Extend test framework for Record Size Limit Extension

Fixes #7006 Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2023-02-06 12:54:29 +01:00 · 2023-02-06 12:54:29 +01:00 · aa31b19395
commit aa31b19395
parent 94c9c96c94
1 changed files with 42 additions and 0 deletions
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@ -669,6 +669,19 @@ requires_gnutls_next_disable_tls13_compat() {
    fi
 }

+# skip next test if GnuTLS does not support the record size limit extension
+requires_gnutls_record_size_limit() {
+    requires_gnutls_next
+    if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then
+        GNUTLS_RECORD_SIZE_LIMIT_AVAILABLE="NO"
+    else
+        GNUTLS_RECORD_SIZE_LIMIT_AVAILABLE="YES"
+    fi
+    if [ "$GNUTLS_RECORD_SIZE_LIMIT_AVAILABLE" = "NO" ]; then
+        SKIP_NEXT="YES"
+    fi
+}
+
 # skip next test if IPv6 isn't available on this host
 requires_ipv6() {
    if [ -z "${HAS_IPV6:-}" ]; then
@ -4652,6 +4665,35 @@ run_test    "Max fragment length: DTLS client, larger message" \
            -c "found max_fragment_length extension" \
            -c "fragment larger than.*maximum"

+# Tests for Record Size Limit extension
+
+# gnutls feature tests: check if the record size limit extension is supported with TLS 1.2.
+requires_gnutls_record_size_limit
+run_test    "Record Size Limit: Test gnutls record size limit feature" \
+            "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:+CIPHER-ALL --disable-client-cert -d 4" \
+            "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2 -V -d 4" \
+            0 \
+            -c "Preparing extension (Record Size Limit/28) for 'client hello'"\
+            -s "Parsing extension 'Record Size Limit/28' (2 bytes)" \
+            -s "Preparing extension (Record Size Limit/28) for 'TLS 1.2 server hello'" \
+            -c "Parsing extension 'Record Size Limit/28' (2 bytes)" \
+            -s "Version: TLS1.2" \
+            -c "Version: TLS1.2"
+
+# gnutls feature tests: check if the record size limit extension is supported with TLS 1.3.
+requires_gnutls_tls1_3
+requires_gnutls_record_size_limit
+run_test    "Record Size Limit: TLS 1.3: Test gnutls record size limit feature" \
+            "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL --disable-client-cert -d 4" \
+            "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4" \
+            0 \
+            -c "Preparing extension (Record Size Limit/28) for 'client hello'"\
+            -s "Parsing extension 'Record Size Limit/28' (2 bytes)" \
+            -s "Preparing extension (Record Size Limit/28) for 'encrypted extensions'" \
+            -c "Parsing extension 'Record Size Limit/28' (2 bytes)" \
+            -s "Version: TLS1.3" \
+            -c "Version: TLS1.3"
+
 # Tests for renegotiation

 # Renegotiation SCSV always added, regardless of SSL_RENEGOTIATION