ssl-opt.sh: Add tests where tickets are ignored

Add tests where we explicitely check that tickets are ignored on client side when the support is not enabled. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2025-01-01 09:10:03 +00:00 · 2024-03-26 11:17:10 +01:00 · 2024-03-26 11:17:10 +01:00 · ceae4f85ea
commit ceae4f85ea
parent 7df18bc210
1 changed files with 28 additions and 0 deletions
--- a/tests/opt-testcases/tls13-misc.sh
+++ b/tests/opt-testcases/tls13-misc.sh
@ -827,6 +827,20 @@ run_test    "TLS 1.3 m->O: resumption" \
            -c "Reconnecting with saved session... ok" \
            -c "HTTP/1.0 200 ok"

+requires_openssl_tls1_3_with_compatible_ephemeral
+requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
+                             MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+                             MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_disabled MBEDTLS_SSL_SESSION_TICKETS
+run_test    "TLS 1.3 m->O: resumption fails, no ticket support" \
+            "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \
+            "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \
+            1 \
+            -c "Protocol is TLSv1.3" \
+            -C "Saving session for reuse... ok" \
+            -C "Reconnecting with saved session... ok" \
+            -c "Ignore NewSessionTicket, not supported."
+
 # No early data m->O tests for the time being. The option -early_data is needed
 # to enable early data on OpenSSL server and it is not compatible with the
 # -www option we usually use for testing with OpenSSL server (see
@ -873,6 +887,20 @@ run_test    "TLS 1.3 m->G: resumption" \
            -c "Reconnecting with saved session... ok" \
            -c "HTTP/1.0 200 OK"

+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
+                             MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+                             MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_disabled MBEDTLS_SSL_SESSION_TICKETS
+run_test    "TLS 1.3 m->G: resumption fails, no ticket support" \
+            "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
+            "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \
+            1 \
+            -c "Protocol is TLSv1.3" \
+            -C "Saving session for reuse... ok" \
+            -C "Reconnecting with saved session... ok" \
+            -c "Ignore NewSessionTicket, not supported."
+
 requires_gnutls_tls1_3
 requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
                             MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \