ssl-opt.sh: Improve DTLS reassembly tests

Improve DTLS reassembly tests with OpenSSL and GnuTLS server. Check that some messages have been reassembled. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2026-03-20 19:21:09 +01:00 · 2026-02-03 11:18:20 +01:00
parent cad9c8ae71
commit addf640a3b
1 changed files with 13 additions and 0 deletions
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -9914,6 +9914,7 @@ run_test    "DTLS reassembly: some fragmentation (gnutls server)" \
            "$P_CLI dtls=1 debug_level=2" \
            0 \
            -c "found fragmented DTLS handshake message" \
+            -c "Certificate handshake message has been buffered and reassembled" \
            -C "error"

 requires_gnutls
@@ -9923,6 +9924,8 @@ run_test    "DTLS reassembly: more fragmentation (gnutls server)" \
            "$P_CLI dtls=1 debug_level=2" \
            0 \
            -c "found fragmented DTLS handshake message" \
+            -c "Certificate handshake message has been buffered and reassembled" \
+            -c "ServerKeyExchange handshake message has been buffered and reassembled" \
            -C "error"

 requires_gnutls
@@ -9932,6 +9935,8 @@ run_test    "DTLS reassembly: more fragmentation, nbio (gnutls server)" \
            "$P_CLI dtls=1 nbio=2 debug_level=2" \
            0 \
            -c "found fragmented DTLS handshake message" \
+            -c "Certificate handshake message has been buffered and reassembled" \
+            -c "ServerKeyExchange handshake message has been buffered and reassembled" \
            -C "error"

 requires_gnutls
@@ -9942,6 +9947,7 @@ run_test    "DTLS reassembly: fragmentation, renego (gnutls server)" \
            "$P_CLI debug_level=3 dtls=1 renegotiation=1 renegotiate=1" \
            0 \
            -c "found fragmented DTLS handshake message" \
+            -c "Certificate handshake message has been buffered and reassembled" \
            -c "client hello, adding renegotiation extension" \
            -c "found renegotiation extension" \
            -c "=> renegotiate" \
@@ -9957,6 +9963,7 @@ run_test    "DTLS reassembly: fragmentation, nbio, renego (gnutls server)" \
            "$P_CLI debug_level=3 nbio=2 dtls=1 renegotiation=1 renegotiate=1" \
            0 \
            -c "found fragmented DTLS handshake message" \
+            -c "Certificate handshake message has been buffered and reassembled" \
            -c "client hello, adding renegotiation extension" \
            -c "found renegotiation extension" \
            -c "=> renegotiate" \
@@ -9972,12 +9979,17 @@ run_test    "DTLS reassembly: no fragmentation (openssl server)" \
            -C "found fragmented DTLS handshake message" \
            -C "error"

+# Minimum possible MTU for OpenSSL server: 256 bytes.
+# We expect the server Certificate handshake to be fragmented and verify that
+# this is the case. Depending on the configuration, other handshake messages may
+# also be fragmented.
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 run_test    "DTLS reassembly: fragmentation (openssl server)" \
            "$O_SRV -dtls -mtu 256" \
            "$P_CLI dtls=1 debug_level=2" \
            0 \
            -c "found fragmented DTLS handshake message" \
+            -c "Certificate handshake message has been buffered and reassembled" \
            -C "error"

 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
@@ -9986,6 +9998,7 @@ run_test    "DTLS reassembly: fragmentation, nbio (openssl server)" \
            "$P_CLI dtls=1 nbio=2 debug_level=2" \
            0 \
            -c "found fragmented DTLS handshake message" \
+            -c "Certificate handshake message has been buffered and reassembled" \
            -C "error"

 # Tests for sending fragmented handshake messages with DTLS