1 1.1 christos #! /usr/bin/env perl 2 1.1 christos # Copyright 2024 The OpenSSL Project Authors. All Rights Reserved. 3 1.1 christos # 4 1.1 christos # Licensed under the Apache License 2.0 (the "License"). You may not use 5 1.1 christos # this file except in compliance with the License. You can obtain a copy 6 1.1 christos # in the file LICENSE in the source distribution or at 7 1.1 christos # https://www.openssl.org/source/license.html 8 1.1 christos 9 1.1 christos use strict; 10 1.1 christos use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file/; 11 1.1 christos use OpenSSL::Test::Utils; 12 1.1 christos 13 1.1 christos use TLSProxy::Proxy; 14 1.1 christos 15 1.1 christos my $test_name = "test_npn"; 16 1.1 christos setup($test_name); 17 1.1 christos 18 1.1 christos plan skip_all => "TLSProxy isn't usable on $^O" 19 1.1 christos if $^O =~ /^(VMS)$/; 20 1.1 christos 21 1.1 christos plan skip_all => "$test_name needs the dynamic engine feature enabled" 22 1.1 christos if disabled("engine") || disabled("dynamic-engine"); 23 1.1 christos 24 1.1 christos plan skip_all => "$test_name needs the sock feature enabled" 25 1.1 christos if disabled("sock"); 26 1.1 christos 27 1.1 christos plan skip_all => "$test_name needs NPN enabled" 28 1.1 christos if disabled("nextprotoneg"); 29 1.1 christos 30 1.1 christos plan skip_all => "$test_name needs TLSv1.2 enabled" 31 1.1 christos if disabled("tls1_2"); 32 1.1 christos 33 1.1 christos my $proxy = TLSProxy::Proxy->new( 34 1.1 christos undef, 35 1.1 christos cmdstr(app(["openssl"]), display => 1), 36 1.1 christos srctop_file("apps", "server.pem"), 37 1.1 christos (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) 38 1.1 christos ); 39 1.1 christos 40 1.1 christos $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; 41 1.1 christos plan tests => 1; 42 1.1 christos 43 1.1 christos my $npnseen = 0; 44 1.1 christos 45 1.1 christos # Test 1: Check sending an empty NextProto message from the client works. This is 46 1.1 christos # valid as per the spec, but OpenSSL does not allow you to send it. 47 1.1 christos # Therefore we must be prepared to receive such a message but we cannot 48 1.1 christos # generate it except via TLSProxy 49 1.1 christos $proxy->clear(); 50 1.1 christos $proxy->filter(\&npn_filter); 51 1.1 christos $proxy->clientflags("-nextprotoneg foo -no_tls1_3"); 52 1.1 christos $proxy->serverflags("-nextprotoneg foo"); 53 1.1 christos $proxy->start(); 54 1.1 christos ok($npnseen && TLSProxy::Message->success(), "Empty NPN message"); 55 1.1 christos 56 1.1 christos sub npn_filter 57 1.1 christos { 58 1.1 christos my $proxy = shift; 59 1.1 christos my $message; 60 1.1 christos 61 1.1 christos # The NextProto message always appears in flight 2 62 1.1 christos return if $proxy->flight != 2; 63 1.1 christos 64 1.1 christos foreach my $message (@{$proxy->message_list}) { 65 1.1 christos if ($message->mt == TLSProxy::Message::MT_NEXT_PROTO) { 66 1.1 christos # Our TLSproxy NextProto message support doesn't support parsing of 67 1.1 christos # the message. If we repack it just creates an empty NextProto 68 1.1 christos # message - which is exactly the scenario we want to test here. 69 1.1 christos $message->repack(); 70 1.1 christos $npnseen = 1; 71 1.1 christos } 72 1.1 christos } 73 1.1 christos } 74
Indexes created Sun Mar 01 05:31:48 UTC 2026