fixup! Adds DTLSv1.3 to protocol_version.pm for additional protocol v…

…ersion tests.
openssl · May 10, 2024 · f943531 · f943531
1 parent 63ccd3e
commit f943531
Show file tree

Hide file tree

Showing 2 changed files with 78 additions and 125 deletions.
diff --git a/test/ssl-tests/02-protocol-version.cnf b/test/ssl-tests/02-protocol-version.cnf
@@ -1,6 +1,6 @@
 # Generated with generate_ssl_tests.pl
 
-num_tests = 680
+num_tests = 678
 
 test-0 = 0-version-negotiation
 test-1 = 1-version-negotiation
@@ -680,8 +680,6 @@ test-674 = 674-version-negotiation
 test-675 = 675-version-negotiation
 test-676 = 676-ciphersuite-sanity-check-tls-client
 test-677 = 677-ciphersuite-sanity-check-tls-server
-test-678 = 678-ciphersuite-sanity-check-dtls-client
-test-679 = 679-ciphersuite-sanity-check-dtls-server
 # ===========================================================
 
 [0-version-negotiation]
@@ -18824,55 +18822,3 @@ ExpectedResult = ServerFail
 Method = TLS
 
 
-# ===========================================================
-
-[678-ciphersuite-sanity-check-dtls-client]
-ssl_conf = 678-ciphersuite-sanity-check-dtls-client-ssl
-
-[678-ciphersuite-sanity-check-dtls-client-ssl]
-server = 678-ciphersuite-sanity-check-dtls-client-server
-client = 678-ciphersuite-sanity-check-dtls-client-client
-
-[678-ciphersuite-sanity-check-dtls-client-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[678-ciphersuite-sanity-check-dtls-client-client]
-CipherString = AES128-SHA
-Ciphersuites = 
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-678]
-ExpectedResult = ClientFail
-Method = DTLS
-
-
-# ===========================================================
-
-[679-ciphersuite-sanity-check-dtls-server]
-ssl_conf = 679-ciphersuite-sanity-check-dtls-server-ssl
-
-[679-ciphersuite-sanity-check-dtls-server-ssl]
-server = 679-ciphersuite-sanity-check-dtls-server-server
-client = 679-ciphersuite-sanity-check-dtls-server-client
-
-[679-ciphersuite-sanity-check-dtls-server-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = AES128-SHA
-Ciphersuites = 
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[679-ciphersuite-sanity-check-dtls-server-client]
-CipherString = AES128-SHA
-MaxProtocol = DTLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-679]
-ExpectedResult = ServerFail
-Method = DTLS
-
-
diff --git a/test/ssl-tests/protocol_version.pm b/test/ssl-tests/protocol_version.pm
@@ -65,7 +65,7 @@ sub max_prot_enabled {
 
     foreach my $i (0..$#protocols) {
         if (!$is_disabled[$i]
-                && (($protocols[$i] ne "TLSv1.3")
+                && ($protocols[$i] ne "TLSv1.3"
                     || !disabled("ec")
                     || !disabled("dh"))
                 && ($protocols[$i] ne "DTLSv1.3"
@@ -181,75 +181,82 @@ sub generate_version_tests {
             }
         }
     }
-    return @tests
-        if disabled("tls1_3")
-           || disabled("tls1_2")
-           || (disabled("ec") && disabled("dh"))
-           || $dtls;
-
-    #Add some version/ciphersuite sanity check tests
-    push @tests, {
-        "name" => "ciphersuite-sanity-check-tls-client",
-        "client" => {
-            #Offering only <=TLSv1.2 ciphersuites with TLSv1.3 should fail
-            "CipherString" => "AES128-SHA",
-            "Ciphersuites" => "",
-        },
-        "server" => {
-            "MaxProtocol" => "TLSv1.2"
-        },
-        "test" => {
-            "Method" => "TLS",
-            "ExpectedResult" => "ClientFail",
-        }
-    };
-    push @tests, {
-        "name" => "ciphersuite-sanity-check-tls-server",
-        "client" => {
-            "CipherString" => "AES128-SHA",
-            "MaxProtocol" => "TLSv1.2"
-        },
-        "server" => {
-            #Allowing only <=TLSv1.2 ciphersuites with TLSv1.3 should fail
-            "CipherString" => "AES128-SHA",
-            "Ciphersuites" => "",
-        },
-        "test" => {
-            "Method" => "TLS",
-            "ExpectedResult" => "ServerFail",
-        }
-    };
-    push @tests, {
-        "name" => "ciphersuite-sanity-check-dtls-client",
-        "client" => {
-            #Offering only <=DTLSv1.2 ciphersuites with DTLSv1.3 should fail
-            "CipherString" => "AES128-SHA",
-            "Ciphersuites" => "",
-        },
-        "server" => {
-            "MaxProtocol" => "DTLSv1.2"
-        },
-        "test" => {
-            "Method" => "DTLS",
-            "ExpectedResult" => "ClientFail",
-        }
-    };
-    push @tests, {
-        "name" => "ciphersuite-sanity-check-dtls-server",
-        "client" => {
-            "CipherString" => "AES128-SHA",
-            "MaxProtocol" => "DTLSv1.2"
-        },
-        "server" => {
-            #Allowing only <=DTLSv1.2 ciphersuites with DTLSv1.3 should fail
-            "CipherString" => "AES128-SHA",
-            "Ciphersuites" => "",
-        },
-        "test" => {
-            "Method" => "DTLS",
-            "ExpectedResult" => "ServerFail",
-        }
-    };
+
+    if (!$dtls && !(disabled("tls1_3")
+                    || disabled("tls1_2")
+                    || (disabled("ec") && disabled("dh"))))
+    {
+        #Add some version/ciphersuite sanity check tests
+        push @tests, {
+            "name"   => "ciphersuite-sanity-check-tls-client",
+            "client" => {
+                #Offering only <=TLSv1.2 ciphersuites with TLSv1.3 should fail
+                "CipherString" => "AES128-SHA",
+                "Ciphersuites" => "",
+            },
+            "server" => {
+                "MaxProtocol" => "TLSv1.2"
+            },
+            "test"   => {
+                "Method"         => "TLS",
+                "ExpectedResult" => "ClientFail",
+            }
+        };
+        push @tests, {
+            "name"   => "ciphersuite-sanity-check-tls-server",
+            "client" => {
+                "CipherString" => "AES128-SHA",
+                "MaxProtocol"  => "TLSv1.2"
+            },
+            "server" => {
+                #Allowing only <=TLSv1.2 ciphersuites with TLSv1.3 should fail
+                "CipherString" => "AES128-SHA",
+                "Ciphersuites" => "",
+            },
+            "test"   => {
+                "Method"         => "TLS",
+                "ExpectedResult" => "ServerFail",
+            }
+        };
+    }
+
+    if ($dtls && !(disabled("dtls1_3")
+                   || disabled("dtls1_2")
+                   || (disabled("ec") && disabled("dh"))))
+    {
+        #Add some version/ciphersuite sanity check tests
+        push @tests, {
+            "name"   => "ciphersuite-sanity-check-dtls-client",
+            "client" => {
+                #Offering only <=DTLSv1.2 ciphersuites with DTLSv1.3 should fail
+                "CipherString" => "AES128-SHA",
+                "Ciphersuites" => "",
+            },
+            "server" => {
+                "MaxProtocol" => "DTLSv1.2"
+            },
+            "test"   => {
+                "Method"         => "DTLS",
+                "ExpectedResult" => "ClientFail",
+            }
+        };
+        push @tests, {
+            "name"   => "ciphersuite-sanity-check-dtls-server",
+            "client" => {
+                "CipherString" => "AES128-SHA",
+                "MaxProtocol"  => "DTLSv1.2"
+            },
+            "server" => {
+                #Allowing only <=DTLSv1.2 ciphersuites with DTLSv1.3 should fail
+                "CipherString" => "AES128-SHA",
+                "Ciphersuites" => "",
+            },
+            "test"   => {
+                "Method"         => "DTLS",
+                "ExpectedResult" => "ServerFail",
+            }
+        };
+    }
 
     return @tests;
 }