Test that we can handle a PHA CertificateRequest after we sent close_notify
Even though we already sent close_notify the server may not have recieved
it yet and could issue a CertificateRequest to us. Since we've already
sent close_notify we can't send any reasonable response so we just ignore
it.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7114)
Matt Caswell
5 years ago
| 5342 | 5342 | * Test 3: TLSv1.3, pending NewSessionTicket messages |
| 5343 | 5343 | * Test 4: TLSv1.3, server continues to read/write after client shutdown, server |
| 5344 | 5344 | * sends key update, client reads it |
| 5345 | * Test 5: TLSv1.3, server continues to read/write after client shutdown, client | |
| 5345 | * Test 5: TLSv1.3, server continues to read/write after client shutdown, server | |
| 5346 | * sends CertificateRequest, client reads and ignores it | |
| 5347 | * Test 6: TLSv1.3, server continues to read/write after client shutdown, client | |
| 5346 | 5348 | * doesn't read it |
| 5347 | 5349 | */ |
| 5348 | 5350 | static int test_shutdown(int tst) |
| 5369 | 5371 | TLS1_VERSION, |
| 5370 | 5372 | (tst <= 1) ? TLS1_2_VERSION |
| 5371 | 5373 | : TLS1_3_VERSION, |
| 5372 | &sctx, &cctx, cert, privkey)) | |
| 5373 | || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, | |
| 5374 | &sctx, &cctx, cert, privkey))) | |
| 5375 | goto end; | |
| 5376 | ||
| 5377 | if (tst == 5) | |
| 5378 | SSL_CTX_set_post_handshake_auth(cctx, 1); | |
| 5379 | ||
| 5380 | if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, | |
| 5374 | 5381 | NULL, NULL))) |
| 5375 | 5382 | goto end; |
| 5376 | 5383 | |
| 5406 | 5413 | */ |
| 5407 | 5414 | || !TEST_true(SSL_write(serverssl, msg, sizeof(msg)))) |
| 5408 | 5415 | goto end; |
| 5409 | if (tst == 4 && | |
| 5410 | (!TEST_true(SSL_key_update(serverssl, SSL_KEY_UPDATE_REQUESTED)) | |
| 5411 | || !TEST_true(SSL_write(serverssl, msg, sizeof(msg))))) | |
| 5416 | if (tst == 4 | |
| 5417 | && !TEST_true(SSL_key_update(serverssl, | |
| 5418 | SSL_KEY_UPDATE_REQUESTED))) | |
| 5419 | goto end; | |
| 5420 | if (tst == 5) { | |
| 5421 | SSL_set_verify(serverssl, SSL_VERIFY_PEER, NULL); | |
| 5422 | if (!TEST_true(SSL_verify_client_post_handshake(serverssl))) | |
| 5423 | goto end; | |
| 5424 | } | |
| 5425 | if ((tst == 4 || tst == 5) | |
| 5426 | && !TEST_true(SSL_write(serverssl, msg, sizeof(msg)))) | |
| 5412 | 5427 | goto end; |
| 5413 | 5428 | if (!TEST_int_eq(SSL_shutdown(serverssl), 1)) |
| 5414 | 5429 | goto end; |
| 5415 | if (tst == 4) { | |
| 5430 | if (tst == 4 || tst == 5) { | |
| 5416 | 5431 | /* Should still be able to read data from server */ |
| 5417 | 5432 | if (!TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), |
| 5418 | 5433 | &readbytes)) |
| 5447 | 5462 | || !TEST_true(SSL_SESSION_is_resumable(sess)) |
| 5448 | 5463 | || !TEST_int_eq(SSL_shutdown(serverssl), 1)) |
| 5449 | 5464 | goto end; |
| 5450 | } else if (tst == 4) { | |
| 5465 | } else if (tst == 4 || tst == 5) { | |
| 5451 | 5466 | /* |
| 5452 | 5467 | * In this test the client has sent close_notify and it has been |
| 5453 | 5468 | * received by the server which has responded with a close_notify. The |
| 5459 | 5474 | goto end; |
| 5460 | 5475 | } else { |
| 5461 | 5476 | /* |
| 5462 | * tst == 5 | |
| 5477 | * tst == 6 | |
| 5463 | 5478 | * |
| 5464 | 5479 | * The client has sent close_notify and is expecting a close_notify |
| 5465 | 5480 | * back, but instead there is application data first. The shutdown |
| 5582 | 5597 | ADD_ALL_TESTS(test_ssl_pending, 2); |
| 5583 | 5598 | ADD_ALL_TESTS(test_ssl_get_shared_ciphers, OSSL_NELEM(shared_ciphers_data)); |
| 5584 | 5599 | ADD_ALL_TESTS(test_ticket_callbacks, 12); |
| 5585 | ADD_ALL_TESTS(test_shutdown, 6); | |
| 5600 | ADD_ALL_TESTS(test_shutdown, 7); | |
| 5586 | 5601 | return 1; |
| 5587 | 5602 | } |
| 5588 | 5603 | |