5 # This file is part of mbed TLS (https://tls.mbed.org)
7 # Copyright (c) 2016, ARM Limited, All Rights Reserved
11 # Executes tests to prove various TLS/SSL options and extensions.
13 # The goal is not to cover every ciphersuite/version, but instead to cover
14 # specific options (max fragment length, truncated hmac, etc) or procedures
15 # (session resumption from cache or ticket, renego, etc).
17 # The tests assume a build with default options, with exceptions expressed
18 # with a dependency. The tests focus on functionality and do not consider
24 # default values, can be overriden by the environment
25 : ${P_SRV:=../programs/ssl/ssl_server2}
26 : ${P_CLI:=../programs/ssl/ssl_client2}
27 : ${P_PXY:=../programs/test/udp_proxy}
28 : ${OPENSSL_CMD:=openssl} # OPENSSL would conflict with the build system
29 : ${GNUTLS_CLI:=gnutls-cli}
30 : ${GNUTLS_SERV:=gnutls-serv}
32 O_SRV="$OPENSSL_CMD s_server -www -cert data_files/server5.crt -key data_files/server5.key"
33 O_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_CMD s_client"
34 G_SRV="$GNUTLS_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
35 G_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_CLI --x509cafile data_files/test-ca_cat12.crt"
41 CONFIG_H='../include/mbedtls/config.h'
53 echo "Usage: $0 [options]"
54 printf " -h|--help\tPrint this help.\n"
55 printf " -m|--memcheck\tCheck memory leaks and errors.\n"
56 printf " -f|--filter\tOnly matching tests are executed (default: '$FILTER')\n"
57 printf " -e|--exclude\tMatching tests are excluded (default: '$EXCLUDE')\n"
58 printf " -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n"
59 printf " -s|--show-numbers\tShow test numbers in front of test names\n"
60 printf " -p|--preserve-logs\tPreserve logs of successful tests as well\n"
61 printf " --seed\tInteger seed value to use for this test run\n"
65 while [ $# -gt 0 ]; do
77 shift; RUN_TEST_NUMBER=$1
93 echo "Unknown argument: '$1'"
102 # skip next test if the flag is not enabled in config.h
103 requires_config_enabled() {
104 if grep "^#define $1" $CONFIG_H > /dev/null; then :; else
109 # skip next test if OpenSSL doesn't support FALLBACK_SCSV
110 requires_openssl_with_fallback_scsv() {
111 if [ -z "${OPENSSL_HAS_FBSCSV:-}" ]; then
112 if $OPENSSL_CMD s_client -help 2>&1 | grep fallback_scsv >/dev/null
114 OPENSSL_HAS_FBSCSV="YES"
116 OPENSSL_HAS_FBSCSV="NO"
119 if [ "$OPENSSL_HAS_FBSCSV" = "NO" ]; then
124 # skip next test if GnuTLS isn't available
126 if [ -z "${GNUTLS_AVAILABLE:-}" ]; then
127 if ( which "$GNUTLS_CLI" && which "$GNUTLS_SERV" ) >/dev/null 2>&1; then
128 GNUTLS_AVAILABLE="YES"
130 GNUTLS_AVAILABLE="NO"
133 if [ "$GNUTLS_AVAILABLE" = "NO" ]; then
138 # skip next test if IPv6 isn't available on this host
140 if [ -z "${HAS_IPV6:-}" ]; then
141 $P_SRV server_addr='::1' > $SRV_OUT 2>&1 &
144 kill $SRV_PID >/dev/null 2>&1
145 if grep "NET - Binding of the socket failed" $SRV_OUT >/dev/null; then
153 if [ "$HAS_IPV6" = "NO" ]; then
158 # skip the next test if valgrind is in use
159 not_with_valgrind() {
160 if [ "$MEMCHECK" -gt 0 ]; then
165 # skip the next test if valgrind is NOT in use
166 only_with_valgrind() {
167 if [ "$MEMCHECK" -eq 0 ]; then
172 # multiply the client timeout delay by the given factor for the next test
173 client_needs_more_time() {
177 # wait for the given seconds after the client finished in the next test
178 server_needs_more_time() {
184 TESTS=$(( $TESTS + 1 ))
187 if [ "$SHOW_TEST_NUMBER" -gt 0 ]; then
193 LEN=$(( 72 - `echo "$LINE" | wc -c` ))
194 for i in `seq 1 $LEN`; do printf '.'; done
204 mv $SRV_OUT o-srv-${TESTS}.log
205 mv $CLI_OUT o-cli-${TESTS}.log
206 if [ -n "$PXY_CMD" ]; then
207 mv $PXY_OUT o-pxy-${TESTS}.log
209 echo " ! outputs saved to o-XXX-${TESTS}.log"
211 if [ "X${USER:-}" = Xbuildbot -o "X${LOGNAME:-}" = Xbuildbot ]; then
212 echo " ! server output:"
213 cat o-srv-${TESTS}.log
214 echo " ! ========================================================"
215 echo " ! client output:"
216 cat o-cli-${TESTS}.log
217 if [ -n "$PXY_CMD" ]; then
218 echo " ! ========================================================"
219 echo " ! proxy output:"
220 cat o-pxy-${TESTS}.log
225 FAILS=$(( $FAILS + 1 ))
228 # is_polar <cmd_line>
230 echo "$1" | grep 'ssl_server2\|ssl_client2' > /dev/null
233 # openssl s_server doesn't have -www with DTLS
235 if echo "$SRV_CMD" | grep 's_server.*-dtls' >/dev/null; then
237 SRV_CMD="$( echo $SRV_CMD | sed s/-www// )"
243 # provide input to commands that need it
245 if [ $NEEDS_INPUT -eq 0 ]; then
250 echo "HTTP/1.0 200 OK"
255 # has_mem_err <log_file_name>
257 if ( grep -F 'All heap blocks were freed -- no leaks are possible' "$1" &&
258 grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$1" ) > /dev/null
260 return 1 # false: does not have errors
262 return 0 # true: has errors
266 # wait for server to start: two versions depending on lsof availability
267 wait_server_start() {
268 if which lsof >/dev/null 2>&1; then
269 START_TIME=$( date +%s )
272 # make a tight loop, server usually takes less than 1 sec to start
273 if [ "$DTLS" -eq 1 ]; then
274 while [ $DONE -eq 0 ]; do
275 if lsof -nbi UDP:"$SRV_PORT" 2>/dev/null | grep UDP >/dev/null
278 elif [ $(( $( date +%s ) - $START_TIME )) -gt $DOG_DELAY ]; then
279 echo "SERVERSTART TIMEOUT"
280 echo "SERVERSTART TIMEOUT" >> $SRV_OUT
285 while [ $DONE -eq 0 ]; do
286 if lsof -nbi TCP:"$SRV_PORT" 2>/dev/null | grep LISTEN >/dev/null
289 elif [ $(( $( date +%s ) - $START_TIME )) -gt $DOG_DELAY ]; then
290 echo "SERVERSTART TIMEOUT"
291 echo "SERVERSTART TIMEOUT" >> $SRV_OUT
301 # wait for client to terminate and set CLI_EXIT
302 # must be called right after starting the client
306 CLI_DELAY=$(( $DOG_DELAY * $CLI_DELAY_FACTOR ))
309 ( sleep $CLI_DELAY; echo "===CLIENT_TIMEOUT===" >> $CLI_OUT; kill $CLI_PID ) &
315 kill $DOG_PID >/dev/null 2>&1
318 echo "EXIT: $CLI_EXIT" >> $CLI_OUT
320 sleep $SRV_DELAY_SECONDS
324 # check if the given command uses dtls and sets global variable DTLS
326 if echo "$1" | grep 'dtls=1\|-dtls1\|-u' >/dev/null; then
333 # Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]]
334 # Options: -s pattern pattern that must be present in server output
335 # -c pattern pattern that must be present in client output
336 # -u pattern lines after pattern must be unique in client output
337 # -S pattern pattern that must be absent in server output
338 # -C pattern pattern that must be absent in client output
339 # -U pattern lines after pattern must be unique in server output
344 if echo "$NAME" | grep "$FILTER" | grep -v "$EXCLUDE" >/dev/null; then :
352 # Do we only run numbered tests?
353 if [ "X$RUN_TEST_NUMBER" = "X" ]; then :
354 elif echo ",$RUN_TEST_NUMBER," | grep ",$TESTS," >/dev/null; then :
360 if [ "X$SKIP_NEXT" = "XYES" ]; then
363 SKIPS=$(( $SKIPS + 1 ))
367 # does this test use a proxy?
368 if [ "X$1" = "X-p" ]; then
375 # get commands and client output
382 if [ -n "$PXY_CMD" ]; then
383 CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$PXY_PORT/g )
385 CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$SRV_PORT/g )
388 # update DTLS variable
389 detect_dtls "$SRV_CMD"
391 # prepend valgrind to our commands if active
392 if [ "$MEMCHECK" -gt 0 ]; then
393 if is_polar "$SRV_CMD"; then
394 SRV_CMD="valgrind --leak-check=full $SRV_CMD"
396 if is_polar "$CLI_CMD"; then
397 CLI_CMD="valgrind --leak-check=full $CLI_CMD"
402 while [ $TIMES_LEFT -gt 0 ]; do
403 TIMES_LEFT=$(( $TIMES_LEFT - 1 ))
406 if [ -n "$PXY_CMD" ]; then
407 echo "$PXY_CMD" > $PXY_OUT
408 $PXY_CMD >> $PXY_OUT 2>&1 &
410 # assume proxy starts faster than server
414 echo "$SRV_CMD" > $SRV_OUT
415 provide_input | $SRV_CMD >> $SRV_OUT 2>&1 &
419 echo "$CLI_CMD" > $CLI_OUT
420 eval "$CLI_CMD" >> $CLI_OUT 2>&1 &
423 # terminate the server (and the proxy)
426 if [ -n "$PXY_CMD" ]; then
427 kill $PXY_PID >/dev/null 2>&1
431 # retry only on timeouts
432 if grep '===CLIENT_TIMEOUT===' $CLI_OUT >/dev/null; then
439 # check if the client and server went at least to the handshake stage
440 # (useful to avoid tests with only negative assertions and non-zero
441 # expected client exit to incorrectly succeed in case of catastrophic
443 if is_polar "$SRV_CMD"; then
444 if grep "Performing the SSL/TLS handshake" $SRV_OUT >/dev/null; then :;
446 fail "server or client failed to reach handshake stage"
450 if is_polar "$CLI_CMD"; then
451 if grep "Performing the SSL/TLS handshake" $CLI_OUT >/dev/null; then :;
453 fail "server or client failed to reach handshake stage"
458 # check server exit code
464 # check client exit code
465 if [ \( "$CLI_EXPECT" = 0 -a "$CLI_EXIT" != 0 \) -o \
466 \( "$CLI_EXPECT" != 0 -a "$CLI_EXIT" = 0 \) ]
468 fail "bad client exit code (expected $CLI_EXPECT, got $CLI_EXIT)"
472 # check other assertions
473 # lines beginning with == are added by valgrind, ignore them
474 # lines with 'Serious error when reading debug info', are valgrind issues as well
479 if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else
480 fail "pattern '$2' MUST be present in the Server output"
486 if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else
487 fail "pattern '$2' MUST be present in the Client output"
493 if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then
494 fail "pattern '$2' MUST NOT be present in the Server output"
500 if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then
501 fail "pattern '$2' MUST NOT be present in the Client output"
506 # The filtering in the following two options (-u and -U) do the following
507 # - ignore valgrind output
508 # - filter out everything but lines right after the pattern occurances
509 # - keep one of each non-unique line
510 # - count how many lines remain
511 # A line with '--' will remain in the result from previous outputs, so the number of lines in the result will be 1
512 # if there were no duplicates.
514 if [ $(grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then
515 fail "lines following pattern '$2' must be unique in Server output"
521 if [ $(grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then
522 fail "lines following pattern '$2' must be unique in Client output"
528 echo "Unknown test: $1" >&2
534 # check valgrind's results
535 if [ "$MEMCHECK" -gt 0 ]; then
536 if is_polar "$SRV_CMD" && has_mem_err $SRV_OUT; then
537 fail "Server has memory errors"
540 if is_polar "$CLI_CMD" && has_mem_err $CLI_OUT; then
541 fail "Client has memory errors"
546 # if we're here, everything is ok
548 if [ "$PRESERVE_LOGS" -gt 0 ]; then
549 mv $SRV_OUT o-srv-${TESTS}.log
550 mv $CLI_OUT o-cli-${TESTS}.log
553 rm -f $SRV_OUT $CLI_OUT $PXY_OUT
557 rm -f $CLI_OUT $SRV_OUT $PXY_OUT $SESSION
558 test -n "${SRV_PID:-}" && kill $SRV_PID >/dev/null 2>&1
559 test -n "${PXY_PID:-}" && kill $PXY_PID >/dev/null 2>&1
560 test -n "${CLI_PID:-}" && kill $CLI_PID >/dev/null 2>&1
561 test -n "${DOG_PID:-}" && kill $DOG_PID >/dev/null 2>&1
569 if cd $( dirname $0 ); then :; else
570 echo "cd $( dirname $0 ) failed" >&2
576 # sanity checks, avoid an avalanche of errors
577 if [ ! -x "$P_SRV" ]; then
578 echo "Command '$P_SRV' is not an executable file"
581 if [ ! -x "$P_CLI" ]; then
582 echo "Command '$P_CLI' is not an executable file"
585 if [ ! -x "$P_PXY" ]; then
586 echo "Command '$P_PXY' is not an executable file"
589 if [ "$MEMCHECK" -gt 0 ]; then
590 if which valgrind >/dev/null 2>&1; then :; else
591 echo "Memcheck not possible. Valgrind not found"
595 if which $OPENSSL_CMD >/dev/null 2>&1; then :; else
596 echo "Command '$OPENSSL_CMD' not found"
603 # be more patient with valgrind
604 if [ "$MEMCHECK" -gt 0 ]; then
614 # Pick a "unique" server port in the range 10000-19999, and a proxy port
616 PORT_BASE="$( printf $PORT_BASE | tail -c 4 )"
617 SRV_PORT="1$PORT_BASE"
618 PXY_PORT="2$PORT_BASE"
621 # fix commands to use this port, force IPv4 while at it
622 # +SRV_PORT will be replaced by either $SRV_PORT or $PXY_PORT later
623 P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT"
624 P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT"
625 P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}"
626 O_SRV="$O_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem"
627 O_CLI="$O_CLI -connect localhost:+SRV_PORT"
628 G_SRV="$G_SRV -p $SRV_PORT"
629 G_CLI="$G_CLI -p +SRV_PORT localhost"
631 # Also pick a unique name for intermediate files
639 trap cleanup INT TERM HUP
644 # - things work with all ciphersuites active (used with config-full in all.sh)
645 # - the expected (highest security) parameters are selected
646 # ("signature_algorithm ext: 6" means SHA-512 (highest common hash))
648 "$P_SRV debug_level=3" \
651 -s "Protocol is TLSv1.2" \
652 -s "Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \
653 -s "client hello v3, signature_algorithm ext: 6" \
654 -s "ECDHE curve: secp521r1" \
658 run_test "Default, DTLS" \
662 -s "Protocol is DTLSv1.2" \
663 -s "Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384"
665 # Test for uniqueness of IVs in AEAD ciphersuites
666 run_test "Unique IV in GCM" \
667 "$P_SRV exchanges=20 debug_level=4" \
668 "$P_CLI exchanges=20 debug_level=4 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \
673 # Tests for rc4 option
675 requires_config_enabled MBEDTLS_REMOVE_ARC4_CIPHERSUITES
676 run_test "RC4: server disabled, client enabled" \
678 "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
680 -s "SSL - The server has no ciphersuites in common"
682 requires_config_enabled MBEDTLS_REMOVE_ARC4_CIPHERSUITES
683 run_test "RC4: server half, client enabled" \
685 "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
687 -s "SSL - The server has no ciphersuites in common"
689 run_test "RC4: server enabled, client disabled" \
690 "$P_SRV force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
693 -s "SSL - The server has no ciphersuites in common"
695 run_test "RC4: both enabled" \
696 "$P_SRV force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
697 "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
699 -S "SSL - None of the common ciphersuites is usable" \
700 -S "SSL - The server has no ciphersuites in common"
702 # Tests for Truncated HMAC extension
704 run_test "Truncated HMAC: client default, server default" \
705 "$P_SRV debug_level=4" \
706 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
708 -s "dumping 'computed mac' (20 bytes)" \
709 -S "dumping 'computed mac' (10 bytes)"
711 run_test "Truncated HMAC: client disabled, server default" \
712 "$P_SRV debug_level=4" \
713 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
716 -s "dumping 'computed mac' (20 bytes)" \
717 -S "dumping 'computed mac' (10 bytes)"
719 run_test "Truncated HMAC: client enabled, server default" \
720 "$P_SRV debug_level=4" \
721 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
724 -s "dumping 'computed mac' (20 bytes)" \
725 -S "dumping 'computed mac' (10 bytes)"
727 run_test "Truncated HMAC: client enabled, server disabled" \
728 "$P_SRV debug_level=4 trunc_hmac=0" \
729 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
732 -s "dumping 'computed mac' (20 bytes)" \
733 -S "dumping 'computed mac' (10 bytes)"
735 run_test "Truncated HMAC: client enabled, server enabled" \
736 "$P_SRV debug_level=4 trunc_hmac=1" \
737 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
740 -S "dumping 'computed mac' (20 bytes)" \
741 -s "dumping 'computed mac' (10 bytes)"
743 # Tests for Encrypt-then-MAC extension
745 run_test "Encrypt then MAC: default" \
746 "$P_SRV debug_level=3 \
747 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
748 "$P_CLI debug_level=3" \
750 -c "client hello, adding encrypt_then_mac extension" \
751 -s "found encrypt then mac extension" \
752 -s "server hello, adding encrypt then mac extension" \
753 -c "found encrypt_then_mac extension" \
754 -c "using encrypt then mac" \
755 -s "using encrypt then mac"
757 run_test "Encrypt then MAC: client enabled, server disabled" \
758 "$P_SRV debug_level=3 etm=0 \
759 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
760 "$P_CLI debug_level=3 etm=1" \
762 -c "client hello, adding encrypt_then_mac extension" \
763 -s "found encrypt then mac extension" \
764 -S "server hello, adding encrypt then mac extension" \
765 -C "found encrypt_then_mac extension" \
766 -C "using encrypt then mac" \
767 -S "using encrypt then mac"
769 run_test "Encrypt then MAC: client enabled, aead cipher" \
770 "$P_SRV debug_level=3 etm=1 \
771 force_ciphersuite=TLS-RSA-WITH-AES-128-GCM-SHA256" \
772 "$P_CLI debug_level=3 etm=1" \
774 -c "client hello, adding encrypt_then_mac extension" \
775 -s "found encrypt then mac extension" \
776 -S "server hello, adding encrypt then mac extension" \
777 -C "found encrypt_then_mac extension" \
778 -C "using encrypt then mac" \
779 -S "using encrypt then mac"
781 run_test "Encrypt then MAC: client enabled, stream cipher" \
782 "$P_SRV debug_level=3 etm=1 \
783 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
784 "$P_CLI debug_level=3 etm=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
786 -c "client hello, adding encrypt_then_mac extension" \
787 -s "found encrypt then mac extension" \
788 -S "server hello, adding encrypt then mac extension" \
789 -C "found encrypt_then_mac extension" \
790 -C "using encrypt then mac" \
791 -S "using encrypt then mac"
793 run_test "Encrypt then MAC: client disabled, server enabled" \
794 "$P_SRV debug_level=3 etm=1 \
795 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
796 "$P_CLI debug_level=3 etm=0" \
798 -C "client hello, adding encrypt_then_mac extension" \
799 -S "found encrypt then mac extension" \
800 -S "server hello, adding encrypt then mac extension" \
801 -C "found encrypt_then_mac extension" \
802 -C "using encrypt then mac" \
803 -S "using encrypt then mac"
805 requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
806 run_test "Encrypt then MAC: client SSLv3, server enabled" \
807 "$P_SRV debug_level=3 min_version=ssl3 \
808 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
809 "$P_CLI debug_level=3 force_version=ssl3" \
811 -C "client hello, adding encrypt_then_mac extension" \
812 -S "found encrypt then mac extension" \
813 -S "server hello, adding encrypt then mac extension" \
814 -C "found encrypt_then_mac extension" \
815 -C "using encrypt then mac" \
816 -S "using encrypt then mac"
818 requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
819 run_test "Encrypt then MAC: client enabled, server SSLv3" \
820 "$P_SRV debug_level=3 force_version=ssl3 \
821 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
822 "$P_CLI debug_level=3 min_version=ssl3" \
824 -c "client hello, adding encrypt_then_mac extension" \
825 -S "found encrypt then mac extension" \
826 -S "server hello, adding encrypt then mac extension" \
827 -C "found encrypt_then_mac extension" \
828 -C "using encrypt then mac" \
829 -S "using encrypt then mac"
831 # Tests for Extended Master Secret extension
833 run_test "Extended Master Secret: default" \
834 "$P_SRV debug_level=3" \
835 "$P_CLI debug_level=3" \
837 -c "client hello, adding extended_master_secret extension" \
838 -s "found extended master secret extension" \
839 -s "server hello, adding extended master secret extension" \
840 -c "found extended_master_secret extension" \
841 -c "using extended master secret" \
842 -s "using extended master secret"
844 run_test "Extended Master Secret: client enabled, server disabled" \
845 "$P_SRV debug_level=3 extended_ms=0" \
846 "$P_CLI debug_level=3 extended_ms=1" \
848 -c "client hello, adding extended_master_secret extension" \
849 -s "found extended master secret extension" \
850 -S "server hello, adding extended master secret extension" \
851 -C "found extended_master_secret extension" \
852 -C "using extended master secret" \
853 -S "using extended master secret"
855 run_test "Extended Master Secret: client disabled, server enabled" \
856 "$P_SRV debug_level=3 extended_ms=1" \
857 "$P_CLI debug_level=3 extended_ms=0" \
859 -C "client hello, adding extended_master_secret extension" \
860 -S "found extended master secret extension" \
861 -S "server hello, adding extended master secret extension" \
862 -C "found extended_master_secret extension" \
863 -C "using extended master secret" \
864 -S "using extended master secret"
866 requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
867 run_test "Extended Master Secret: client SSLv3, server enabled" \
868 "$P_SRV debug_level=3 min_version=ssl3" \
869 "$P_CLI debug_level=3 force_version=ssl3" \
871 -C "client hello, adding extended_master_secret extension" \
872 -S "found extended master secret extension" \
873 -S "server hello, adding extended master secret extension" \
874 -C "found extended_master_secret extension" \
875 -C "using extended master secret" \
876 -S "using extended master secret"
878 requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
879 run_test "Extended Master Secret: client enabled, server SSLv3" \
880 "$P_SRV debug_level=3 force_version=ssl3" \
881 "$P_CLI debug_level=3 min_version=ssl3" \
883 -c "client hello, adding extended_master_secret extension" \
884 -S "found extended master secret extension" \
885 -S "server hello, adding extended master secret extension" \
886 -C "found extended_master_secret extension" \
887 -C "using extended master secret" \
888 -S "using extended master secret"
890 # Tests for FALLBACK_SCSV
892 run_test "Fallback SCSV: default" \
893 "$P_SRV debug_level=2" \
894 "$P_CLI debug_level=3 force_version=tls1_1" \
896 -C "adding FALLBACK_SCSV" \
897 -S "received FALLBACK_SCSV" \
898 -S "inapropriate fallback" \
899 -C "is a fatal alert message (msg 86)"
901 run_test "Fallback SCSV: explicitly disabled" \
902 "$P_SRV debug_level=2" \
903 "$P_CLI debug_level=3 force_version=tls1_1 fallback=0" \
905 -C "adding FALLBACK_SCSV" \
906 -S "received FALLBACK_SCSV" \
907 -S "inapropriate fallback" \
908 -C "is a fatal alert message (msg 86)"
910 run_test "Fallback SCSV: enabled" \
911 "$P_SRV debug_level=2" \
912 "$P_CLI debug_level=3 force_version=tls1_1 fallback=1" \
914 -c "adding FALLBACK_SCSV" \
915 -s "received FALLBACK_SCSV" \
916 -s "inapropriate fallback" \
917 -c "is a fatal alert message (msg 86)"
919 run_test "Fallback SCSV: enabled, max version" \
920 "$P_SRV debug_level=2" \
921 "$P_CLI debug_level=3 fallback=1" \
923 -c "adding FALLBACK_SCSV" \
924 -s "received FALLBACK_SCSV" \
925 -S "inapropriate fallback" \
926 -C "is a fatal alert message (msg 86)"
928 requires_openssl_with_fallback_scsv
929 run_test "Fallback SCSV: default, openssl server" \
931 "$P_CLI debug_level=3 force_version=tls1_1 fallback=0" \
933 -C "adding FALLBACK_SCSV" \
934 -C "is a fatal alert message (msg 86)"
936 requires_openssl_with_fallback_scsv
937 run_test "Fallback SCSV: enabled, openssl server" \
939 "$P_CLI debug_level=3 force_version=tls1_1 fallback=1" \
941 -c "adding FALLBACK_SCSV" \
942 -c "is a fatal alert message (msg 86)"
944 requires_openssl_with_fallback_scsv
945 run_test "Fallback SCSV: disabled, openssl client" \
946 "$P_SRV debug_level=2" \
949 -S "received FALLBACK_SCSV" \
950 -S "inapropriate fallback"
952 requires_openssl_with_fallback_scsv
953 run_test "Fallback SCSV: enabled, openssl client" \
954 "$P_SRV debug_level=2" \
955 "$O_CLI -tls1_1 -fallback_scsv" \
957 -s "received FALLBACK_SCSV" \
958 -s "inapropriate fallback"
960 requires_openssl_with_fallback_scsv
961 run_test "Fallback SCSV: enabled, max version, openssl client" \
962 "$P_SRV debug_level=2" \
963 "$O_CLI -fallback_scsv" \
965 -s "received FALLBACK_SCSV" \
966 -S "inapropriate fallback"
968 # Tests for CBC 1/n-1 record splitting
970 run_test "CBC Record splitting: TLS 1.2, no splitting" \
972 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
973 request_size=123 force_version=tls1_2" \
975 -s "Read from client: 123 bytes read" \
976 -S "Read from client: 1 bytes read" \
979 run_test "CBC Record splitting: TLS 1.1, no splitting" \
981 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
982 request_size=123 force_version=tls1_1" \
984 -s "Read from client: 123 bytes read" \
985 -S "Read from client: 1 bytes read" \
988 run_test "CBC Record splitting: TLS 1.0, splitting" \
990 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
991 request_size=123 force_version=tls1" \
993 -S "Read from client: 123 bytes read" \
994 -s "Read from client: 1 bytes read" \
997 requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
998 run_test "CBC Record splitting: SSLv3, splitting" \
999 "$P_SRV min_version=ssl3" \
1000 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
1001 request_size=123 force_version=ssl3" \
1003 -S "Read from client: 123 bytes read" \
1004 -s "Read from client: 1 bytes read" \
1007 run_test "CBC Record splitting: TLS 1.0 RC4, no splitting" \
1008 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
1009 "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
1010 request_size=123 force_version=tls1" \
1012 -s "Read from client: 123 bytes read" \
1013 -S "Read from client: 1 bytes read" \
1016 run_test "CBC Record splitting: TLS 1.0, splitting disabled" \
1018 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
1019 request_size=123 force_version=tls1 recsplit=0" \
1021 -s "Read from client: 123 bytes read" \
1022 -S "Read from client: 1 bytes read" \
1025 run_test "CBC Record splitting: TLS 1.0, splitting, nbio" \
1027 "$P_CLI nbio=2 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
1028 request_size=123 force_version=tls1" \
1030 -S "Read from client: 123 bytes read" \
1031 -s "Read from client: 1 bytes read" \
1034 # Tests for Session Tickets
1036 run_test "Session resume using tickets: basic" \
1037 "$P_SRV debug_level=3 tickets=1" \
1038 "$P_CLI debug_level=3 tickets=1 reconnect=1" \
1040 -c "client hello, adding session ticket extension" \
1041 -s "found session ticket extension" \
1042 -s "server hello, adding session ticket extension" \
1043 -c "found session_ticket extension" \
1044 -c "parse new session ticket" \
1045 -S "session successfully restored from cache" \
1046 -s "session successfully restored from ticket" \
1047 -s "a session has been resumed" \
1048 -c "a session has been resumed"
1050 run_test "Session resume using tickets: cache disabled" \
1051 "$P_SRV debug_level=3 tickets=1 cache_max=0" \
1052 "$P_CLI debug_level=3 tickets=1 reconnect=1" \
1054 -c "client hello, adding session ticket extension" \
1055 -s "found session ticket extension" \
1056 -s "server hello, adding session ticket extension" \
1057 -c "found session_ticket extension" \
1058 -c "parse new session ticket" \
1059 -S "session successfully restored from cache" \
1060 -s "session successfully restored from ticket" \
1061 -s "a session has been resumed" \
1062 -c "a session has been resumed"
1064 run_test "Session resume using tickets: timeout" \
1065 "$P_SRV debug_level=3 tickets=1 cache_max=0 ticket_timeout=1" \
1066 "$P_CLI debug_level=3 tickets=1 reconnect=1 reco_delay=2" \
1068 -c "client hello, adding session ticket extension" \
1069 -s "found session ticket extension" \
1070 -s "server hello, adding session ticket extension" \
1071 -c "found session_ticket extension" \
1072 -c "parse new session ticket" \
1073 -S "session successfully restored from cache" \
1074 -S "session successfully restored from ticket" \
1075 -S "a session has been resumed" \
1076 -C "a session has been resumed"
1078 run_test "Session resume using tickets: openssl server" \
1080 "$P_CLI debug_level=3 tickets=1 reconnect=1" \
1082 -c "client hello, adding session ticket extension" \
1083 -c "found session_ticket extension" \
1084 -c "parse new session ticket" \
1085 -c "a session has been resumed"
1087 run_test "Session resume using tickets: openssl client" \
1088 "$P_SRV debug_level=3 tickets=1" \
1089 "( $O_CLI -sess_out $SESSION; \
1090 $O_CLI -sess_in $SESSION; \
1093 -s "found session ticket extension" \
1094 -s "server hello, adding session ticket extension" \
1095 -S "session successfully restored from cache" \
1096 -s "session successfully restored from ticket" \
1097 -s "a session has been resumed"
1099 # Tests for Session Resume based on session-ID and cache
1101 run_test "Session resume using cache: tickets enabled on client" \
1102 "$P_SRV debug_level=3 tickets=0" \
1103 "$P_CLI debug_level=3 tickets=1 reconnect=1" \
1105 -c "client hello, adding session ticket extension" \
1106 -s "found session ticket extension" \
1107 -S "server hello, adding session ticket extension" \
1108 -C "found session_ticket extension" \
1109 -C "parse new session ticket" \
1110 -s "session successfully restored from cache" \
1111 -S "session successfully restored from ticket" \
1112 -s "a session has been resumed" \
1113 -c "a session has been resumed"
1115 run_test "Session resume using cache: tickets enabled on server" \
1116 "$P_SRV debug_level=3 tickets=1" \
1117 "$P_CLI debug_level=3 tickets=0 reconnect=1" \
1119 -C "client hello, adding session ticket extension" \
1120 -S "found session ticket extension" \
1121 -S "server hello, adding session ticket extension" \
1122 -C "found session_ticket extension" \
1123 -C "parse new session ticket" \
1124 -s "session successfully restored from cache" \
1125 -S "session successfully restored from ticket" \
1126 -s "a session has been resumed" \
1127 -c "a session has been resumed"
1129 run_test "Session resume using cache: cache_max=0" \
1130 "$P_SRV debug_level=3 tickets=0 cache_max=0" \
1131 "$P_CLI debug_level=3 tickets=0 reconnect=1" \
1133 -S "session successfully restored from cache" \
1134 -S "session successfully restored from ticket" \
1135 -S "a session has been resumed" \
1136 -C "a session has been resumed"
1138 run_test "Session resume using cache: cache_max=1" \
1139 "$P_SRV debug_level=3 tickets=0 cache_max=1" \
1140 "$P_CLI debug_level=3 tickets=0 reconnect=1" \
1142 -s "session successfully restored from cache" \
1143 -S "session successfully restored from ticket" \
1144 -s "a session has been resumed" \
1145 -c "a session has been resumed"
1147 run_test "Session resume using cache: timeout > delay" \
1148 "$P_SRV debug_level=3 tickets=0" \
1149 "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=0" \
1151 -s "session successfully restored from cache" \
1152 -S "session successfully restored from ticket" \
1153 -s "a session has been resumed" \
1154 -c "a session has been resumed"
1156 run_test "Session resume using cache: timeout < delay" \
1157 "$P_SRV debug_level=3 tickets=0 cache_timeout=1" \
1158 "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=2" \
1160 -S "session successfully restored from cache" \
1161 -S "session successfully restored from ticket" \
1162 -S "a session has been resumed" \
1163 -C "a session has been resumed"
1165 run_test "Session resume using cache: no timeout" \
1166 "$P_SRV debug_level=3 tickets=0 cache_timeout=0" \
1167 "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=2" \
1169 -s "session successfully restored from cache" \
1170 -S "session successfully restored from ticket" \
1171 -s "a session has been resumed" \
1172 -c "a session has been resumed"
1174 run_test "Session resume using cache: openssl client" \
1175 "$P_SRV debug_level=3 tickets=0" \
1176 "( $O_CLI -sess_out $SESSION; \
1177 $O_CLI -sess_in $SESSION; \
1180 -s "found session ticket extension" \
1181 -S "server hello, adding session ticket extension" \
1182 -s "session successfully restored from cache" \
1183 -S "session successfully restored from ticket" \
1184 -s "a session has been resumed"
1186 run_test "Session resume using cache: openssl server" \
1188 "$P_CLI debug_level=3 tickets=0 reconnect=1" \
1190 -C "found session_ticket extension" \
1191 -C "parse new session ticket" \
1192 -c "a session has been resumed"
1194 # Tests for Max Fragment Length extension
1196 run_test "Max fragment length: not used, reference" \
1197 "$P_SRV debug_level=3" \
1198 "$P_CLI debug_level=3" \
1200 -c "Maximum fragment length is 16384" \
1201 -s "Maximum fragment length is 16384" \
1202 -C "client hello, adding max_fragment_length extension" \
1203 -S "found max fragment length extension" \
1204 -S "server hello, max_fragment_length extension" \
1205 -C "found max_fragment_length extension"
1207 run_test "Max fragment length: used by client" \
1208 "$P_SRV debug_level=3" \
1209 "$P_CLI debug_level=3 max_frag_len=4096" \
1211 -c "Maximum fragment length is 4096" \
1212 -s "Maximum fragment length is 4096" \
1213 -c "client hello, adding max_fragment_length extension" \
1214 -s "found max fragment length extension" \
1215 -s "server hello, max_fragment_length extension" \
1216 -c "found max_fragment_length extension"
1218 run_test "Max fragment length: used by server" \
1219 "$P_SRV debug_level=3 max_frag_len=4096" \
1220 "$P_CLI debug_level=3" \
1222 -c "Maximum fragment length is 16384" \
1223 -s "Maximum fragment length is 4096" \
1224 -C "client hello, adding max_fragment_length extension" \
1225 -S "found max fragment length extension" \
1226 -S "server hello, max_fragment_length extension" \
1227 -C "found max_fragment_length extension"
1230 run_test "Max fragment length: gnutls server" \
1232 "$P_CLI debug_level=3 max_frag_len=4096" \
1234 -c "Maximum fragment length is 4096" \
1235 -c "client hello, adding max_fragment_length extension" \
1236 -c "found max_fragment_length extension"
1238 run_test "Max fragment length: client, message just fits" \
1239 "$P_SRV debug_level=3" \
1240 "$P_CLI debug_level=3 max_frag_len=2048 request_size=2048" \
1242 -c "Maximum fragment length is 2048" \
1243 -s "Maximum fragment length is 2048" \
1244 -c "client hello, adding max_fragment_length extension" \
1245 -s "found max fragment length extension" \
1246 -s "server hello, max_fragment_length extension" \
1247 -c "found max_fragment_length extension" \
1248 -c "2048 bytes written in 1 fragments" \
1249 -s "2048 bytes read"
1251 run_test "Max fragment length: client, larger message" \
1252 "$P_SRV debug_level=3" \
1253 "$P_CLI debug_level=3 max_frag_len=2048 request_size=2345" \
1255 -c "Maximum fragment length is 2048" \
1256 -s "Maximum fragment length is 2048" \
1257 -c "client hello, adding max_fragment_length extension" \
1258 -s "found max fragment length extension" \
1259 -s "server hello, max_fragment_length extension" \
1260 -c "found max_fragment_length extension" \
1261 -c "2345 bytes written in 2 fragments" \
1262 -s "2048 bytes read" \
1265 run_test "Max fragment length: DTLS client, larger message" \
1266 "$P_SRV debug_level=3 dtls=1" \
1267 "$P_CLI debug_level=3 dtls=1 max_frag_len=2048 request_size=2345" \
1269 -c "Maximum fragment length is 2048" \
1270 -s "Maximum fragment length is 2048" \
1271 -c "client hello, adding max_fragment_length extension" \
1272 -s "found max fragment length extension" \
1273 -s "server hello, max_fragment_length extension" \
1274 -c "found max_fragment_length extension" \
1275 -c "fragment larger than.*maximum"
1277 # Tests for renegotiation
1279 run_test "Renegotiation: none, for reference" \
1280 "$P_SRV debug_level=3 exchanges=2 auth_mode=optional" \
1281 "$P_CLI debug_level=3 exchanges=2" \
1283 -C "client hello, adding renegotiation extension" \
1284 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
1285 -S "found renegotiation extension" \
1286 -s "server hello, secure renegotiation extension" \
1287 -c "found renegotiation extension" \
1288 -C "=> renegotiate" \
1289 -S "=> renegotiate" \
1290 -S "write hello request"
1292 run_test "Renegotiation: client-initiated" \
1293 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \
1294 "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
1296 -c "client hello, adding renegotiation extension" \
1297 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
1298 -s "found renegotiation extension" \
1299 -s "server hello, secure renegotiation extension" \
1300 -c "found renegotiation extension" \
1301 -c "=> renegotiate" \
1302 -s "=> renegotiate" \
1303 -S "write hello request"
1305 run_test "Renegotiation: server-initiated" \
1306 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \
1307 "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \
1309 -c "client hello, adding renegotiation extension" \
1310 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
1311 -s "found renegotiation extension" \
1312 -s "server hello, secure renegotiation extension" \
1313 -c "found renegotiation extension" \
1314 -c "=> renegotiate" \
1315 -s "=> renegotiate" \
1316 -s "write hello request"
1318 run_test "Renegotiation: double" \
1319 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \
1320 "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
1322 -c "client hello, adding renegotiation extension" \
1323 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
1324 -s "found renegotiation extension" \
1325 -s "server hello, secure renegotiation extension" \
1326 -c "found renegotiation extension" \
1327 -c "=> renegotiate" \
1328 -s "=> renegotiate" \
1329 -s "write hello request"
1331 run_test "Renegotiation: client-initiated, server-rejected" \
1332 "$P_SRV debug_level=3 exchanges=2 renegotiation=0 auth_mode=optional" \
1333 "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
1335 -c "client hello, adding renegotiation extension" \
1336 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
1337 -S "found renegotiation extension" \
1338 -s "server hello, secure renegotiation extension" \
1339 -c "found renegotiation extension" \
1340 -c "=> renegotiate" \
1341 -S "=> renegotiate" \
1342 -S "write hello request" \
1343 -c "SSL - Unexpected message at ServerHello in renegotiation" \
1346 run_test "Renegotiation: server-initiated, client-rejected, default" \
1347 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 auth_mode=optional" \
1348 "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \
1350 -C "client hello, adding renegotiation extension" \
1351 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
1352 -S "found renegotiation extension" \
1353 -s "server hello, secure renegotiation extension" \
1354 -c "found renegotiation extension" \
1355 -C "=> renegotiate" \
1356 -S "=> renegotiate" \
1357 -s "write hello request" \
1358 -S "SSL - An unexpected message was received from our peer" \
1361 run_test "Renegotiation: server-initiated, client-rejected, not enforced" \
1362 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \
1363 renego_delay=-1 auth_mode=optional" \
1364 "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \
1366 -C "client hello, adding renegotiation extension" \
1367 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
1368 -S "found renegotiation extension" \
1369 -s "server hello, secure renegotiation extension" \
1370 -c "found renegotiation extension" \
1371 -C "=> renegotiate" \
1372 -S "=> renegotiate" \
1373 -s "write hello request" \
1374 -S "SSL - An unexpected message was received from our peer" \
1377 # delay 2 for 1 alert record + 1 application data record
1378 run_test "Renegotiation: server-initiated, client-rejected, delay 2" \
1379 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \
1380 renego_delay=2 auth_mode=optional" \
1381 "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \
1383 -C "client hello, adding renegotiation extension" \
1384 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
1385 -S "found renegotiation extension" \
1386 -s "server hello, secure renegotiation extension" \
1387 -c "found renegotiation extension" \
1388 -C "=> renegotiate" \
1389 -S "=> renegotiate" \
1390 -s "write hello request" \
1391 -S "SSL - An unexpected message was received from our peer" \
1394 run_test "Renegotiation: server-initiated, client-rejected, delay 0" \
1395 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \
1396 renego_delay=0 auth_mode=optional" \
1397 "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \
1399 -C "client hello, adding renegotiation extension" \
1400 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
1401 -S "found renegotiation extension" \
1402 -s "server hello, secure renegotiation extension" \
1403 -c "found renegotiation extension" \
1404 -C "=> renegotiate" \
1405 -S "=> renegotiate" \
1406 -s "write hello request" \
1407 -s "SSL - An unexpected message was received from our peer"
1409 run_test "Renegotiation: server-initiated, client-accepted, delay 0" \
1410 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \
1411 renego_delay=0 auth_mode=optional" \
1412 "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \
1414 -c "client hello, adding renegotiation extension" \
1415 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
1416 -s "found renegotiation extension" \
1417 -s "server hello, secure renegotiation extension" \
1418 -c "found renegotiation extension" \
1419 -c "=> renegotiate" \
1420 -s "=> renegotiate" \
1421 -s "write hello request" \
1422 -S "SSL - An unexpected message was received from our peer" \
1425 run_test "Renegotiation: periodic, just below period" \
1426 "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \
1427 "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \
1429 -C "client hello, adding renegotiation extension" \
1430 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
1431 -S "found renegotiation extension" \
1432 -s "server hello, secure renegotiation extension" \
1433 -c "found renegotiation extension" \
1434 -S "record counter limit reached: renegotiate" \
1435 -C "=> renegotiate" \
1436 -S "=> renegotiate" \
1437 -S "write hello request" \
1438 -S "SSL - An unexpected message was received from our peer" \
1441 # one extra exchange to be able to complete renego
1442 run_test "Renegotiation: periodic, just above period" \
1443 "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \
1444 "$P_CLI debug_level=3 exchanges=4 renegotiation=1" \
1446 -c "client hello, adding renegotiation extension" \
1447 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
1448 -s "found renegotiation extension" \
1449 -s "server hello, secure renegotiation extension" \
1450 -c "found renegotiation extension" \
1451 -s "record counter limit reached: renegotiate" \
1452 -c "=> renegotiate" \
1453 -s "=> renegotiate" \
1454 -s "write hello request" \
1455 -S "SSL - An unexpected message was received from our peer" \
1458 run_test "Renegotiation: periodic, two times period" \
1459 "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \
1460 "$P_CLI debug_level=3 exchanges=7 renegotiation=1" \
1462 -c "client hello, adding renegotiation extension" \
1463 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
1464 -s "found renegotiation extension" \
1465 -s "server hello, secure renegotiation extension" \
1466 -c "found renegotiation extension" \
1467 -s "record counter limit reached: renegotiate" \
1468 -c "=> renegotiate" \
1469 -s "=> renegotiate" \
1470 -s "write hello request" \
1471 -S "SSL - An unexpected message was received from our peer" \
1474 run_test "Renegotiation: periodic, above period, disabled" \
1475 "$P_SRV debug_level=3 exchanges=9 renegotiation=0 renego_period=3 auth_mode=optional" \
1476 "$P_CLI debug_level=3 exchanges=4 renegotiation=1" \
1478 -C "client hello, adding renegotiation extension" \
1479 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
1480 -S "found renegotiation extension" \
1481 -s "server hello, secure renegotiation extension" \
1482 -c "found renegotiation extension" \
1483 -S "record counter limit reached: renegotiate" \
1484 -C "=> renegotiate" \
1485 -S "=> renegotiate" \
1486 -S "write hello request" \
1487 -S "SSL - An unexpected message was received from our peer" \
1490 run_test "Renegotiation: nbio, client-initiated" \
1491 "$P_SRV debug_level=3 nbio=2 exchanges=2 renegotiation=1 auth_mode=optional" \
1492 "$P_CLI debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \
1494 -c "client hello, adding renegotiation extension" \
1495 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
1496 -s "found renegotiation extension" \
1497 -s "server hello, secure renegotiation extension" \
1498 -c "found renegotiation extension" \
1499 -c "=> renegotiate" \
1500 -s "=> renegotiate" \
1501 -S "write hello request"
1503 run_test "Renegotiation: nbio, server-initiated" \
1504 "$P_SRV debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1 auth_mode=optional" \
1505 "$P_CLI debug_level=3 nbio=2 exchanges=2 renegotiation=1" \
1507 -c "client hello, adding renegotiation extension" \
1508 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
1509 -s "found renegotiation extension" \
1510 -s "server hello, secure renegotiation extension" \
1511 -c "found renegotiation extension" \
1512 -c "=> renegotiate" \
1513 -s "=> renegotiate" \
1514 -s "write hello request"
1516 run_test "Renegotiation: openssl server, client-initiated" \
1518 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \
1520 -c "client hello, adding renegotiation extension" \
1521 -c "found renegotiation extension" \
1522 -c "=> renegotiate" \
1523 -C "ssl_hanshake() returned" \
1525 -c "HTTP/1.0 200 [Oo][Kk]"
1528 run_test "Renegotiation: gnutls server strict, client-initiated" \
1529 "$G_SRV --priority=NORMAL:%SAFE_RENEGOTIATION" \
1530 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \
1532 -c "client hello, adding renegotiation extension" \
1533 -c "found renegotiation extension" \
1534 -c "=> renegotiate" \
1535 -C "ssl_hanshake() returned" \
1537 -c "HTTP/1.0 200 [Oo][Kk]"
1540 run_test "Renegotiation: gnutls server unsafe, client-initiated default" \
1541 "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
1542 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \
1544 -c "client hello, adding renegotiation extension" \
1545 -C "found renegotiation extension" \
1546 -c "=> renegotiate" \
1547 -c "mbedtls_ssl_handshake() returned" \
1549 -C "HTTP/1.0 200 [Oo][Kk]"
1552 run_test "Renegotiation: gnutls server unsafe, client-inititated no legacy" \
1553 "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
1554 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \
1557 -c "client hello, adding renegotiation extension" \
1558 -C "found renegotiation extension" \
1559 -c "=> renegotiate" \
1560 -c "mbedtls_ssl_handshake() returned" \
1562 -C "HTTP/1.0 200 [Oo][Kk]"
1565 run_test "Renegotiation: gnutls server unsafe, client-inititated legacy" \
1566 "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
1567 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \
1570 -c "client hello, adding renegotiation extension" \
1571 -C "found renegotiation extension" \
1572 -c "=> renegotiate" \
1573 -C "ssl_hanshake() returned" \
1575 -c "HTTP/1.0 200 [Oo][Kk]"
1577 run_test "Renegotiation: DTLS, client-initiated" \
1578 "$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1" \
1579 "$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \
1581 -c "client hello, adding renegotiation extension" \
1582 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
1583 -s "found renegotiation extension" \
1584 -s "server hello, secure renegotiation extension" \
1585 -c "found renegotiation extension" \
1586 -c "=> renegotiate" \
1587 -s "=> renegotiate" \
1588 -S "write hello request"
1590 run_test "Renegotiation: DTLS, server-initiated" \
1591 "$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \
1592 "$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 \
1593 read_timeout=1000 max_resend=2" \
1595 -c "client hello, adding renegotiation extension" \
1596 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
1597 -s "found renegotiation extension" \
1598 -s "server hello, secure renegotiation extension" \
1599 -c "found renegotiation extension" \
1600 -c "=> renegotiate" \
1601 -s "=> renegotiate" \
1602 -s "write hello request"
1605 run_test "Renegotiation: DTLS, gnutls server, client-initiated" \
1606 "$G_SRV -u --mtu 4096" \
1607 "$P_CLI debug_level=3 dtls=1 exchanges=1 renegotiation=1 renegotiate=1" \
1609 -c "client hello, adding renegotiation extension" \
1610 -c "found renegotiation extension" \
1611 -c "=> renegotiate" \
1612 -C "mbedtls_ssl_handshake returned" \
1616 # Test for the "secure renegotation" extension only (no actual renegotiation)
1619 run_test "Renego ext: gnutls server strict, client default" \
1620 "$G_SRV --priority=NORMAL:%SAFE_RENEGOTIATION" \
1621 "$P_CLI debug_level=3" \
1623 -c "found renegotiation extension" \
1625 -c "HTTP/1.0 200 [Oo][Kk]"
1628 run_test "Renego ext: gnutls server unsafe, client default" \
1629 "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
1630 "$P_CLI debug_level=3" \
1632 -C "found renegotiation extension" \
1634 -c "HTTP/1.0 200 [Oo][Kk]"
1637 run_test "Renego ext: gnutls server unsafe, client break legacy" \
1638 "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
1639 "$P_CLI debug_level=3 allow_legacy=-1" \
1641 -C "found renegotiation extension" \
1643 -C "HTTP/1.0 200 [Oo][Kk]"
1646 run_test "Renego ext: gnutls client strict, server default" \
1647 "$P_SRV debug_level=3" \
1648 "$G_CLI --priority=NORMAL:%SAFE_RENEGOTIATION" \
1650 -s "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
1651 -s "server hello, secure renegotiation extension"
1654 run_test "Renego ext: gnutls client unsafe, server default" \
1655 "$P_SRV debug_level=3" \
1656 "$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
1658 -S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
1659 -S "server hello, secure renegotiation extension"
1662 run_test "Renego ext: gnutls client unsafe, server break legacy" \
1663 "$P_SRV debug_level=3 allow_legacy=-1" \
1664 "$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
1666 -S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
1667 -S "server hello, secure renegotiation extension"
1669 # Tests for silently dropping trailing extra bytes in .der certificates
1672 run_test "DER format: no trailing bytes" \
1673 "$P_SRV crt_file=data_files/server5-der0.crt \
1674 key_file=data_files/server5.key" \
1677 -c "Handshake was completed" \
1680 run_test "DER format: with a trailing zero byte" \
1681 "$P_SRV crt_file=data_files/server5-der1a.crt \
1682 key_file=data_files/server5.key" \
1685 -c "Handshake was completed" \
1688 run_test "DER format: with a trailing random byte" \
1689 "$P_SRV crt_file=data_files/server5-der1b.crt \
1690 key_file=data_files/server5.key" \
1693 -c "Handshake was completed" \
1696 run_test "DER format: with 2 trailing random bytes" \
1697 "$P_SRV crt_file=data_files/server5-der2.crt \
1698 key_file=data_files/server5.key" \
1701 -c "Handshake was completed" \
1704 run_test "DER format: with 4 trailing random bytes" \
1705 "$P_SRV crt_file=data_files/server5-der4.crt \
1706 key_file=data_files/server5.key" \
1709 -c "Handshake was completed" \
1712 run_test "DER format: with 8 trailing random bytes" \
1713 "$P_SRV crt_file=data_files/server5-der8.crt \
1714 key_file=data_files/server5.key" \
1717 -c "Handshake was completed" \
1720 run_test "DER format: with 9 trailing random bytes" \
1721 "$P_SRV crt_file=data_files/server5-der9.crt \
1722 key_file=data_files/server5.key" \
1725 -c "Handshake was completed" \
1727 # Tests for auth_mode
1729 run_test "Authentication: server badcert, client required" \
1730 "$P_SRV crt_file=data_files/server5-badsign.crt \
1731 key_file=data_files/server5.key" \
1732 "$P_CLI debug_level=1 auth_mode=required" \
1734 -c "x509_verify_cert() returned" \
1735 -c "! The certificate is not correctly signed by the trusted CA" \
1736 -c "! mbedtls_ssl_handshake returned" \
1737 -c "X509 - Certificate verification failed"
1739 run_test "Authentication: server badcert, client optional" \
1740 "$P_SRV crt_file=data_files/server5-badsign.crt \
1741 key_file=data_files/server5.key" \
1742 "$P_CLI debug_level=1 auth_mode=optional" \
1744 -c "x509_verify_cert() returned" \
1745 -c "! The certificate is not correctly signed by the trusted CA" \
1746 -C "! mbedtls_ssl_handshake returned" \
1747 -C "X509 - Certificate verification failed"
1749 run_test "Authentication: server badcert, client none" \
1750 "$P_SRV crt_file=data_files/server5-badsign.crt \
1751 key_file=data_files/server5.key" \
1752 "$P_CLI debug_level=1 auth_mode=none" \
1754 -C "x509_verify_cert() returned" \
1755 -C "! The certificate is not correctly signed by the trusted CA" \
1756 -C "! mbedtls_ssl_handshake returned" \
1757 -C "X509 - Certificate verification failed"
1759 run_test "Authentication: client SHA256, server required" \
1760 "$P_SRV auth_mode=required" \
1761 "$P_CLI debug_level=3 crt_file=data_files/server6.crt \
1762 key_file=data_files/server6.key \
1763 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \
1765 -c "Supported Signature Algorithm found: 4," \
1766 -c "Supported Signature Algorithm found: 5,"
1768 run_test "Authentication: client SHA384, server required" \
1769 "$P_SRV auth_mode=required" \
1770 "$P_CLI debug_level=3 crt_file=data_files/server6.crt \
1771 key_file=data_files/server6.key \
1772 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \
1774 -c "Supported Signature Algorithm found: 4," \
1775 -c "Supported Signature Algorithm found: 5,"
1777 run_test "Authentication: client badcert, server required" \
1778 "$P_SRV debug_level=3 auth_mode=required" \
1779 "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
1780 key_file=data_files/server5.key" \
1782 -S "skip write certificate request" \
1783 -C "skip parse certificate request" \
1784 -c "got a certificate request" \
1785 -C "skip write certificate" \
1786 -C "skip write certificate verify" \
1787 -S "skip parse certificate verify" \
1788 -s "x509_verify_cert() returned" \
1789 -s "! The certificate is not correctly signed by the trusted CA" \
1790 -s "! mbedtls_ssl_handshake returned" \
1791 -c "! mbedtls_ssl_handshake returned" \
1792 -s "X509 - Certificate verification failed"
1794 run_test "Authentication: client badcert, server optional" \
1795 "$P_SRV debug_level=3 auth_mode=optional" \
1796 "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
1797 key_file=data_files/server5.key" \
1799 -S "skip write certificate request" \
1800 -C "skip parse certificate request" \
1801 -c "got a certificate request" \
1802 -C "skip write certificate" \
1803 -C "skip write certificate verify" \
1804 -S "skip parse certificate verify" \
1805 -s "x509_verify_cert() returned" \
1806 -s "! The certificate is not correctly signed by the trusted CA" \
1807 -S "! mbedtls_ssl_handshake returned" \
1808 -C "! mbedtls_ssl_handshake returned" \
1809 -S "X509 - Certificate verification failed"
1811 run_test "Authentication: client badcert, server none" \
1812 "$P_SRV debug_level=3 auth_mode=none" \
1813 "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
1814 key_file=data_files/server5.key" \
1816 -s "skip write certificate request" \
1817 -C "skip parse certificate request" \
1818 -c "got no certificate request" \
1819 -c "skip write certificate" \
1820 -c "skip write certificate verify" \
1821 -s "skip parse certificate verify" \
1822 -S "x509_verify_cert() returned" \
1823 -S "! The certificate is not correctly signed by the trusted CA" \
1824 -S "! mbedtls_ssl_handshake returned" \
1825 -C "! mbedtls_ssl_handshake returned" \
1826 -S "X509 - Certificate verification failed"
1828 run_test "Authentication: client no cert, server optional" \
1829 "$P_SRV debug_level=3 auth_mode=optional" \
1830 "$P_CLI debug_level=3 crt_file=none key_file=none" \
1832 -S "skip write certificate request" \
1833 -C "skip parse certificate request" \
1834 -c "got a certificate request" \
1835 -C "skip write certificate$" \
1836 -C "got no certificate to send" \
1837 -S "SSLv3 client has no certificate" \
1838 -c "skip write certificate verify" \
1839 -s "skip parse certificate verify" \
1840 -s "! Certificate was missing" \
1841 -S "! mbedtls_ssl_handshake returned" \
1842 -C "! mbedtls_ssl_handshake returned" \
1843 -S "X509 - Certificate verification failed"
1845 run_test "Authentication: openssl client no cert, server optional" \
1846 "$P_SRV debug_level=3 auth_mode=optional" \
1849 -S "skip write certificate request" \
1850 -s "skip parse certificate verify" \
1851 -s "! Certificate was missing" \
1852 -S "! mbedtls_ssl_handshake returned" \
1853 -S "X509 - Certificate verification failed"
1855 run_test "Authentication: client no cert, openssl server optional" \
1856 "$O_SRV -verify 10" \
1857 "$P_CLI debug_level=3 crt_file=none key_file=none" \
1859 -C "skip parse certificate request" \
1860 -c "got a certificate request" \
1861 -C "skip write certificate$" \
1862 -c "skip write certificate verify" \
1863 -C "! mbedtls_ssl_handshake returned"
1865 requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
1866 run_test "Authentication: client no cert, ssl3" \
1867 "$P_SRV debug_level=3 auth_mode=optional force_version=ssl3" \
1868 "$P_CLI debug_level=3 crt_file=none key_file=none min_version=ssl3" \
1870 -S "skip write certificate request" \
1871 -C "skip parse certificate request" \
1872 -c "got a certificate request" \
1873 -C "skip write certificate$" \
1874 -c "skip write certificate verify" \
1875 -c "got no certificate to send" \
1876 -s "SSLv3 client has no certificate" \
1877 -s "skip parse certificate verify" \
1878 -s "! Certificate was missing" \
1879 -S "! mbedtls_ssl_handshake returned" \
1880 -C "! mbedtls_ssl_handshake returned" \
1881 -S "X509 - Certificate verification failed"
1883 # Tests for certificate selection based on SHA verson
1885 run_test "Certificate hash: client TLS 1.2 -> SHA-2" \
1886 "$P_SRV crt_file=data_files/server5.crt \
1887 key_file=data_files/server5.key \
1888 crt_file2=data_files/server5-sha1.crt \
1889 key_file2=data_files/server5.key" \
1890 "$P_CLI force_version=tls1_2" \
1892 -c "signed using.*ECDSA with SHA256" \
1893 -C "signed using.*ECDSA with SHA1"
1895 run_test "Certificate hash: client TLS 1.1 -> SHA-1" \
1896 "$P_SRV crt_file=data_files/server5.crt \
1897 key_file=data_files/server5.key \
1898 crt_file2=data_files/server5-sha1.crt \
1899 key_file2=data_files/server5.key" \
1900 "$P_CLI force_version=tls1_1" \
1902 -C "signed using.*ECDSA with SHA256" \
1903 -c "signed using.*ECDSA with SHA1"
1905 run_test "Certificate hash: client TLS 1.0 -> SHA-1" \
1906 "$P_SRV crt_file=data_files/server5.crt \
1907 key_file=data_files/server5.key \
1908 crt_file2=data_files/server5-sha1.crt \
1909 key_file2=data_files/server5.key" \
1910 "$P_CLI force_version=tls1" \
1912 -C "signed using.*ECDSA with SHA256" \
1913 -c "signed using.*ECDSA with SHA1"
1915 run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 1)" \
1916 "$P_SRV crt_file=data_files/server5.crt \
1917 key_file=data_files/server5.key \
1918 crt_file2=data_files/server6.crt \
1919 key_file2=data_files/server6.key" \
1920 "$P_CLI force_version=tls1_1" \
1922 -c "serial number.*09" \
1923 -c "signed using.*ECDSA with SHA256" \
1924 -C "signed using.*ECDSA with SHA1"
1926 run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 2)" \
1927 "$P_SRV crt_file=data_files/server6.crt \
1928 key_file=data_files/server6.key \
1929 crt_file2=data_files/server5.crt \
1930 key_file2=data_files/server5.key" \
1931 "$P_CLI force_version=tls1_1" \
1933 -c "serial number.*0A" \
1934 -c "signed using.*ECDSA with SHA256" \
1935 -C "signed using.*ECDSA with SHA1"
1939 run_test "SNI: no SNI callback" \
1940 "$P_SRV debug_level=3 \
1941 crt_file=data_files/server5.crt key_file=data_files/server5.key" \
1942 "$P_CLI server_name=localhost" \
1944 -S "parse ServerName extension" \
1945 -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \
1946 -c "subject name *: C=NL, O=PolarSSL, CN=localhost"
1948 run_test "SNI: matching cert 1" \
1949 "$P_SRV debug_level=3 \
1950 crt_file=data_files/server5.crt key_file=data_files/server5.key \
1951 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
1952 "$P_CLI server_name=localhost" \
1954 -s "parse ServerName extension" \
1955 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
1956 -c "subject name *: C=NL, O=PolarSSL, CN=localhost"
1958 run_test "SNI: matching cert 2" \
1959 "$P_SRV debug_level=3 \
1960 crt_file=data_files/server5.crt key_file=data_files/server5.key \
1961 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
1962 "$P_CLI server_name=polarssl.example" \
1964 -s "parse ServerName extension" \
1965 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
1966 -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example"
1968 run_test "SNI: no matching cert" \
1969 "$P_SRV debug_level=3 \
1970 crt_file=data_files/server5.crt key_file=data_files/server5.key \
1971 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
1972 "$P_CLI server_name=nonesuch.example" \
1974 -s "parse ServerName extension" \
1975 -s "ssl_sni_wrapper() returned" \
1976 -s "mbedtls_ssl_handshake returned" \
1977 -c "mbedtls_ssl_handshake returned" \
1978 -c "SSL - A fatal alert message was received from our peer"
1980 run_test "SNI: client auth no override: optional" \
1981 "$P_SRV debug_level=3 auth_mode=optional \
1982 crt_file=data_files/server5.crt key_file=data_files/server5.key \
1983 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-" \
1984 "$P_CLI debug_level=3 server_name=localhost" \
1986 -S "skip write certificate request" \
1987 -C "skip parse certificate request" \
1988 -c "got a certificate request" \
1989 -C "skip write certificate" \
1990 -C "skip write certificate verify" \
1991 -S "skip parse certificate verify"
1993 run_test "SNI: client auth override: none -> optional" \
1994 "$P_SRV debug_level=3 auth_mode=none \
1995 crt_file=data_files/server5.crt key_file=data_files/server5.key \
1996 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,optional" \
1997 "$P_CLI debug_level=3 server_name=localhost" \
1999 -S "skip write certificate request" \
2000 -C "skip parse certificate request" \
2001 -c "got a certificate request" \
2002 -C "skip write certificate" \
2003 -C "skip write certificate verify" \
2004 -S "skip parse certificate verify"
2006 run_test "SNI: client auth override: optional -> none" \
2007 "$P_SRV debug_level=3 auth_mode=optional \
2008 crt_file=data_files/server5.crt key_file=data_files/server5.key \
2009 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,none" \
2010 "$P_CLI debug_level=3 server_name=localhost" \
2012 -s "skip write certificate request" \
2013 -C "skip parse certificate request" \
2014 -c "got no certificate request" \
2015 -c "skip write certificate" \
2016 -c "skip write certificate verify" \
2017 -s "skip parse certificate verify"
2019 run_test "SNI: CA no override" \
2020 "$P_SRV debug_level=3 auth_mode=optional \
2021 crt_file=data_files/server5.crt key_file=data_files/server5.key \
2022 ca_file=data_files/test-ca.crt \
2023 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,required" \
2024 "$P_CLI debug_level=3 server_name=localhost \
2025 crt_file=data_files/server6.crt key_file=data_files/server6.key" \
2027 -S "skip write certificate request" \
2028 -C "skip parse certificate request" \
2029 -c "got a certificate request" \
2030 -C "skip write certificate" \
2031 -C "skip write certificate verify" \
2032 -S "skip parse certificate verify" \
2033 -s "x509_verify_cert() returned" \
2034 -s "! The certificate is not correctly signed by the trusted CA" \
2035 -S "The certificate has been revoked (is on a CRL)"
2037 run_test "SNI: CA override" \
2038 "$P_SRV debug_level=3 auth_mode=optional \
2039 crt_file=data_files/server5.crt key_file=data_files/server5.key \
2040 ca_file=data_files/test-ca.crt \
2041 sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,-,required" \
2042 "$P_CLI debug_level=3 server_name=localhost \
2043 crt_file=data_files/server6.crt key_file=data_files/server6.key" \
2045 -S "skip write certificate request" \
2046 -C "skip parse certificate request" \
2047 -c "got a certificate request" \
2048 -C "skip write certificate" \
2049 -C "skip write certificate verify" \
2050 -S "skip parse certificate verify" \
2051 -S "x509_verify_cert() returned" \
2052 -S "! The certificate is not correctly signed by the trusted CA" \
2053 -S "The certificate has been revoked (is on a CRL)"
2055 run_test "SNI: CA override with CRL" \
2056 "$P_SRV debug_level=3 auth_mode=optional \
2057 crt_file=data_files/server5.crt key_file=data_files/server5.key \
2058 ca_file=data_files/test-ca.crt \
2059 sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,data_files/crl-ec-sha256.pem,required" \
2060 "$P_CLI debug_level=3 server_name=localhost \
2061 crt_file=data_files/server6.crt key_file=data_files/server6.key" \
2063 -S "skip write certificate request" \
2064 -C "skip parse certificate request" \
2065 -c "got a certificate request" \
2066 -C "skip write certificate" \
2067 -C "skip write certificate verify" \
2068 -S "skip parse certificate verify" \
2069 -s "x509_verify_cert() returned" \
2070 -S "! The certificate is not correctly signed by the trusted CA" \
2071 -s "The certificate has been revoked (is on a CRL)"
2073 # Tests for non-blocking I/O: exercise a variety of handshake flows
2075 run_test "Non-blocking I/O: basic handshake" \
2076 "$P_SRV nbio=2 tickets=0 auth_mode=none" \
2077 "$P_CLI nbio=2 tickets=0" \
2079 -S "mbedtls_ssl_handshake returned" \
2080 -C "mbedtls_ssl_handshake returned" \
2081 -c "Read from server: .* bytes read"
2083 run_test "Non-blocking I/O: client auth" \
2084 "$P_SRV nbio=2 tickets=0 auth_mode=required" \
2085 "$P_CLI nbio=2 tickets=0" \
2087 -S "mbedtls_ssl_handshake returned" \
2088 -C "mbedtls_ssl_handshake returned" \
2089 -c "Read from server: .* bytes read"
2091 run_test "Non-blocking I/O: ticket" \
2092 "$P_SRV nbio=2 tickets=1 auth_mode=none" \
2093 "$P_CLI nbio=2 tickets=1" \
2095 -S "mbedtls_ssl_handshake returned" \
2096 -C "mbedtls_ssl_handshake returned" \
2097 -c "Read from server: .* bytes read"
2099 run_test "Non-blocking I/O: ticket + client auth" \
2100 "$P_SRV nbio=2 tickets=1 auth_mode=required" \
2101 "$P_CLI nbio=2 tickets=1" \
2103 -S "mbedtls_ssl_handshake returned" \
2104 -C "mbedtls_ssl_handshake returned" \
2105 -c "Read from server: .* bytes read"
2107 run_test "Non-blocking I/O: ticket + client auth + resume" \
2108 "$P_SRV nbio=2 tickets=1 auth_mode=required" \
2109 "$P_CLI nbio=2 tickets=1 reconnect=1" \
2111 -S "mbedtls_ssl_handshake returned" \
2112 -C "mbedtls_ssl_handshake returned" \
2113 -c "Read from server: .* bytes read"
2115 run_test "Non-blocking I/O: ticket + resume" \
2116 "$P_SRV nbio=2 tickets=1 auth_mode=none" \
2117 "$P_CLI nbio=2 tickets=1 reconnect=1" \
2119 -S "mbedtls_ssl_handshake returned" \
2120 -C "mbedtls_ssl_handshake returned" \
2121 -c "Read from server: .* bytes read"
2123 run_test "Non-blocking I/O: session-id resume" \
2124 "$P_SRV nbio=2 tickets=0 auth_mode=none" \
2125 "$P_CLI nbio=2 tickets=0 reconnect=1" \
2127 -S "mbedtls_ssl_handshake returned" \
2128 -C "mbedtls_ssl_handshake returned" \
2129 -c "Read from server: .* bytes read"
2131 # Tests for version negotiation
2133 run_test "Version check: all -> 1.2" \
2137 -S "mbedtls_ssl_handshake returned" \
2138 -C "mbedtls_ssl_handshake returned" \
2139 -s "Protocol is TLSv1.2" \
2140 -c "Protocol is TLSv1.2"
2142 run_test "Version check: cli max 1.1 -> 1.1" \
2144 "$P_CLI max_version=tls1_1" \
2146 -S "mbedtls_ssl_handshake returned" \
2147 -C "mbedtls_ssl_handshake returned" \
2148 -s "Protocol is TLSv1.1" \
2149 -c "Protocol is TLSv1.1"
2151 run_test "Version check: srv max 1.1 -> 1.1" \
2152 "$P_SRV max_version=tls1_1" \
2155 -S "mbedtls_ssl_handshake returned" \
2156 -C "mbedtls_ssl_handshake returned" \
2157 -s "Protocol is TLSv1.1" \
2158 -c "Protocol is TLSv1.1"
2160 run_test "Version check: cli+srv max 1.1 -> 1.1" \
2161 "$P_SRV max_version=tls1_1" \
2162 "$P_CLI max_version=tls1_1" \
2164 -S "mbedtls_ssl_handshake returned" \
2165 -C "mbedtls_ssl_handshake returned" \
2166 -s "Protocol is TLSv1.1" \
2167 -c "Protocol is TLSv1.1"
2169 run_test "Version check: cli max 1.1, srv min 1.1 -> 1.1" \
2170 "$P_SRV min_version=tls1_1" \
2171 "$P_CLI max_version=tls1_1" \
2173 -S "mbedtls_ssl_handshake returned" \
2174 -C "mbedtls_ssl_handshake returned" \
2175 -s "Protocol is TLSv1.1" \
2176 -c "Protocol is TLSv1.1"
2178 run_test "Version check: cli min 1.1, srv max 1.1 -> 1.1" \
2179 "$P_SRV max_version=tls1_1" \
2180 "$P_CLI min_version=tls1_1" \
2182 -S "mbedtls_ssl_handshake returned" \
2183 -C "mbedtls_ssl_handshake returned" \
2184 -s "Protocol is TLSv1.1" \
2185 -c "Protocol is TLSv1.1"
2187 run_test "Version check: cli min 1.2, srv max 1.1 -> fail" \
2188 "$P_SRV max_version=tls1_1" \
2189 "$P_CLI min_version=tls1_2" \
2191 -s "mbedtls_ssl_handshake returned" \
2192 -c "mbedtls_ssl_handshake returned" \
2193 -c "SSL - Handshake protocol not within min/max boundaries"
2195 run_test "Version check: srv min 1.2, cli max 1.1 -> fail" \
2196 "$P_SRV min_version=tls1_2" \
2197 "$P_CLI max_version=tls1_1" \
2199 -s "mbedtls_ssl_handshake returned" \
2200 -c "mbedtls_ssl_handshake returned" \
2201 -s "SSL - Handshake protocol not within min/max boundaries"
2203 # Tests for ALPN extension
2205 run_test "ALPN: none" \
2206 "$P_SRV debug_level=3" \
2207 "$P_CLI debug_level=3" \
2209 -C "client hello, adding alpn extension" \
2210 -S "found alpn extension" \
2211 -C "got an alert message, type: \\[2:120]" \
2212 -S "server hello, adding alpn extension" \
2213 -C "found alpn extension " \
2214 -C "Application Layer Protocol is" \
2215 -S "Application Layer Protocol is"
2217 run_test "ALPN: client only" \
2218 "$P_SRV debug_level=3" \
2219 "$P_CLI debug_level=3 alpn=abc,1234" \
2221 -c "client hello, adding alpn extension" \
2222 -s "found alpn extension" \
2223 -C "got an alert message, type: \\[2:120]" \
2224 -S "server hello, adding alpn extension" \
2225 -C "found alpn extension " \
2226 -c "Application Layer Protocol is (none)" \
2227 -S "Application Layer Protocol is"
2229 run_test "ALPN: server only" \
2230 "$P_SRV debug_level=3 alpn=abc,1234" \
2231 "$P_CLI debug_level=3" \
2233 -C "client hello, adding alpn extension" \
2234 -S "found alpn extension" \
2235 -C "got an alert message, type: \\[2:120]" \
2236 -S "server hello, adding alpn extension" \
2237 -C "found alpn extension " \
2238 -C "Application Layer Protocol is" \
2239 -s "Application Layer Protocol is (none)"
2241 run_test "ALPN: both, common cli1-srv1" \
2242 "$P_SRV debug_level=3 alpn=abc,1234" \
2243 "$P_CLI debug_level=3 alpn=abc,1234" \
2245 -c "client hello, adding alpn extension" \
2246 -s "found alpn extension" \
2247 -C "got an alert message, type: \\[2:120]" \
2248 -s "server hello, adding alpn extension" \
2249 -c "found alpn extension" \
2250 -c "Application Layer Protocol is abc" \
2251 -s "Application Layer Protocol is abc"
2253 run_test "ALPN: both, common cli2-srv1" \
2254 "$P_SRV debug_level=3 alpn=abc,1234" \
2255 "$P_CLI debug_level=3 alpn=1234,abc" \
2257 -c "client hello, adding alpn extension" \
2258 -s "found alpn extension" \
2259 -C "got an alert message, type: \\[2:120]" \
2260 -s "server hello, adding alpn extension" \
2261 -c "found alpn extension" \
2262 -c "Application Layer Protocol is abc" \
2263 -s "Application Layer Protocol is abc"
2265 run_test "ALPN: both, common cli1-srv2" \
2266 "$P_SRV debug_level=3 alpn=abc,1234" \
2267 "$P_CLI debug_level=3 alpn=1234,abcde" \
2269 -c "client hello, adding alpn extension" \
2270 -s "found alpn extension" \
2271 -C "got an alert message, type: \\[2:120]" \
2272 -s "server hello, adding alpn extension" \
2273 -c "found alpn extension" \
2274 -c "Application Layer Protocol is 1234" \
2275 -s "Application Layer Protocol is 1234"
2277 run_test "ALPN: both, no common" \
2278 "$P_SRV debug_level=3 alpn=abc,123" \
2279 "$P_CLI debug_level=3 alpn=1234,abcde" \
2281 -c "client hello, adding alpn extension" \
2282 -s "found alpn extension" \
2283 -c "got an alert message, type: \\[2:120]" \
2284 -S "server hello, adding alpn extension" \
2285 -C "found alpn extension" \
2286 -C "Application Layer Protocol is 1234" \
2287 -S "Application Layer Protocol is 1234"
2290 # Tests for keyUsage in leaf certificates, part 1:
2291 # server-side certificate/suite selection
2293 run_test "keyUsage srv: RSA, digitalSignature -> (EC)DHE-RSA" \
2294 "$P_SRV key_file=data_files/server2.key \
2295 crt_file=data_files/server2.ku-ds.crt" \
2298 -c "Ciphersuite is TLS-[EC]*DHE-RSA-WITH-"
2301 run_test "keyUsage srv: RSA, keyEncipherment -> RSA" \
2302 "$P_SRV key_file=data_files/server2.key \
2303 crt_file=data_files/server2.ku-ke.crt" \
2306 -c "Ciphersuite is TLS-RSA-WITH-"
2308 run_test "keyUsage srv: RSA, keyAgreement -> fail" \
2309 "$P_SRV key_file=data_files/server2.key \
2310 crt_file=data_files/server2.ku-ka.crt" \
2313 -C "Ciphersuite is "
2315 run_test "keyUsage srv: ECDSA, digitalSignature -> ECDHE-ECDSA" \
2316 "$P_SRV key_file=data_files/server5.key \
2317 crt_file=data_files/server5.ku-ds.crt" \
2320 -c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-"
2323 run_test "keyUsage srv: ECDSA, keyAgreement -> ECDH-" \
2324 "$P_SRV key_file=data_files/server5.key \
2325 crt_file=data_files/server5.ku-ka.crt" \
2328 -c "Ciphersuite is TLS-ECDH-"
2330 run_test "keyUsage srv: ECDSA, keyEncipherment -> fail" \
2331 "$P_SRV key_file=data_files/server5.key \
2332 crt_file=data_files/server5.ku-ke.crt" \
2335 -C "Ciphersuite is "
2337 # Tests for keyUsage in leaf certificates, part 2:
2338 # client-side checking of server cert
2340 run_test "keyUsage cli: DigitalSignature+KeyEncipherment, RSA: OK" \
2341 "$O_SRV -key data_files/server2.key \
2342 -cert data_files/server2.ku-ds_ke.crt" \
2343 "$P_CLI debug_level=1 \
2344 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
2346 -C "bad certificate (usage extensions)" \
2347 -C "Processing of the Certificate handshake message failed" \
2348 -c "Ciphersuite is TLS-"
2350 run_test "keyUsage cli: DigitalSignature+KeyEncipherment, DHE-RSA: OK" \
2351 "$O_SRV -key data_files/server2.key \
2352 -cert data_files/server2.ku-ds_ke.crt" \
2353 "$P_CLI debug_level=1 \
2354 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
2356 -C "bad certificate (usage extensions)" \
2357 -C "Processing of the Certificate handshake message failed" \
2358 -c "Ciphersuite is TLS-"
2360 run_test "keyUsage cli: KeyEncipherment, RSA: OK" \
2361 "$O_SRV -key data_files/server2.key \
2362 -cert data_files/server2.ku-ke.crt" \
2363 "$P_CLI debug_level=1 \
2364 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
2366 -C "bad certificate (usage extensions)" \
2367 -C "Processing of the Certificate handshake message failed" \
2368 -c "Ciphersuite is TLS-"
2370 run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail" \
2371 "$O_SRV -key data_files/server2.key \
2372 -cert data_files/server2.ku-ke.crt" \
2373 "$P_CLI debug_level=1 \
2374 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
2376 -c "bad certificate (usage extensions)" \
2377 -c "Processing of the Certificate handshake message failed" \
2378 -C "Ciphersuite is TLS-"
2380 run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail, soft" \
2381 "$O_SRV -key data_files/server2.key \
2382 -cert data_files/server2.ku-ke.crt" \
2383 "$P_CLI debug_level=1 auth_mode=optional \
2384 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
2386 -c "bad certificate (usage extensions)" \
2387 -C "Processing of the Certificate handshake message failed" \
2388 -c "Ciphersuite is TLS-" \
2389 -c "! Usage does not match the keyUsage extension"
2391 run_test "keyUsage cli: DigitalSignature, DHE-RSA: OK" \
2392 "$O_SRV -key data_files/server2.key \
2393 -cert data_files/server2.ku-ds.crt" \
2394 "$P_CLI debug_level=1 \
2395 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
2397 -C "bad certificate (usage extensions)" \
2398 -C "Processing of the Certificate handshake message failed" \
2399 -c "Ciphersuite is TLS-"
2401 run_test "keyUsage cli: DigitalSignature, RSA: fail" \
2402 "$O_SRV -key data_files/server2.key \
2403 -cert data_files/server2.ku-ds.crt" \
2404 "$P_CLI debug_level=1 \
2405 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
2407 -c "bad certificate (usage extensions)" \
2408 -c "Processing of the Certificate handshake message failed" \
2409 -C "Ciphersuite is TLS-"
2411 run_test "keyUsage cli: DigitalSignature, RSA: fail, soft" \
2412 "$O_SRV -key data_files/server2.key \
2413 -cert data_files/server2.ku-ds.crt" \
2414 "$P_CLI debug_level=1 auth_mode=optional \
2415 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
2417 -c "bad certificate (usage extensions)" \
2418 -C "Processing of the Certificate handshake message failed" \
2419 -c "Ciphersuite is TLS-" \
2420 -c "! Usage does not match the keyUsage extension"
2422 # Tests for keyUsage in leaf certificates, part 3:
2423 # server-side checking of client cert
2425 run_test "keyUsage cli-auth: RSA, DigitalSignature: OK" \
2426 "$P_SRV debug_level=1 auth_mode=optional" \
2427 "$O_CLI -key data_files/server2.key \
2428 -cert data_files/server2.ku-ds.crt" \
2430 -S "bad certificate (usage extensions)" \
2431 -S "Processing of the Certificate handshake message failed"
2433 run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (soft)" \
2434 "$P_SRV debug_level=1 auth_mode=optional" \
2435 "$O_CLI -key data_files/server2.key \
2436 -cert data_files/server2.ku-ke.crt" \
2438 -s "bad certificate (usage extensions)" \
2439 -S "Processing of the Certificate handshake message failed"
2441 run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (hard)" \
2442 "$P_SRV debug_level=1 auth_mode=required" \
2443 "$O_CLI -key data_files/server2.key \
2444 -cert data_files/server2.ku-ke.crt" \
2446 -s "bad certificate (usage extensions)" \
2447 -s "Processing of the Certificate handshake message failed"
2449 run_test "keyUsage cli-auth: ECDSA, DigitalSignature: OK" \
2450 "$P_SRV debug_level=1 auth_mode=optional" \
2451 "$O_CLI -key data_files/server5.key \
2452 -cert data_files/server5.ku-ds.crt" \
2454 -S "bad certificate (usage extensions)" \
2455 -S "Processing of the Certificate handshake message failed"
2457 run_test "keyUsage cli-auth: ECDSA, KeyAgreement: fail (soft)" \
2458 "$P_SRV debug_level=1 auth_mode=optional" \
2459 "$O_CLI -key data_files/server5.key \
2460 -cert data_files/server5.ku-ka.crt" \
2462 -s "bad certificate (usage extensions)" \
2463 -S "Processing of the Certificate handshake message failed"
2465 # Tests for extendedKeyUsage, part 1: server-side certificate/suite selection
2467 run_test "extKeyUsage srv: serverAuth -> OK" \
2468 "$P_SRV key_file=data_files/server5.key \
2469 crt_file=data_files/server5.eku-srv.crt" \
2473 run_test "extKeyUsage srv: serverAuth,clientAuth -> OK" \
2474 "$P_SRV key_file=data_files/server5.key \
2475 crt_file=data_files/server5.eku-srv.crt" \
2479 run_test "extKeyUsage srv: codeSign,anyEKU -> OK" \
2480 "$P_SRV key_file=data_files/server5.key \
2481 crt_file=data_files/server5.eku-cs_any.crt" \
2485 run_test "extKeyUsage srv: codeSign -> fail" \
2486 "$P_SRV key_file=data_files/server5.key \
2487 crt_file=data_files/server5.eku-cli.crt" \
2491 # Tests for extendedKeyUsage, part 2: client-side checking of server cert
2493 run_test "extKeyUsage cli: serverAuth -> OK" \
2494 "$O_SRV -key data_files/server5.key \
2495 -cert data_files/server5.eku-srv.crt" \
2496 "$P_CLI debug_level=1" \
2498 -C "bad certificate (usage extensions)" \
2499 -C "Processing of the Certificate handshake message failed" \
2500 -c "Ciphersuite is TLS-"
2502 run_test "extKeyUsage cli: serverAuth,clientAuth -> OK" \
2503 "$O_SRV -key data_files/server5.key \
2504 -cert data_files/server5.eku-srv_cli.crt" \
2505 "$P_CLI debug_level=1" \
2507 -C "bad certificate (usage extensions)" \
2508 -C "Processing of the Certificate handshake message failed" \
2509 -c "Ciphersuite is TLS-"
2511 run_test "extKeyUsage cli: codeSign,anyEKU -> OK" \
2512 "$O_SRV -key data_files/server5.key \
2513 -cert data_files/server5.eku-cs_any.crt" \
2514 "$P_CLI debug_level=1" \
2516 -C "bad certificate (usage extensions)" \
2517 -C "Processing of the Certificate handshake message failed" \
2518 -c "Ciphersuite is TLS-"
2520 run_test "extKeyUsage cli: codeSign -> fail" \
2521 "$O_SRV -key data_files/server5.key \
2522 -cert data_files/server5.eku-cs.crt" \
2523 "$P_CLI debug_level=1" \
2525 -c "bad certificate (usage extensions)" \
2526 -c "Processing of the Certificate handshake message failed" \
2527 -C "Ciphersuite is TLS-"
2529 # Tests for extendedKeyUsage, part 3: server-side checking of client cert
2531 run_test "extKeyUsage cli-auth: clientAuth -> OK" \
2532 "$P_SRV debug_level=1 auth_mode=optional" \
2533 "$O_CLI -key data_files/server5.key \
2534 -cert data_files/server5.eku-cli.crt" \
2536 -S "bad certificate (usage extensions)" \
2537 -S "Processing of the Certificate handshake message failed"
2539 run_test "extKeyUsage cli-auth: serverAuth,clientAuth -> OK" \
2540 "$P_SRV debug_level=1 auth_mode=optional" \
2541 "$O_CLI -key data_files/server5.key \
2542 -cert data_files/server5.eku-srv_cli.crt" \
2544 -S "bad certificate (usage extensions)" \
2545 -S "Processing of the Certificate handshake message failed"
2547 run_test "extKeyUsage cli-auth: codeSign,anyEKU -> OK" \
2548 "$P_SRV debug_level=1 auth_mode=optional" \
2549 "$O_CLI -key data_files/server5.key \
2550 -cert data_files/server5.eku-cs_any.crt" \
2552 -S "bad certificate (usage extensions)" \
2553 -S "Processing of the Certificate handshake message failed"
2555 run_test "extKeyUsage cli-auth: codeSign -> fail (soft)" \
2556 "$P_SRV debug_level=1 auth_mode=optional" \
2557 "$O_CLI -key data_files/server5.key \
2558 -cert data_files/server5.eku-cs.crt" \
2560 -s "bad certificate (usage extensions)" \
2561 -S "Processing of the Certificate handshake message failed"
2563 run_test "extKeyUsage cli-auth: codeSign -> fail (hard)" \
2564 "$P_SRV debug_level=1 auth_mode=required" \
2565 "$O_CLI -key data_files/server5.key \
2566 -cert data_files/server5.eku-cs.crt" \
2568 -s "bad certificate (usage extensions)" \
2569 -s "Processing of the Certificate handshake message failed"
2571 # Tests for DHM parameters loading
2573 run_test "DHM parameters: reference" \
2575 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
2578 -c "value of 'DHM: P ' (2048 bits)" \
2579 -c "value of 'DHM: G ' (2048 bits)"
2581 run_test "DHM parameters: other parameters" \
2582 "$P_SRV dhm_file=data_files/dhparams.pem" \
2583 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
2586 -c "value of 'DHM: P ' (1024 bits)" \
2587 -c "value of 'DHM: G ' (2 bits)"
2589 # Tests for DHM client-side size checking
2591 run_test "DHM size: server default, client default, OK" \
2593 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
2596 -C "DHM prime too short:"
2598 run_test "DHM size: server default, client 2048, OK" \
2600 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
2601 debug_level=1 dhmlen=2048" \
2603 -C "DHM prime too short:"
2605 run_test "DHM size: server 1024, client default, OK" \
2606 "$P_SRV dhm_file=data_files/dhparams.pem" \
2607 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
2610 -C "DHM prime too short:"
2612 run_test "DHM size: server 1000, client default, rejected" \
2613 "$P_SRV dhm_file=data_files/dh.1000.pem" \
2614 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
2617 -c "DHM prime too short:"
2619 run_test "DHM size: server default, client 2049, rejected" \
2621 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
2622 debug_level=1 dhmlen=2049" \
2624 -c "DHM prime too short:"
2626 # Tests for PSK callback
2628 run_test "PSK callback: psk, no callback" \
2629 "$P_SRV psk=abc123 psk_identity=foo" \
2630 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
2631 psk_identity=foo psk=abc123" \
2633 -S "SSL - None of the common ciphersuites is usable" \
2634 -S "SSL - Unknown identity received" \
2635 -S "SSL - Verification of the message MAC failed"
2637 run_test "PSK callback: no psk, no callback" \
2639 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
2640 psk_identity=foo psk=abc123" \
2642 -s "SSL - None of the common ciphersuites is usable" \
2643 -S "SSL - Unknown identity received" \
2644 -S "SSL - Verification of the message MAC failed"
2646 run_test "PSK callback: callback overrides other settings" \
2647 "$P_SRV psk=abc123 psk_identity=foo psk_list=abc,dead,def,beef" \
2648 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
2649 psk_identity=foo psk=abc123" \
2651 -S "SSL - None of the common ciphersuites is usable" \
2652 -s "SSL - Unknown identity received" \
2653 -S "SSL - Verification of the message MAC failed"
2655 run_test "PSK callback: first id matches" \
2656 "$P_SRV psk_list=abc,dead,def,beef" \
2657 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
2658 psk_identity=abc psk=dead" \
2660 -S "SSL - None of the common ciphersuites is usable" \
2661 -S "SSL - Unknown identity received" \
2662 -S "SSL - Verification of the message MAC failed"
2664 run_test "PSK callback: second id matches" \
2665 "$P_SRV psk_list=abc,dead,def,beef" \
2666 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
2667 psk_identity=def psk=beef" \
2669 -S "SSL - None of the common ciphersuites is usable" \
2670 -S "SSL - Unknown identity received" \
2671 -S "SSL - Verification of the message MAC failed"
2673 run_test "PSK callback: no match" \
2674 "$P_SRV psk_list=abc,dead,def,beef" \
2675 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
2676 psk_identity=ghi psk=beef" \
2678 -S "SSL - None of the common ciphersuites is usable" \
2679 -s "SSL - Unknown identity received" \
2680 -S "SSL - Verification of the message MAC failed"
2682 run_test "PSK callback: wrong key" \
2683 "$P_SRV psk_list=abc,dead,def,beef" \
2684 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
2685 psk_identity=abc psk=beef" \
2687 -S "SSL - None of the common ciphersuites is usable" \
2688 -S "SSL - Unknown identity received" \
2689 -s "SSL - Verification of the message MAC failed"
2691 # Tests for EC J-PAKE
2693 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
2694 run_test "ECJPAKE: client not configured" \
2695 "$P_SRV debug_level=3" \
2696 "$P_CLI debug_level=3" \
2698 -C "add ciphersuite: c0ff" \
2699 -C "adding ecjpake_kkpp extension" \
2700 -S "found ecjpake kkpp extension" \
2701 -S "skip ecjpake kkpp extension" \
2702 -S "ciphersuite mismatch: ecjpake not configured" \
2703 -S "server hello, ecjpake kkpp extension" \
2704 -C "found ecjpake_kkpp extension" \
2705 -S "None of the common ciphersuites is usable"
2707 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
2708 run_test "ECJPAKE: server not configured" \
2709 "$P_SRV debug_level=3" \
2710 "$P_CLI debug_level=3 ecjpake_pw=bla \
2711 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
2713 -c "add ciphersuite: c0ff" \
2714 -c "adding ecjpake_kkpp extension" \
2715 -s "found ecjpake kkpp extension" \
2716 -s "skip ecjpake kkpp extension" \
2717 -s "ciphersuite mismatch: ecjpake not configured" \
2718 -S "server hello, ecjpake kkpp extension" \
2719 -C "found ecjpake_kkpp extension" \
2720 -s "None of the common ciphersuites is usable"
2722 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
2723 run_test "ECJPAKE: working, TLS" \
2724 "$P_SRV debug_level=3 ecjpake_pw=bla" \
2725 "$P_CLI debug_level=3 ecjpake_pw=bla \
2726 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
2728 -c "add ciphersuite: c0ff" \
2729 -c "adding ecjpake_kkpp extension" \
2730 -C "re-using cached ecjpake parameters" \
2731 -s "found ecjpake kkpp extension" \
2732 -S "skip ecjpake kkpp extension" \
2733 -S "ciphersuite mismatch: ecjpake not configured" \
2734 -s "server hello, ecjpake kkpp extension" \
2735 -c "found ecjpake_kkpp extension" \
2736 -S "None of the common ciphersuites is usable" \
2737 -S "SSL - Verification of the message MAC failed"
2739 server_needs_more_time 1
2740 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
2741 run_test "ECJPAKE: password mismatch, TLS" \
2742 "$P_SRV debug_level=3 ecjpake_pw=bla" \
2743 "$P_CLI debug_level=3 ecjpake_pw=bad \
2744 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
2746 -C "re-using cached ecjpake parameters" \
2747 -s "SSL - Verification of the message MAC failed"
2749 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
2750 run_test "ECJPAKE: working, DTLS" \
2751 "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \
2752 "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \
2753 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
2755 -c "re-using cached ecjpake parameters" \
2756 -S "SSL - Verification of the message MAC failed"
2758 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
2759 run_test "ECJPAKE: working, DTLS, no cookie" \
2760 "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla cookies=0" \
2761 "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \
2762 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
2764 -C "re-using cached ecjpake parameters" \
2765 -S "SSL - Verification of the message MAC failed"
2767 server_needs_more_time 1
2768 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
2769 run_test "ECJPAKE: password mismatch, DTLS" \
2770 "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \
2771 "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bad \
2772 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
2774 -c "re-using cached ecjpake parameters" \
2775 -s "SSL - Verification of the message MAC failed"
2777 # for tests with configs/config-thread.h
2778 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
2779 run_test "ECJPAKE: working, DTLS, nolog" \
2780 "$P_SRV dtls=1 ecjpake_pw=bla" \
2781 "$P_CLI dtls=1 ecjpake_pw=bla \
2782 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
2785 # Tests for ciphersuites per version
2787 requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
2788 run_test "Per-version suites: SSL3" \
2789 "$P_SRV min_version=ssl3 version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
2790 "$P_CLI force_version=ssl3" \
2792 -c "Ciphersuite is TLS-RSA-WITH-3DES-EDE-CBC-SHA"
2794 run_test "Per-version suites: TLS 1.0" \
2795 "$P_SRV arc4=1 version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
2796 "$P_CLI force_version=tls1 arc4=1" \
2798 -c "Ciphersuite is TLS-RSA-WITH-AES-256-CBC-SHA"
2800 run_test "Per-version suites: TLS 1.1" \
2801 "$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
2802 "$P_CLI force_version=tls1_1" \
2804 -c "Ciphersuite is TLS-RSA-WITH-AES-128-CBC-SHA"
2806 run_test "Per-version suites: TLS 1.2" \
2807 "$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
2808 "$P_CLI force_version=tls1_2" \
2810 -c "Ciphersuite is TLS-RSA-WITH-AES-128-GCM-SHA256"
2812 # Test for ClientHello without extensions
2815 run_test "ClientHello without extensions" \
2816 "$P_SRV debug_level=3" \
2817 "$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION" \
2819 -s "dumping 'client hello extensions' (0 bytes)"
2821 # Tests for mbedtls_ssl_get_bytes_avail()
2823 run_test "mbedtls_ssl_get_bytes_avail: no extra data" \
2825 "$P_CLI request_size=100" \
2827 -s "Read from client: 100 bytes read$"
2829 run_test "mbedtls_ssl_get_bytes_avail: extra data" \
2831 "$P_CLI request_size=500" \
2833 -s "Read from client: 500 bytes read (.*+.*)"
2835 # Tests for small packets
2837 requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
2838 run_test "Small packet SSLv3 BlockCipher" \
2839 "$P_SRV min_version=ssl3" \
2840 "$P_CLI request_size=1 force_version=ssl3 \
2841 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
2843 -s "Read from client: 1 bytes read"
2845 requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
2846 run_test "Small packet SSLv3 StreamCipher" \
2847 "$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
2848 "$P_CLI request_size=1 force_version=ssl3 \
2849 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
2851 -s "Read from client: 1 bytes read"
2853 run_test "Small packet TLS 1.0 BlockCipher" \
2855 "$P_CLI request_size=1 force_version=tls1 \
2856 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
2858 -s "Read from client: 1 bytes read"
2860 run_test "Small packet TLS 1.0 BlockCipher without EtM" \
2862 "$P_CLI request_size=1 force_version=tls1 etm=0 \
2863 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
2865 -s "Read from client: 1 bytes read"
2867 run_test "Small packet TLS 1.0 BlockCipher truncated MAC" \
2869 "$P_CLI request_size=1 force_version=tls1 \
2870 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
2873 -s "Read from client: 1 bytes read"
2875 run_test "Small packet TLS 1.0 StreamCipher truncated MAC" \
2876 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
2877 "$P_CLI request_size=1 force_version=tls1 \
2878 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
2881 -s "Read from client: 1 bytes read"
2883 run_test "Small packet TLS 1.1 BlockCipher" \
2885 "$P_CLI request_size=1 force_version=tls1_1 \
2886 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
2888 -s "Read from client: 1 bytes read"
2890 run_test "Small packet TLS 1.1 BlockCipher without EtM" \
2892 "$P_CLI request_size=1 force_version=tls1_1 etm=0 \
2893 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
2895 -s "Read from client: 1 bytes read"
2897 run_test "Small packet TLS 1.1 StreamCipher" \
2898 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
2899 "$P_CLI request_size=1 force_version=tls1_1 \
2900 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
2902 -s "Read from client: 1 bytes read"
2904 run_test "Small packet TLS 1.1 BlockCipher truncated MAC" \
2906 "$P_CLI request_size=1 force_version=tls1_1 \
2907 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
2910 -s "Read from client: 1 bytes read"
2912 run_test "Small packet TLS 1.1 StreamCipher truncated MAC" \
2913 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
2914 "$P_CLI request_size=1 force_version=tls1_1 \
2915 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
2918 -s "Read from client: 1 bytes read"
2920 run_test "Small packet TLS 1.2 BlockCipher" \
2922 "$P_CLI request_size=1 force_version=tls1_2 \
2923 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
2925 -s "Read from client: 1 bytes read"
2927 run_test "Small packet TLS 1.2 BlockCipher without EtM" \
2929 "$P_CLI request_size=1 force_version=tls1_2 etm=0 \
2930 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
2932 -s "Read from client: 1 bytes read"
2934 run_test "Small packet TLS 1.2 BlockCipher larger MAC" \
2936 "$P_CLI request_size=1 force_version=tls1_2 \
2937 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
2939 -s "Read from client: 1 bytes read"
2941 run_test "Small packet TLS 1.2 BlockCipher truncated MAC" \
2943 "$P_CLI request_size=1 force_version=tls1_2 \
2944 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
2947 -s "Read from client: 1 bytes read"
2949 run_test "Small packet TLS 1.2 StreamCipher" \
2950 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
2951 "$P_CLI request_size=1 force_version=tls1_2 \
2952 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
2954 -s "Read from client: 1 bytes read"
2956 run_test "Small packet TLS 1.2 StreamCipher truncated MAC" \
2957 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
2958 "$P_CLI request_size=1 force_version=tls1_2 \
2959 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
2962 -s "Read from client: 1 bytes read"
2964 run_test "Small packet TLS 1.2 AEAD" \
2966 "$P_CLI request_size=1 force_version=tls1_2 \
2967 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
2969 -s "Read from client: 1 bytes read"
2971 run_test "Small packet TLS 1.2 AEAD shorter tag" \
2973 "$P_CLI request_size=1 force_version=tls1_2 \
2974 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
2976 -s "Read from client: 1 bytes read"
2978 # A test for extensions in SSLv3
2980 requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
2981 run_test "SSLv3 with extensions, server side" \
2982 "$P_SRV min_version=ssl3 debug_level=3" \
2983 "$P_CLI force_version=ssl3 tickets=1 max_frag_len=4096 alpn=abc,1234" \
2985 -S "dumping 'client hello extensions'" \
2986 -S "server hello, total extension length:"
2988 # Test for large packets
2990 requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
2991 run_test "Large packet SSLv3 BlockCipher" \
2992 "$P_SRV min_version=ssl3" \
2993 "$P_CLI request_size=16384 force_version=ssl3 recsplit=0 \
2994 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
2996 -s "Read from client: 16384 bytes read"
2998 requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
2999 run_test "Large packet SSLv3 StreamCipher" \
3000 "$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
3001 "$P_CLI request_size=16384 force_version=ssl3 \
3002 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
3004 -s "Read from client: 16384 bytes read"
3006 run_test "Large packet TLS 1.0 BlockCipher" \
3008 "$P_CLI request_size=16384 force_version=tls1 recsplit=0 \
3009 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
3011 -s "Read from client: 16384 bytes read"
3013 run_test "Large packet TLS 1.0 BlockCipher truncated MAC" \
3015 "$P_CLI request_size=16384 force_version=tls1 recsplit=0 \
3016 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
3019 -s "Read from client: 16384 bytes read"
3021 run_test "Large packet TLS 1.0 StreamCipher truncated MAC" \
3022 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
3023 "$P_CLI request_size=16384 force_version=tls1 \
3024 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
3027 -s "Read from client: 16384 bytes read"
3029 run_test "Large packet TLS 1.1 BlockCipher" \
3031 "$P_CLI request_size=16384 force_version=tls1_1 \
3032 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
3034 -s "Read from client: 16384 bytes read"
3036 run_test "Large packet TLS 1.1 StreamCipher" \
3037 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
3038 "$P_CLI request_size=16384 force_version=tls1_1 \
3039 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
3041 -s "Read from client: 16384 bytes read"
3043 run_test "Large packet TLS 1.1 BlockCipher truncated MAC" \
3045 "$P_CLI request_size=16384 force_version=tls1_1 \
3046 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
3049 -s "Read from client: 16384 bytes read"
3051 run_test "Large packet TLS 1.1 StreamCipher truncated MAC" \
3052 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
3053 "$P_CLI request_size=16384 force_version=tls1_1 \
3054 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
3057 -s "Read from client: 16384 bytes read"
3059 run_test "Large packet TLS 1.2 BlockCipher" \
3061 "$P_CLI request_size=16384 force_version=tls1_2 \
3062 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
3064 -s "Read from client: 16384 bytes read"
3066 run_test "Large packet TLS 1.2 BlockCipher larger MAC" \
3068 "$P_CLI request_size=16384 force_version=tls1_2 \
3069 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
3071 -s "Read from client: 16384 bytes read"
3073 run_test "Large packet TLS 1.2 BlockCipher truncated MAC" \
3075 "$P_CLI request_size=16384 force_version=tls1_2 \
3076 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
3079 -s "Read from client: 16384 bytes read"
3081 run_test "Large packet TLS 1.2 StreamCipher" \
3082 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
3083 "$P_CLI request_size=16384 force_version=tls1_2 \
3084 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
3086 -s "Read from client: 16384 bytes read"
3088 run_test "Large packet TLS 1.2 StreamCipher truncated MAC" \
3089 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
3090 "$P_CLI request_size=16384 force_version=tls1_2 \
3091 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
3094 -s "Read from client: 16384 bytes read"
3096 run_test "Large packet TLS 1.2 AEAD" \
3098 "$P_CLI request_size=16384 force_version=tls1_2 \
3099 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
3101 -s "Read from client: 16384 bytes read"
3103 run_test "Large packet TLS 1.2 AEAD shorter tag" \
3105 "$P_CLI request_size=16384 force_version=tls1_2 \
3106 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
3108 -s "Read from client: 16384 bytes read"
3110 # Tests for DTLS HelloVerifyRequest
3112 run_test "DTLS cookie: enabled" \
3113 "$P_SRV dtls=1 debug_level=2" \
3114 "$P_CLI dtls=1 debug_level=2" \
3116 -s "cookie verification failed" \
3117 -s "cookie verification passed" \
3118 -S "cookie verification skipped" \
3119 -c "received hello verify request" \
3120 -s "hello verification requested" \
3121 -S "SSL - The requested feature is not available"
3123 run_test "DTLS cookie: disabled" \
3124 "$P_SRV dtls=1 debug_level=2 cookies=0" \
3125 "$P_CLI dtls=1 debug_level=2" \
3127 -S "cookie verification failed" \
3128 -S "cookie verification passed" \
3129 -s "cookie verification skipped" \
3130 -C "received hello verify request" \
3131 -S "hello verification requested" \
3132 -S "SSL - The requested feature is not available"
3134 run_test "DTLS cookie: default (failing)" \
3135 "$P_SRV dtls=1 debug_level=2 cookies=-1" \
3136 "$P_CLI dtls=1 debug_level=2 hs_timeout=100-400" \
3138 -s "cookie verification failed" \
3139 -S "cookie verification passed" \
3140 -S "cookie verification skipped" \
3141 -C "received hello verify request" \
3142 -S "hello verification requested" \
3143 -s "SSL - The requested feature is not available"
3146 run_test "DTLS cookie: enabled, IPv6" \
3147 "$P_SRV dtls=1 debug_level=2 server_addr=::1" \
3148 "$P_CLI dtls=1 debug_level=2 server_addr=::1" \
3150 -s "cookie verification failed" \
3151 -s "cookie verification passed" \
3152 -S "cookie verification skipped" \
3153 -c "received hello verify request" \
3154 -s "hello verification requested" \
3155 -S "SSL - The requested feature is not available"
3157 run_test "DTLS cookie: enabled, nbio" \
3158 "$P_SRV dtls=1 nbio=2 debug_level=2" \
3159 "$P_CLI dtls=1 nbio=2 debug_level=2" \
3161 -s "cookie verification failed" \
3162 -s "cookie verification passed" \
3163 -S "cookie verification skipped" \
3164 -c "received hello verify request" \
3165 -s "hello verification requested" \
3166 -S "SSL - The requested feature is not available"
3168 # Tests for client reconnecting from the same port with DTLS
3170 not_with_valgrind # spurious resend
3171 run_test "DTLS client reconnect from same port: reference" \
3172 "$P_SRV dtls=1 exchanges=2 read_timeout=1000" \
3173 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000" \
3176 -S "The operation timed out" \
3177 -S "Client initiated reconnection from same port"
3179 not_with_valgrind # spurious resend
3180 run_test "DTLS client reconnect from same port: reconnect" \
3181 "$P_SRV dtls=1 exchanges=2 read_timeout=1000" \
3182 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000 reconnect_hard=1" \
3185 -S "The operation timed out" \
3186 -s "Client initiated reconnection from same port"
3188 not_with_valgrind # server/client too slow to respond in time (next test has higher timeouts)
3189 run_test "DTLS client reconnect from same port: reconnect, nbio, no valgrind" \
3190 "$P_SRV dtls=1 exchanges=2 read_timeout=1000 nbio=2" \
3191 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000 reconnect_hard=1" \
3193 -S "The operation timed out" \
3194 -s "Client initiated reconnection from same port"
3196 only_with_valgrind # Only with valgrind, do previous test but with higher read_timeout and hs_timeout
3197 run_test "DTLS client reconnect from same port: reconnect, nbio, valgrind" \
3198 "$P_SRV dtls=1 exchanges=2 read_timeout=2000 nbio=2 hs_timeout=1500-6000" \
3199 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=1500-3000 reconnect_hard=1" \
3201 -S "The operation timed out" \
3202 -s "Client initiated reconnection from same port"
3204 run_test "DTLS client reconnect from same port: no cookies" \
3205 "$P_SRV dtls=1 exchanges=2 read_timeout=1000 cookies=0" \
3206 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-8000 reconnect_hard=1" \
3208 -s "The operation timed out" \
3209 -S "Client initiated reconnection from same port"
3211 # Tests for various cases of client authentication with DTLS
3212 # (focused on handshake flows and message parsing)
3214 run_test "DTLS client auth: required" \
3215 "$P_SRV dtls=1 auth_mode=required" \
3218 -s "Verifying peer X.509 certificate... ok"
3220 run_test "DTLS client auth: optional, client has no cert" \
3221 "$P_SRV dtls=1 auth_mode=optional" \
3222 "$P_CLI dtls=1 crt_file=none key_file=none" \
3224 -s "! Certificate was missing"
3226 run_test "DTLS client auth: none, client has no cert" \
3227 "$P_SRV dtls=1 auth_mode=none" \
3228 "$P_CLI dtls=1 crt_file=none key_file=none debug_level=2" \
3230 -c "skip write certificate$" \
3231 -s "! Certificate verification was skipped"
3233 run_test "DTLS wrong PSK: badmac alert" \
3234 "$P_SRV dtls=1 psk=abc123 force_ciphersuite=TLS-PSK-WITH-AES-128-GCM-SHA256" \
3235 "$P_CLI dtls=1 psk=abc124" \
3237 -s "SSL - Verification of the message MAC failed" \
3238 -c "SSL - A fatal alert message was received from our peer"
3240 # Tests for receiving fragmented handshake messages with DTLS
3243 run_test "DTLS reassembly: no fragmentation (gnutls server)" \
3244 "$G_SRV -u --mtu 2048 -a" \
3245 "$P_CLI dtls=1 debug_level=2" \
3247 -C "found fragmented DTLS handshake message" \
3251 run_test "DTLS reassembly: some fragmentation (gnutls server)" \
3252 "$G_SRV -u --mtu 512" \
3253 "$P_CLI dtls=1 debug_level=2" \
3255 -c "found fragmented DTLS handshake message" \
3259 run_test "DTLS reassembly: more fragmentation (gnutls server)" \
3260 "$G_SRV -u --mtu 128" \
3261 "$P_CLI dtls=1 debug_level=2" \
3263 -c "found fragmented DTLS handshake message" \
3267 run_test "DTLS reassembly: more fragmentation, nbio (gnutls server)" \
3268 "$G_SRV -u --mtu 128" \
3269 "$P_CLI dtls=1 nbio=2 debug_level=2" \
3271 -c "found fragmented DTLS handshake message" \
3275 run_test "DTLS reassembly: fragmentation, renego (gnutls server)" \
3276 "$G_SRV -u --mtu 256" \
3277 "$P_CLI debug_level=3 dtls=1 renegotiation=1 renegotiate=1" \
3279 -c "found fragmented DTLS handshake message" \
3280 -c "client hello, adding renegotiation extension" \
3281 -c "found renegotiation extension" \
3282 -c "=> renegotiate" \
3283 -C "mbedtls_ssl_handshake returned" \
3288 run_test "DTLS reassembly: fragmentation, nbio, renego (gnutls server)" \
3289 "$G_SRV -u --mtu 256" \
3290 "$P_CLI debug_level=3 nbio=2 dtls=1 renegotiation=1 renegotiate=1" \
3292 -c "found fragmented DTLS handshake message" \
3293 -c "client hello, adding renegotiation extension" \
3294 -c "found renegotiation extension" \
3295 -c "=> renegotiate" \
3296 -C "mbedtls_ssl_handshake returned" \
3300 run_test "DTLS reassembly: no fragmentation (openssl server)" \
3301 "$O_SRV -dtls1 -mtu 2048" \
3302 "$P_CLI dtls=1 debug_level=2" \
3304 -C "found fragmented DTLS handshake message" \
3307 run_test "DTLS reassembly: some fragmentation (openssl server)" \
3308 "$O_SRV -dtls1 -mtu 768" \
3309 "$P_CLI dtls=1 debug_level=2" \
3311 -c "found fragmented DTLS handshake message" \
3314 run_test "DTLS reassembly: more fragmentation (openssl server)" \
3315 "$O_SRV -dtls1 -mtu 256" \
3316 "$P_CLI dtls=1 debug_level=2" \
3318 -c "found fragmented DTLS handshake message" \
3321 run_test "DTLS reassembly: fragmentation, nbio (openssl server)" \
3322 "$O_SRV -dtls1 -mtu 256" \
3323 "$P_CLI dtls=1 nbio=2 debug_level=2" \
3325 -c "found fragmented DTLS handshake message" \
3328 # Tests for specific things with "unreliable" UDP connection
3330 not_with_valgrind # spurious resend due to timeout
3331 run_test "DTLS proxy: reference" \
3333 "$P_SRV dtls=1 debug_level=2" \
3334 "$P_CLI dtls=1 debug_level=2" \
3336 -C "replayed record" \
3337 -S "replayed record" \
3338 -C "record from another epoch" \
3339 -S "record from another epoch" \
3340 -C "discarding invalid record" \
3341 -S "discarding invalid record" \
3343 -s "Extra-header:" \
3344 -c "HTTP/1.0 200 OK"
3346 not_with_valgrind # spurious resend due to timeout
3347 run_test "DTLS proxy: duplicate every packet" \
3348 -p "$P_PXY duplicate=1" \
3349 "$P_SRV dtls=1 debug_level=2" \
3350 "$P_CLI dtls=1 debug_level=2" \
3352 -c "replayed record" \
3353 -s "replayed record" \
3354 -c "discarding invalid record" \
3355 -s "discarding invalid record" \
3357 -s "Extra-header:" \
3358 -c "HTTP/1.0 200 OK"
3360 run_test "DTLS proxy: duplicate every packet, server anti-replay off" \
3361 -p "$P_PXY duplicate=1" \
3362 "$P_SRV dtls=1 debug_level=2 anti_replay=0" \
3363 "$P_CLI dtls=1 debug_level=2" \
3365 -c "replayed record" \
3366 -S "replayed record" \
3367 -c "discarding invalid record" \
3368 -s "discarding invalid record" \
3371 -s "Extra-header:" \
3372 -c "HTTP/1.0 200 OK"
3374 run_test "DTLS proxy: inject invalid AD record, default badmac_limit" \
3375 -p "$P_PXY bad_ad=1" \
3376 "$P_SRV dtls=1 debug_level=1" \
3377 "$P_CLI dtls=1 debug_level=1 read_timeout=100" \
3379 -c "discarding invalid record (mac)" \
3380 -s "discarding invalid record (mac)" \
3381 -s "Extra-header:" \
3382 -c "HTTP/1.0 200 OK" \
3383 -S "too many records with bad MAC" \
3384 -S "Verification of the message MAC failed"
3386 run_test "DTLS proxy: inject invalid AD record, badmac_limit 1" \
3387 -p "$P_PXY bad_ad=1" \
3388 "$P_SRV dtls=1 debug_level=1 badmac_limit=1" \
3389 "$P_CLI dtls=1 debug_level=1 read_timeout=100" \
3391 -C "discarding invalid record (mac)" \
3392 -S "discarding invalid record (mac)" \
3393 -S "Extra-header:" \
3394 -C "HTTP/1.0 200 OK" \
3395 -s "too many records with bad MAC" \
3396 -s "Verification of the message MAC failed"
3398 run_test "DTLS proxy: inject invalid AD record, badmac_limit 2" \
3399 -p "$P_PXY bad_ad=1" \
3400 "$P_SRV dtls=1 debug_level=1 badmac_limit=2" \
3401 "$P_CLI dtls=1 debug_level=1 read_timeout=100" \
3403 -c "discarding invalid record (mac)" \
3404 -s "discarding invalid record (mac)" \
3405 -s "Extra-header:" \
3406 -c "HTTP/1.0 200 OK" \
3407 -S "too many records with bad MAC" \
3408 -S "Verification of the message MAC failed"
3410 run_test "DTLS proxy: inject invalid AD record, badmac_limit 2, exchanges 2"\
3411 -p "$P_PXY bad_ad=1" \
3412 "$P_SRV dtls=1 debug_level=1 badmac_limit=2 exchanges=2" \
3413 "$P_CLI dtls=1 debug_level=1 read_timeout=100 exchanges=2" \
3415 -c "discarding invalid record (mac)" \
3416 -s "discarding invalid record (mac)" \
3417 -s "Extra-header:" \
3418 -c "HTTP/1.0 200 OK" \
3419 -s "too many records with bad MAC" \
3420 -s "Verification of the message MAC failed"
3422 run_test "DTLS proxy: delay ChangeCipherSpec" \
3423 -p "$P_PXY delay_ccs=1" \
3424 "$P_SRV dtls=1 debug_level=1" \
3425 "$P_CLI dtls=1 debug_level=1" \
3427 -c "record from another epoch" \
3428 -s "record from another epoch" \
3429 -c "discarding invalid record" \
3430 -s "discarding invalid record" \
3431 -s "Extra-header:" \
3432 -c "HTTP/1.0 200 OK"
3434 # Tests for "randomly unreliable connection": try a variety of flows and peers
3436 client_needs_more_time 2
3437 run_test "DTLS proxy: 3d (drop, delay, duplicate), \"short\" PSK handshake" \
3438 -p "$P_PXY drop=5 delay=5 duplicate=5" \
3439 "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \
3441 "$P_CLI dtls=1 hs_timeout=250-10000 tickets=0 psk=abc123 \
3442 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
3444 -s "Extra-header:" \
3445 -c "HTTP/1.0 200 OK"
3447 client_needs_more_time 2
3448 run_test "DTLS proxy: 3d, \"short\" RSA handshake" \
3449 -p "$P_PXY drop=5 delay=5 duplicate=5" \
3450 "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none" \
3451 "$P_CLI dtls=1 hs_timeout=250-10000 tickets=0 \
3452 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
3454 -s "Extra-header:" \
3455 -c "HTTP/1.0 200 OK"
3457 client_needs_more_time 2
3458 run_test "DTLS proxy: 3d, \"short\" (no ticket, no cli_auth) FS handshake" \
3459 -p "$P_PXY drop=5 delay=5 duplicate=5" \
3460 "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none" \
3461 "$P_CLI dtls=1 hs_timeout=250-10000 tickets=0" \
3463 -s "Extra-header:" \
3464 -c "HTTP/1.0 200 OK"
3466 client_needs_more_time 2
3467 run_test "DTLS proxy: 3d, FS, client auth" \
3468 -p "$P_PXY drop=5 delay=5 duplicate=5" \
3469 "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=required" \
3470 "$P_CLI dtls=1 hs_timeout=250-10000 tickets=0" \
3472 -s "Extra-header:" \
3473 -c "HTTP/1.0 200 OK"
3475 client_needs_more_time 2
3476 run_test "DTLS proxy: 3d, FS, ticket" \
3477 -p "$P_PXY drop=5 delay=5 duplicate=5" \
3478 "$P_SRV dtls=1 hs_timeout=250-10000 tickets=1 auth_mode=none" \
3479 "$P_CLI dtls=1 hs_timeout=250-10000 tickets=1" \
3481 -s "Extra-header:" \
3482 -c "HTTP/1.0 200 OK"
3484 client_needs_more_time 2
3485 run_test "DTLS proxy: 3d, max handshake (FS, ticket + client auth)" \
3486 -p "$P_PXY drop=5 delay=5 duplicate=5" \
3487 "$P_SRV dtls=1 hs_timeout=250-10000 tickets=1 auth_mode=required" \
3488 "$P_CLI dtls=1 hs_timeout=250-10000 tickets=1" \
3490 -s "Extra-header:" \
3491 -c "HTTP/1.0 200 OK"
3493 client_needs_more_time 2
3494 run_test "DTLS proxy: 3d, max handshake, nbio" \
3495 -p "$P_PXY drop=5 delay=5 duplicate=5" \
3496 "$P_SRV dtls=1 hs_timeout=250-10000 nbio=2 tickets=1 \
3497 auth_mode=required" \
3498 "$P_CLI dtls=1 hs_timeout=250-10000 nbio=2 tickets=1" \
3500 -s "Extra-header:" \
3501 -c "HTTP/1.0 200 OK"
3503 client_needs_more_time 4
3504 run_test "DTLS proxy: 3d, min handshake, resumption" \
3505 -p "$P_PXY drop=5 delay=5 duplicate=5" \
3506 "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \
3507 psk=abc123 debug_level=3" \
3508 "$P_CLI dtls=1 hs_timeout=250-10000 tickets=0 psk=abc123 \
3509 debug_level=3 reconnect=1 read_timeout=1000 max_resend=10 \
3510 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
3512 -s "a session has been resumed" \
3513 -c "a session has been resumed" \
3514 -s "Extra-header:" \
3515 -c "HTTP/1.0 200 OK"
3517 client_needs_more_time 4
3518 run_test "DTLS proxy: 3d, min handshake, resumption, nbio" \
3519 -p "$P_PXY drop=5 delay=5 duplicate=5" \
3520 "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \
3521 psk=abc123 debug_level=3 nbio=2" \
3522 "$P_CLI dtls=1 hs_timeout=250-10000 tickets=0 psk=abc123 \
3523 debug_level=3 reconnect=1 read_timeout=1000 max_resend=10 \
3524 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 nbio=2" \
3526 -s "a session has been resumed" \
3527 -c "a session has been resumed" \
3528 -s "Extra-header:" \
3529 -c "HTTP/1.0 200 OK"
3531 client_needs_more_time 4
3532 run_test "DTLS proxy: 3d, min handshake, client-initiated renego" \
3533 -p "$P_PXY drop=5 delay=5 duplicate=5" \
3534 "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \
3535 psk=abc123 renegotiation=1 debug_level=2" \
3536 "$P_CLI dtls=1 hs_timeout=250-10000 tickets=0 psk=abc123 \
3537 renegotiate=1 debug_level=2 \
3538 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
3540 -c "=> renegotiate" \
3541 -s "=> renegotiate" \
3542 -s "Extra-header:" \
3543 -c "HTTP/1.0 200 OK"
3545 client_needs_more_time 4
3546 run_test "DTLS proxy: 3d, min handshake, client-initiated renego, nbio" \
3547 -p "$P_PXY drop=5 delay=5 duplicate=5" \
3548 "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \
3549 psk=abc123 renegotiation=1 debug_level=2" \
3550 "$P_CLI dtls=1 hs_timeout=250-10000 tickets=0 psk=abc123 \
3551 renegotiate=1 debug_level=2 \
3552 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
3554 -c "=> renegotiate" \
3555 -s "=> renegotiate" \
3556 -s "Extra-header:" \
3557 -c "HTTP/1.0 200 OK"
3559 client_needs_more_time 4
3560 run_test "DTLS proxy: 3d, min handshake, server-initiated renego" \
3561 -p "$P_PXY drop=5 delay=5 duplicate=5" \
3562 "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \
3563 psk=abc123 renegotiate=1 renegotiation=1 exchanges=4 \
3565 "$P_CLI dtls=1 hs_timeout=250-10000 tickets=0 psk=abc123 \
3566 renegotiation=1 exchanges=4 debug_level=2 \
3567 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
3569 -c "=> renegotiate" \
3570 -s "=> renegotiate" \
3571 -s "Extra-header:" \
3572 -c "HTTP/1.0 200 OK"
3574 client_needs_more_time 4
3575 run_test "DTLS proxy: 3d, min handshake, server-initiated renego, nbio" \
3576 -p "$P_PXY drop=5 delay=5 duplicate=5" \
3577 "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \
3578 psk=abc123 renegotiate=1 renegotiation=1 exchanges=4 \
3579 debug_level=2 nbio=2" \
3580 "$P_CLI dtls=1 hs_timeout=250-10000 tickets=0 psk=abc123 \
3581 renegotiation=1 exchanges=4 debug_level=2 nbio=2 \
3582 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
3584 -c "=> renegotiate" \
3585 -s "=> renegotiate" \
3586 -s "Extra-header:" \
3587 -c "HTTP/1.0 200 OK"
3589 client_needs_more_time 6
3590 not_with_valgrind # risk of non-mbedtls peer timing out
3591 run_test "DTLS proxy: 3d, openssl server" \
3592 -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
3593 "$O_SRV -dtls1 -mtu 2048" \
3594 "$P_CLI dtls=1 hs_timeout=250-60000 tickets=0" \
3596 -c "HTTP/1.0 200 OK"
3598 client_needs_more_time 8
3599 not_with_valgrind # risk of non-mbedtls peer timing out
3600 run_test "DTLS proxy: 3d, openssl server, fragmentation" \
3601 -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
3602 "$O_SRV -dtls1 -mtu 768" \
3603 "$P_CLI dtls=1 hs_timeout=250-60000 tickets=0" \
3605 -c "HTTP/1.0 200 OK"
3607 client_needs_more_time 8
3608 not_with_valgrind # risk of non-mbedtls peer timing out
3609 run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \
3610 -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
3611 "$O_SRV -dtls1 -mtu 768" \
3612 "$P_CLI dtls=1 hs_timeout=250-60000 nbio=2 tickets=0" \
3614 -c "HTTP/1.0 200 OK"
3617 client_needs_more_time 6
3618 not_with_valgrind # risk of non-mbedtls peer timing out
3619 run_test "DTLS proxy: 3d, gnutls server" \
3620 -p "$P_PXY drop=5 delay=5 duplicate=5" \
3621 "$G_SRV -u --mtu 2048 -a" \
3622 "$P_CLI dtls=1 hs_timeout=250-60000" \
3624 -s "Extra-header:" \
3628 client_needs_more_time 8
3629 not_with_valgrind # risk of non-mbedtls peer timing out
3630 run_test "DTLS proxy: 3d, gnutls server, fragmentation" \
3631 -p "$P_PXY drop=5 delay=5 duplicate=5" \
3632 "$G_SRV -u --mtu 512" \
3633 "$P_CLI dtls=1 hs_timeout=250-60000" \
3635 -s "Extra-header:" \
3639 client_needs_more_time 8
3640 not_with_valgrind # risk of non-mbedtls peer timing out
3641 run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \
3642 -p "$P_PXY drop=5 delay=5 duplicate=5" \
3643 "$G_SRV -u --mtu 512" \
3644 "$P_CLI dtls=1 hs_timeout=250-60000 nbio=2" \
3646 -s "Extra-header:" \
3651 echo "------------------------------------------------------------------------"
3653 if [ $FAILS = 0 ]; then
3658 PASSES=$(( $TESTS - $FAILS ))
3659 echo " ($PASSES / $TESTS tests ($SKIPS skipped))"