diff options
author | Todd Short <tshort@akamai.com> | 2021-08-09 16:56:50 -0400 |
---|---|---|
committer | Todd Short <todd.short@me.com> | 2022-10-18 09:30:22 -0400 |
commit | b67cb09f8ddf258cf326f3e7b20be095fb53457c (patch) | |
tree | b31a978e8c71e972e84fd03b4de92491deff032a /test/helpers | |
parent | 59d21298df9176b64b41cc8583c7024f7f5895d4 (diff) | |
download | openssl-new-b67cb09f8ddf258cf326f3e7b20be095fb53457c.tar.gz |
Add support for compressed certificates (RFC8879)
* Compressed Certificate extension (server/client)
* Server certificates (send/receive)
* Client certificate (send/receive)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18186)
Diffstat (limited to 'test/helpers')
-rw-r--r-- | test/helpers/handshake.c | 8 | ||||
-rw-r--r-- | test/helpers/ssl_test_ctx.c | 2 | ||||
-rw-r--r-- | test/helpers/ssl_test_ctx.h | 2 |
3 files changed, 12 insertions, 0 deletions
diff --git a/test/helpers/handshake.c b/test/helpers/handshake.c index fc7f026300..e0422469e4 100644 --- a/test/helpers/handshake.c +++ b/test/helpers/handshake.c @@ -695,6 +695,14 @@ static int configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, server2_ctx_data, client_ctx_data)) goto err; #endif /* !OPENSSL_NO_SRP */ +#ifndef OPENSSL_NO_COMP_ALG + if (test->compress_certificates) { + if (!TEST_true(SSL_CTX_compress_certs(server_ctx, 0))) + goto err; + if (server2_ctx != NULL && !TEST_true(SSL_CTX_compress_certs(server2_ctx, 0))) + goto err; + } +#endif return 1; err: return 0; diff --git a/test/helpers/ssl_test_ctx.c b/test/helpers/ssl_test_ctx.c index 69baa0b49f..1919481b02 100644 --- a/test/helpers/ssl_test_ctx.c +++ b/test/helpers/ssl_test_ctx.c @@ -446,6 +446,7 @@ const char *ssl_ct_validation_name(ssl_ct_validation_t mode) IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, resumption_expected) IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_SERVER_CONF, server, broken_session_ticket) IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, use_sctp) +IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, compress_certificates) IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, enable_client_sctp_label_bug) IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, enable_server_sctp_label_bug) @@ -686,6 +687,7 @@ static const ssl_test_ctx_option ssl_test_ctx_options[] = { { "ExpectedClientSignType", &parse_expected_client_sign_type }, { "ExpectedClientCANames", &parse_expected_client_ca_names }, { "UseSCTP", &parse_test_use_sctp }, + { "CompressCertificates", &parse_test_compress_certificates }, { "EnableClientSCTPLabelBug", &parse_test_enable_client_sctp_label_bug }, { "EnableServerSCTPLabelBug", &parse_test_enable_server_sctp_label_bug }, { "ExpectedCipher", &parse_test_expected_cipher }, diff --git a/test/helpers/ssl_test_ctx.h b/test/helpers/ssl_test_ctx.h index c7820d9764..4baf657f6d 100644 --- a/test/helpers/ssl_test_ctx.h +++ b/test/helpers/ssl_test_ctx.h @@ -218,6 +218,8 @@ typedef struct { STACK_OF(X509_NAME) *expected_client_ca_names; /* Whether to use SCTP for the transport */ int use_sctp; + /* Whether to pre-compress server certificates */ + int compress_certificates; /* Enable SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG on client side */ int enable_client_sctp_label_bug; /* Enable SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG on server side */ |