 2024 +0100
tree: e14ef6bc49cd88562a84113fc13f4a2b5baa018a
parent: 97dfc726f342131ad99f8d7f5a7b03dc6789ee9c [diff]
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index fd2fc0a..3d76501 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh

@@ -13532,6 +13532,42 @@
             -s "key exchange mode: psk_ephemeral" \
             -s "found pre_shared_key extension"
 
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
+                             MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
+                             MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+                             MBEDTLS_DEBUG_C \
+                             MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+                             MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test    "TLS 1.3 m->m: NewSessionTicket: Ticket lifetime max value (7d)" \
+            "$P_SRV debug_level=1 crt_file=data_files/server5.crt key_file=data_files/server5.key ticket_timeout=604800 tickets=1" \
+            "$P_CLI reco_mode=1 reconnect=1" \
+            0 \
+            -c "Protocol is TLSv1.3" \
+            -c "HTTP/1.0 200 OK" \
+            -c "got new session ticket" \
+            -c "Reconnecting with saved session... ok" \
+            -s "Protocol is TLSv1.3" \
+            -S "Ticket lifetime (604800) is greater than 7 days."
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
+                             MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
+                             MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+                             MBEDTLS_DEBUG_C \
+                             MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+                             MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test    "TLS 1.3 m->m: NewSessionTicket: Ticket lifetime too long (7d + 1s)" \
+            "$P_SRV debug_level=1 crt_file=data_files/server5.crt key_file=data_files/server5.key ticket_timeout=604801 tickets=1" \
+            "$P_CLI reco_mode=1 reconnect=1" \
+            1 \
+            -c "Protocol is TLSv1.3" \
+            -C "HTTP/1.0 200 OK" \
+            -C "got new session ticket" \
+            -C "Reconnecting with saved session... ok" \
+            -S "Protocol is TLSv1.3" \
+            -s "Ticket lifetime (604801) is greater than 7 days."
+
 requires_openssl_tls1_3_with_compatible_ephemeral
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_DEBUG_C
commit	ce79488dd544be0081c13b301a9b0bfc946adb08	[log] [tgz]
author	Jerry Yu <jerry.h.yu@arm.com>	Wed Nov 22 15:01:18 2023 +0800
committer	Ronald Cron <ronald.cron@arm.com>	Sun Mar 10 17:42:43 2024 +0100
tree	e14ef6bc49cd88562a84113fc13f4a2b5baa018a
parent	97dfc726f342131ad99f8d7f5a7b03dc6789ee9c [diff]