1*a7148ab3SEnji Cooper#! /usr/bin/env perl 2*a7148ab3SEnji Cooper# Copyright 2024 The OpenSSL Project Authors. All Rights Reserved. 3*a7148ab3SEnji Cooper# 4*a7148ab3SEnji Cooper# Licensed under the Apache License 2.0 (the "License"). You may not use 5*a7148ab3SEnji Cooper# this file except in compliance with the License. You can obtain a copy 6*a7148ab3SEnji Cooper# in the file LICENSE in the source distribution or at 7*a7148ab3SEnji Cooper# https://www.openssl.org/source/license.html 8*a7148ab3SEnji Cooper 9*a7148ab3SEnji Cooperuse strict; 10*a7148ab3SEnji Cooperuse OpenSSL::Test qw/:DEFAULT cmdstr srctop_file/; 11*a7148ab3SEnji Cooperuse OpenSSL::Test::Utils; 12*a7148ab3SEnji Cooper 13*a7148ab3SEnji Cooperuse TLSProxy::Proxy; 14*a7148ab3SEnji Cooper 15*a7148ab3SEnji Coopermy $test_name = "test_npn"; 16*a7148ab3SEnji Coopersetup($test_name); 17*a7148ab3SEnji Cooper 18*a7148ab3SEnji Cooperplan skip_all => "TLSProxy isn't usable on $^O" 19*a7148ab3SEnji Cooper if $^O =~ /^(VMS)$/; 20*a7148ab3SEnji Cooper 21*a7148ab3SEnji Cooperplan skip_all => "$test_name needs the dynamic engine feature enabled" 22*a7148ab3SEnji Cooper if disabled("engine") || disabled("dynamic-engine"); 23*a7148ab3SEnji Cooper 24*a7148ab3SEnji Cooperplan skip_all => "$test_name needs the sock feature enabled" 25*a7148ab3SEnji Cooper if disabled("sock"); 26*a7148ab3SEnji Cooper 27*a7148ab3SEnji Cooperplan skip_all => "$test_name needs NPN enabled" 28*a7148ab3SEnji Cooper if disabled("nextprotoneg"); 29*a7148ab3SEnji Cooper 30*a7148ab3SEnji Cooperplan skip_all => "$test_name needs TLSv1.2 enabled" 31*a7148ab3SEnji Cooper if disabled("tls1_2"); 32*a7148ab3SEnji Cooper 33*a7148ab3SEnji Coopermy $proxy = TLSProxy::Proxy->new( 34*a7148ab3SEnji Cooper undef, 35*a7148ab3SEnji Cooper cmdstr(app(["openssl"]), display => 1), 36*a7148ab3SEnji Cooper srctop_file("apps", "server.pem"), 37*a7148ab3SEnji Cooper (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) 38*a7148ab3SEnji Cooper); 39*a7148ab3SEnji Cooper 40*a7148ab3SEnji Cooper$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; 41*a7148ab3SEnji Cooperplan tests => 1; 42*a7148ab3SEnji Cooper 43*a7148ab3SEnji Coopermy $npnseen = 0; 44*a7148ab3SEnji Cooper 45*a7148ab3SEnji Cooper# Test 1: Check sending an empty NextProto message from the client works. This is 46*a7148ab3SEnji Cooper# valid as per the spec, but OpenSSL does not allow you to send it. 47*a7148ab3SEnji Cooper# Therefore we must be prepared to receive such a message but we cannot 48*a7148ab3SEnji Cooper# generate it except via TLSProxy 49*a7148ab3SEnji Cooper$proxy->clear(); 50*a7148ab3SEnji Cooper$proxy->filter(\&npn_filter); 51*a7148ab3SEnji Cooper$proxy->clientflags("-nextprotoneg foo -no_tls1_3"); 52*a7148ab3SEnji Cooper$proxy->serverflags("-nextprotoneg foo"); 53*a7148ab3SEnji Cooper$proxy->start(); 54*a7148ab3SEnji Cooperok($npnseen && TLSProxy::Message->success(), "Empty NPN message"); 55*a7148ab3SEnji Cooper 56*a7148ab3SEnji Coopersub npn_filter 57*a7148ab3SEnji Cooper{ 58*a7148ab3SEnji Cooper my $proxy = shift; 59*a7148ab3SEnji Cooper my $message; 60*a7148ab3SEnji Cooper 61*a7148ab3SEnji Cooper # The NextProto message always appears in flight 2 62*a7148ab3SEnji Cooper return if $proxy->flight != 2; 63*a7148ab3SEnji Cooper 64*a7148ab3SEnji Cooper foreach my $message (@{$proxy->message_list}) { 65*a7148ab3SEnji Cooper if ($message->mt == TLSProxy::Message::MT_NEXT_PROTO) { 66*a7148ab3SEnji Cooper # Our TLSproxy NextProto message support doesn't support parsing of 67*a7148ab3SEnji Cooper # the message. If we repack it just creates an empty NextProto 68*a7148ab3SEnji Cooper # message - which is exactly the scenario we want to test here. 69*a7148ab3SEnji Cooper $message->repack(); 70*a7148ab3SEnji Cooper $npnseen = 1; 71*a7148ab3SEnji Cooper } 72*a7148ab3SEnji Cooper } 73*a7148ab3SEnji Cooper} 74