Test that we can handle a PHA CertificateRequest after we sent close_notify
Even though we already sent close_notify the server may not have recieved
it yet and could issue a CertificateRequest to us. Since we've already
sent close_notify we can't send any reasonable response so we just ignore
it.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7114)
Matt Caswell
5 years ago
5342 | 5342 | * Test 3: TLSv1.3, pending NewSessionTicket messages |
5343 | 5343 | * Test 4: TLSv1.3, server continues to read/write after client shutdown, server |
5344 | 5344 | * sends key update, client reads it |
5345 | * Test 5: TLSv1.3, server continues to read/write after client shutdown, client | |
5345 | * Test 5: TLSv1.3, server continues to read/write after client shutdown, server | |
5346 | * sends CertificateRequest, client reads and ignores it | |
5347 | * Test 6: TLSv1.3, server continues to read/write after client shutdown, client | |
5346 | 5348 | * doesn't read it |
5347 | 5349 | */ |
5348 | 5350 | static int test_shutdown(int tst) |
5369 | 5371 | TLS1_VERSION, |
5370 | 5372 | (tst <= 1) ? TLS1_2_VERSION |
5371 | 5373 | : TLS1_3_VERSION, |
5372 | &sctx, &cctx, cert, privkey)) | |
5373 | || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, | |
5374 | &sctx, &cctx, cert, privkey))) | |
5375 | goto end; | |
5376 | ||
5377 | if (tst == 5) | |
5378 | SSL_CTX_set_post_handshake_auth(cctx, 1); | |
5379 | ||
5380 | if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, | |
5374 | 5381 | NULL, NULL))) |
5375 | 5382 | goto end; |
5376 | 5383 | |
5406 | 5413 | */ |
5407 | 5414 | || !TEST_true(SSL_write(serverssl, msg, sizeof(msg)))) |
5408 | 5415 | goto end; |
5409 | if (tst == 4 && | |
5410 | (!TEST_true(SSL_key_update(serverssl, SSL_KEY_UPDATE_REQUESTED)) | |
5411 | || !TEST_true(SSL_write(serverssl, msg, sizeof(msg))))) | |
5416 | if (tst == 4 | |
5417 | && !TEST_true(SSL_key_update(serverssl, | |
5418 | SSL_KEY_UPDATE_REQUESTED))) | |
5419 | goto end; | |
5420 | if (tst == 5) { | |
5421 | SSL_set_verify(serverssl, SSL_VERIFY_PEER, NULL); | |
5422 | if (!TEST_true(SSL_verify_client_post_handshake(serverssl))) | |
5423 | goto end; | |
5424 | } | |
5425 | if ((tst == 4 || tst == 5) | |
5426 | && !TEST_true(SSL_write(serverssl, msg, sizeof(msg)))) | |
5412 | 5427 | goto end; |
5413 | 5428 | if (!TEST_int_eq(SSL_shutdown(serverssl), 1)) |
5414 | 5429 | goto end; |
5415 | if (tst == 4) { | |
5430 | if (tst == 4 || tst == 5) { | |
5416 | 5431 | /* Should still be able to read data from server */ |
5417 | 5432 | if (!TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), |
5418 | 5433 | &readbytes)) |
5447 | 5462 | || !TEST_true(SSL_SESSION_is_resumable(sess)) |
5448 | 5463 | || !TEST_int_eq(SSL_shutdown(serverssl), 1)) |
5449 | 5464 | goto end; |
5450 | } else if (tst == 4) { | |
5465 | } else if (tst == 4 || tst == 5) { | |
5451 | 5466 | /* |
5452 | 5467 | * In this test the client has sent close_notify and it has been |
5453 | 5468 | * received by the server which has responded with a close_notify. The |
5459 | 5474 | goto end; |
5460 | 5475 | } else { |
5461 | 5476 | /* |
5462 | * tst == 5 | |
5477 | * tst == 6 | |
5463 | 5478 | * |
5464 | 5479 | * The client has sent close_notify and is expecting a close_notify |
5465 | 5480 | * back, but instead there is application data first. The shutdown |
5582 | 5597 | ADD_ALL_TESTS(test_ssl_pending, 2); |
5583 | 5598 | ADD_ALL_TESTS(test_ssl_get_shared_ciphers, OSSL_NELEM(shared_ciphers_data)); |
5584 | 5599 | ADD_ALL_TESTS(test_ticket_callbacks, 12); |
5585 | ADD_ALL_TESTS(test_shutdown, 6); | |
5600 | ADD_ALL_TESTS(test_shutdown, 7); | |
5586 | 5601 | return 1; |
5587 | 5602 | } |
5588 | 5603 |