Add server extension parsing

Only accept EC J-PAKE ciphersuite if extension was present and OK (single flag for both), and ignore extension if we have no password.
2025-07-30 22:43:08 +03:00 · 2015-09-16 15:04:01 +02:00
parent e511b4e7cb
commit bf57be690e
3 changed files with 57 additions and 3 deletions
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@ -2507,6 +2507,8 @@ run_test    "ECJPAKE: client not configured" \
            0 \
            -C "add ciphersuite: c0ff" \
            -C "adding ecjpake_kkpp extension" \
+            -S "found ecjpake kkpp extension" \
+            -S "skip ecjpake kkpp extension" \
            -S "ciphersuite mismatch: ecjpake not configured" \
            -S "None of the common ciphersuites is usable"

@ -2517,9 +2519,23 @@ run_test    "ECJPAKE: server not configured" \
            1 \
            -c "add ciphersuite: c0ff" \
            -c "adding ecjpake_kkpp extension" \
+            -s "found ecjpake kkpp extension" \
+            -s "skip ecjpake kkpp extension" \
            -s "ciphersuite mismatch: ecjpake not configured" \
            -s "None of the common ciphersuites is usable"

+run_test    "ECJPAKE: working, TLS" \
+            "$P_SRV debug_level=3 ecjpake_pw=bla" \
+            "$P_CLI debug_level=3 ecjpake_pw=bla \
+             force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
+            1 \
+            -c "add ciphersuite: c0ff" \
+            -c "adding ecjpake_kkpp extension" \
+            -s "found ecjpake kkpp extension" \
+            -S "skip ecjpake kkpp extension" \
+            -S "ciphersuite mismatch: ecjpake not configured" \
+            -S "None of the common ciphersuites is usable"
+
 # Tests for ciphersuites per version

 run_test    "Per-version suites: SSL3" \