Add tests for MTU with renegotiation
This exercises our computation of record expansion.
This commit is contained in:
Manuel Pégourié-Gonnard
parent
b747c6cf9b
commit
72c2707d9c
1 changed files with 161 additions and 0 deletions
161
tests/ssl-opt.sh
161
tests/ssl-opt.sh
|
|
@ -5047,6 +5047,167 @@ run_test "DTLS fragmenting: both (MTU)" \
|
|||
-c "found fragmented DTLS handshake message" \
|
||||
-C "error"
|
||||
|
||||
# the proxy shouldn't drop or mess up anything, so we shouldn't need to resend
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
run_test "DTLS fragmenting: proxy MTU, simple handshake" \
|
||||
-p "$P_PXY mtu=512" \
|
||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||
crt_file=data_files/server7_int-ca.crt \
|
||||
key_file=data_files/server7.key \
|
||||
mtu=512" \
|
||||
"$P_CLI dtls=1 debug_level=2 \
|
||||
crt_file=data_files/server8_int-ca2.crt \
|
||||
key_file=data_files/server8.key \
|
||||
mtu=512" \
|
||||
0 \
|
||||
-S "resend" \
|
||||
-C "resend" \
|
||||
-s "found fragmented DTLS handshake message" \
|
||||
-c "found fragmented DTLS handshake message" \
|
||||
-C "error"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
|
||||
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||
requires_config_enabled MBEDTLS_CHACHAPOLY_C
|
||||
run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \
|
||||
-p "$P_PXY mtu=512" \
|
||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||
crt_file=data_files/server7_int-ca.crt \
|
||||
key_file=data_files/server7.key \
|
||||
exchanges=2 renegotiation=1 \
|
||||
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 \
|
||||
mtu=512" \
|
||||
"$P_CLI dtls=1 debug_level=2 \
|
||||
crt_file=data_files/server8_int-ca2.crt \
|
||||
key_file=data_files/server8.key \
|
||||
exchanges=2 renegotiation=1 renegotiate=1 \
|
||||
mtu=512" \
|
||||
0 \
|
||||
-S "resend" \
|
||||
-C "resend" \
|
||||
-s "found fragmented DTLS handshake message" \
|
||||
-c "found fragmented DTLS handshake message" \
|
||||
-C "error"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
|
||||
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
requires_config_enabled MBEDTLS_GCM_C
|
||||
run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \
|
||||
-p "$P_PXY mtu=512" \
|
||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||
crt_file=data_files/server7_int-ca.crt \
|
||||
key_file=data_files/server7.key \
|
||||
exchanges=2 renegotiation=1 \
|
||||
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
|
||||
mtu=512" \
|
||||
"$P_CLI dtls=1 debug_level=2 \
|
||||
crt_file=data_files/server8_int-ca2.crt \
|
||||
key_file=data_files/server8.key \
|
||||
exchanges=2 renegotiation=1 renegotiate=1 \
|
||||
mtu=512" \
|
||||
0 \
|
||||
-S "resend" \
|
||||
-C "resend" \
|
||||
-s "found fragmented DTLS handshake message" \
|
||||
-c "found fragmented DTLS handshake message" \
|
||||
-C "error"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
|
||||
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
requires_config_enabled MBEDTLS_CCM_C
|
||||
run_test "DTLS fragmenting: proxy MTU, AES-CCM renego" \
|
||||
-p "$P_PXY mtu=512" \
|
||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||
crt_file=data_files/server7_int-ca.crt \
|
||||
key_file=data_files/server7.key \
|
||||
exchanges=2 renegotiation=1 \
|
||||
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \
|
||||
mtu=512" \
|
||||
"$P_CLI dtls=1 debug_level=2 \
|
||||
crt_file=data_files/server8_int-ca2.crt \
|
||||
key_file=data_files/server8.key \
|
||||
exchanges=2 renegotiation=1 renegotiate=1 \
|
||||
mtu=512" \
|
||||
0 \
|
||||
-S "resend" \
|
||||
-C "resend" \
|
||||
-s "found fragmented DTLS handshake message" \
|
||||
-c "found fragmented DTLS handshake message" \
|
||||
-C "error"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
|
||||
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
|
||||
requires_config_enabled MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||
run_test "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \
|
||||
-p "$P_PXY mtu=512" \
|
||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||
crt_file=data_files/server7_int-ca.crt \
|
||||
key_file=data_files/server7.key \
|
||||
exchanges=2 renegotiation=1 \
|
||||
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
|
||||
mtu=512" \
|
||||
"$P_CLI dtls=1 debug_level=2 \
|
||||
crt_file=data_files/server8_int-ca2.crt \
|
||||
key_file=data_files/server8.key \
|
||||
exchanges=2 renegotiation=1 renegotiate=1 \
|
||||
mtu=512" \
|
||||
0 \
|
||||
-S "resend" \
|
||||
-C "resend" \
|
||||
-s "found fragmented DTLS handshake message" \
|
||||
-c "found fragmented DTLS handshake message" \
|
||||
-C "error"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
|
||||
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
|
||||
run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \
|
||||
-p "$P_PXY mtu=512" \
|
||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||
crt_file=data_files/server7_int-ca.crt \
|
||||
key_file=data_files/server7.key \
|
||||
exchanges=2 renegotiation=1 \
|
||||
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 etm=0 \
|
||||
mtu=512" \
|
||||
"$P_CLI dtls=1 debug_level=2 \
|
||||
crt_file=data_files/server8_int-ca2.crt \
|
||||
key_file=data_files/server8.key \
|
||||
exchanges=2 renegotiation=1 renegotiate=1 \
|
||||
mtu=512" \
|
||||
0 \
|
||||
-S "resend" \
|
||||
-C "resend" \
|
||||
-s "found fragmented DTLS handshake message" \
|
||||
-c "found fragmented DTLS handshake message" \
|
||||
-C "error"
|
||||
|
||||
# Tests for specific things with "unreliable" UDP connection
|
||||
|
||||
not_with_valgrind # spurious resend due to timeout
|
||||
|
|
|
|||
Loading…
Reference in a new issue