From 452f85219d705fca91181b4f15d27650ca0d2ec6 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Wed, 6 Sep 2017 14:51:59 +0200
Subject: tests: added reproducer for safe renegotiation failure with openssl

Relates #259

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---
 tests/suite/testcompat-main-openssl | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/tests/suite/testcompat-main-openssl b/tests/suite/testcompat-main-openssl
index e00ce5d8d2..0570f26aed 100755
--- a/tests/suite/testcompat-main-openssl
+++ b/tests/suite/testcompat-main-openssl
@@ -676,6 +676,18 @@ run_server_suite() {
 	wait
 
 	if test ${NO_TLS1_2} = 0; then
+		# test resumption
+		echo "${PREFIX}Check TLS 1.2 with resumption"
+		eval "${GETPORT}"
+		launch_server $$ --priority "NORMAL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
+		PID=$!
+		wait_server ${PID}
+
+		${OPENSSL_CLI} s_client -host localhost -reconnect -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+			fail ${PID} "Failed"
+
+		kill ${PID}
+		wait
 
 		echo "${PREFIX}Check TLS 1.2 with DHE-RSA ciphersuite"
 		eval "${GETPORT}"
@@ -845,7 +857,7 @@ run_server_suite() {
 }
 
 WAITPID=""
-for mod in "" ":%COMPAT" ":%NO_ETM" ":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION"; do
+for mod in "" ":%COMPAT" ":%NO_ETM" ":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION" ":%SAFE_RENEGOTIATION"; do
 	run_server_suite $mod &
 	WAITPID="$WAITPID $!"
 done
-- 
cgit v1.2.1