mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 14:05:28 +00:00
Add tests for ssl_set_renegotiation_enforced()
This commit is contained in:
parent
a9964dbcd5
commit
fae355e8ee
|
@ -99,6 +99,7 @@ int main( int argc, char *argv[] )
|
|||
#define DFL_RENEGOTIATION SSL_RENEGOTIATION_DISABLED
|
||||
#define DFL_ALLOW_LEGACY SSL_LEGACY_NO_RENEGOTIATION
|
||||
#define DFL_RENEGOTIATE 0
|
||||
#define DFL_RENEGO_DELAY -2
|
||||
#define DFL_MIN_VERSION -1
|
||||
#define DFL_MAX_VERSION -1
|
||||
#define DFL_AUTH_MODE SSL_VERIFY_OPTIONAL
|
||||
|
@ -159,6 +160,7 @@ struct options
|
|||
int renegotiation; /* enable / disable renegotiation */
|
||||
int allow_legacy; /* allow legacy renegotiation */
|
||||
int renegotiate; /* attempt renegotiation? */
|
||||
int renego_delay; /* delay before enforcing renegotiation */
|
||||
int min_version; /* minimum protocol version accepted */
|
||||
int max_version; /* maximum protocol version accepted */
|
||||
int auth_mode; /* verify mode for connection */
|
||||
|
@ -676,6 +678,7 @@ int main( int argc, char *argv[] )
|
|||
opt.renegotiation = DFL_RENEGOTIATION;
|
||||
opt.allow_legacy = DFL_ALLOW_LEGACY;
|
||||
opt.renegotiate = DFL_RENEGOTIATE;
|
||||
opt.renego_delay = DFL_RENEGO_DELAY;
|
||||
opt.min_version = DFL_MIN_VERSION;
|
||||
opt.max_version = DFL_MAX_VERSION;
|
||||
opt.auth_mode = DFL_AUTH_MODE;
|
||||
|
@ -765,6 +768,10 @@ int main( int argc, char *argv[] )
|
|||
if( opt.renegotiate < 0 || opt.renegotiate > 1 )
|
||||
goto usage;
|
||||
}
|
||||
else if( strcmp( p, "renego_delay" ) == 0 )
|
||||
{
|
||||
opt.renego_delay = atoi( q );
|
||||
}
|
||||
else if( strcmp( p, "min_version" ) == 0 )
|
||||
{
|
||||
if( strcmp( q, "ssl3" ) == 0 )
|
||||
|
@ -1264,6 +1271,8 @@ int main( int argc, char *argv[] )
|
|||
|
||||
ssl_set_renegotiation( &ssl, opt.renegotiation );
|
||||
ssl_legacy_renegotiation( &ssl, opt.allow_legacy );
|
||||
if( opt.renego_delay != DFL_RENEGO_DELAY )
|
||||
ssl_set_renegotiation_enforced( &ssl, opt.renego_delay );
|
||||
|
||||
#if defined(POLARSSL_X509_CRT_PARSE_C)
|
||||
if( strcmp( opt.ca_path, "none" ) != 0 &&
|
||||
|
|
|
@ -616,9 +616,11 @@ run_test "Renegotiation #4 (client-initiated, server-rejected)" \
|
|||
-c "found renegotiation extension" \
|
||||
-c "=> renegotiate" \
|
||||
-S "=> renegotiate" \
|
||||
-S "write hello request"
|
||||
-S "write hello request" \
|
||||
-c "SSL - An unexpected message was received from our peer" \
|
||||
-c "failed"
|
||||
|
||||
run_test "Renegotiation #5 (server-initiated, client-rejected)" \
|
||||
run_test "Renegotiation #5 (server-initiated, client-rejected, default)" \
|
||||
"$P_SRV debug_level=4 renegotiation=1 renegotiate=1" \
|
||||
"$P_CLI debug_level=4 renegotiation=0" \
|
||||
0 \
|
||||
|
@ -633,6 +635,70 @@ run_test "Renegotiation #5 (server-initiated, client-rejected)" \
|
|||
-S "SSL - An unexpected message was received from our peer" \
|
||||
-S "failed"
|
||||
|
||||
run_test "Renegotiation #6 (server-initiated, client-rejected, not enforced)" \
|
||||
"$P_SRV debug_level=4 renegotiation=1 renegotiate=1 \
|
||||
renego_delay=-1" \
|
||||
"$P_CLI debug_level=4 renegotiation=0" \
|
||||
0 \
|
||||
-C "client hello, adding renegotiation extension" \
|
||||
-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
|
||||
-S "found renegotiation extension" \
|
||||
-s "server hello, secure renegotiation extension" \
|
||||
-c "found renegotiation extension" \
|
||||
-C "=> renegotiate" \
|
||||
-S "=> renegotiate" \
|
||||
-s "write hello request" \
|
||||
-S "SSL - An unexpected message was received from our peer" \
|
||||
-S "failed"
|
||||
|
||||
run_test "Renegotiation #7 (server-initiated, client-rejected, delay 1)" \
|
||||
"$P_SRV debug_level=4 renegotiation=1 renegotiate=1 \
|
||||
renego_delay=1" \
|
||||
"$P_CLI debug_level=4 renegotiation=0" \
|
||||
0 \
|
||||
-C "client hello, adding renegotiation extension" \
|
||||
-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
|
||||
-S "found renegotiation extension" \
|
||||
-s "server hello, secure renegotiation extension" \
|
||||
-c "found renegotiation extension" \
|
||||
-C "=> renegotiate" \
|
||||
-S "=> renegotiate" \
|
||||
-s "write hello request" \
|
||||
-S "SSL - An unexpected message was received from our peer" \
|
||||
-S "failed"
|
||||
|
||||
run_test "Renegotiation #8 (server-initiated, client-rejected, delay 0)" \
|
||||
"$P_SRV debug_level=4 renegotiation=1 renegotiate=1 \
|
||||
renego_delay=0" \
|
||||
"$P_CLI debug_level=4 renegotiation=0" \
|
||||
0 \
|
||||
-C "client hello, adding renegotiation extension" \
|
||||
-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
|
||||
-S "found renegotiation extension" \
|
||||
-s "server hello, secure renegotiation extension" \
|
||||
-c "found renegotiation extension" \
|
||||
-C "=> renegotiate" \
|
||||
-S "=> renegotiate" \
|
||||
-s "write hello request" \
|
||||
-s "SSL - An unexpected message was received from our peer" \
|
||||
-s "failed"
|
||||
|
||||
run_test "Renegotiation #9 (server-initiated, client-accepted, delay 0)" \
|
||||
"$P_SRV debug_level=4 renegotiation=1 renegotiate=1 \
|
||||
renego_delay=0" \
|
||||
"$P_CLI debug_level=4 renegotiation=1" \
|
||||
0 \
|
||||
-c "client hello, adding renegotiation extension" \
|
||||
-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
|
||||
-s "found renegotiation extension" \
|
||||
-s "server hello, secure renegotiation extension" \
|
||||
-c "found renegotiation extension" \
|
||||
-c "=> renegotiate" \
|
||||
-s "=> renegotiate" \
|
||||
-s "write hello request" \
|
||||
-S "SSL - An unexpected message was received from our peer" \
|
||||
-S "failed"
|
||||
|
||||
# Tests for auth_mode
|
||||
|
||||
run_test "Authentication #1 (server badcert, client required)" \
|
||||
|
|
Loading…
Reference in a new issue