Merge remote-tracking branch 'origin/master'

# Conflicts: # README.md
2026-06-17 18:33:39 +08:00 · 2017-02-14 16:12:29 +08:00
parent d2254170b8
commit 43fed1108d
3503 changed files with 320546 additions and 408546 deletions
--- a/test/ssl-tests/18-dtls-renegotiate.conf.in
+++ b/test/ssl-tests/18-dtls-renegotiate.conf.in
@@ -0,0 +1,98 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## Test Renegotiation
+
+use strict;
+use warnings;
+
+package ssltests;
+
+my $dir_sep = $^O ne "VMS" ? "/" : "";
+
+our @tests = (
+    {
+        name => "renegotiate-client-no-resume",
+        server => {
+            "Options" => "NoResumptionOnRenegotiation"
+        },
+        client => {},
+        test => {
+            "Method" => "DTLS",
+            "HandshakeMode" => "RenegotiateClient",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "renegotiate-client-resume",
+        server => {},
+        client => {},
+        test => {
+            "Method" => "DTLS",
+            "HandshakeMode" => "RenegotiateClient",
+            "ResumptionExpected" => "Yes",
+            "ExpectedResult" => "Success"
+        }
+    },
+# Note: Unlike the TLS tests, we will never do resumption with server
+# initiated reneg. This is because an OpenSSL DTLS client will always do a full
+# handshake (i.e. it doesn't supply a session id) when it receives a
+# HelloRequest. This is different to the OpenSSL TLS implementation where an
+# OpenSSL client will always try an abbreviated handshake (i.e. it will supply
+# the session id). This goes all the way to commit 48ae85b6f when abbreviated
+# handshake support was first added. Neither behaviour is wrong, but the
+# discrepancy is strange. TODO: Should we harmonise the TLS and DTLS behaviour,
+# and if so, what to?
+    {
+        name => "renegotiate-server-resume",
+        server => {},
+        client => {},
+        test => {
+            "Method" => "DTLS",
+            "HandshakeMode" => "RenegotiateServer",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "renegotiate-client-auth-require",
+        server => {
+            "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
+            "VerifyMode" => "Require",
+        },
+        client => {
+            "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
+            "PrivateKey"  => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem"
+        },
+        test => {
+            "Method" => "DTLS",
+            "HandshakeMode" => "RenegotiateServer",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "renegotiate-client-auth-once",
+        server => {
+            "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
+            "VerifyMode" => "Once",
+        },
+        client => {
+            "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
+            "PrivateKey"  => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem"
+        },
+        test => {
+            "Method" => "DTLS",
+            "HandshakeMode" => "RenegotiateServer",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    }
+);