support PHA from OpenSSL

tlsfuzzer · Jan 2, 2020 · 91afc54 · 91afc54
1 parent a8e3751
commit 91afc54
Show file tree

Hide file tree

Showing 3 changed files with 55 additions and 3 deletions.
diff --git a/3rd-party-scripts/README.md b/3rd-party-scripts/README.md
@@ -0,0 +1 @@
+Scripts and tools to make testing servers other than tlslite-ng easier.
diff --git a/3rd-party-scripts/openssl-server-pha.expect b/3rd-party-scripts/openssl-server-pha.expect
@@ -0,0 +1,42 @@
+#!/usr/bin/expect
+set timeout 30
+set exp_internal 1
+eval spawn $argv
+trap { exec kill -SIGTERM [exp_pid] } SIGTERM
+expect {
+    "CIPHER is" {
+        expect {
+            "GET / HTTP/1.0" { send "HTTP/1.0 200 ok\r"; }
+            "GET /secret HTTP/1.0" {
+                send "c\r";
+                send_user "== expect: waiting for client cert\n";
+                set timeout 1;
+                expect {
+                    "verify return:1" {
+                        expect {
+                            "Read BLOCK" { send "HTTP/1.0 200 ok\r"; }
+                            "error" { }
+                            "ERROR" { }
+                            eof { exit 15 }
+                            timeout { exit 16 }
+                        }
+                    } timeout {
+                        send_user "== expect: no certificate received\n";
+                        send "HTTP/1.0 401 authentication required\r";
+                    }
+                    "ERROR" { }
+                    eof { exit 13 }
+                }
+                send_user "== expect: client cert handled\n";
+                set timeout 10;
+            }
+            eof { exit 11 }
+            timeout { exit 12 }
+        }
+        exp_continue;
+    }
+    eof { exit 7 }
+    timeout { close; exit 8 }
+}
+set info [wait]
+exit [lindex $info 3]
diff --git a/scripts/test-tls13-post-handshake-auth.py b/scripts/test-tls13-post-handshake-auth.py
@@ -300,9 +300,18 @@ def main():
 
     node.next_sibling = ExpectKeyUpdate(
         KeyUpdateMessageType.update_not_requested)
-    node = node.next_sibling.add_child(ExpectApplicationData())
-    node = node.add_child(AlertGenerator(AlertLevel.warning,
-                                         AlertDescription.close_notify))
+
+    # but KeyUpdate can be sent asynchonously, then NST will be received
+    # after KeyUpdate
+
+    cycle = ExpectNewSessionTicket(note="third set")
+    node = node.next_sibling.add_child(cycle)
+    node.add_child(cycle)
+
+    node.next_sibling = ExpectApplicationData()
+    node = node.next_sibling.add_child(
+        AlertGenerator(AlertLevel.warning,
+                       AlertDescription.close_notify))
 
     node = node.add_child(ExpectAlert())
     node.next_sibling = ExpectClose()