Add one more TLS 1.3 testcase and update NEWS

2025-10-15 04:58:21 +00:00 · 2020-12-15 16:57:26 +00:00 · 2020-12-15 16:57:26 +00:00 · 22ed75c3ce
commit 22ed75c3ce
parent 3c95c9a956
5 changed files with 74 additions and 1 deletions
--- a/testing/btest/Baseline/scripts.base.protocols.ssl.tls13_encrypted_handshake_events/.stdout
+++ b/testing/btest/Baseline/scripts.base.protocols.ssl.tls13_encrypted_handshake_events/.stdout
@ -0,0 +1,13 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+Probable handshake, F, 23
+encrypted, [orig_h=192.168.186.133, orig_p=43056/tcp, resp_h=192.168.186.134, resp_p=9090/tcp], F, TLSv12, 23
+Probable handshake, F, 716
+encrypted, [orig_h=192.168.186.133, orig_p=43056/tcp, resp_h=192.168.186.134, resp_p=9090/tcp], F, TLSv12, 23
+Probable handshake, F, 281
+encrypted, [orig_h=192.168.186.133, orig_p=43056/tcp, resp_h=192.168.186.134, resp_p=9090/tcp], F, TLSv12, 23
+Probable handshake, F, 69
+encrypted, [orig_h=192.168.186.133, orig_p=43056/tcp, resp_h=192.168.186.134, resp_p=9090/tcp], F, TLSv12, 23
+Probable handshake, T, 69
+Established!
+encrypted, [orig_h=192.168.186.133, orig_p=43056/tcp, resp_h=192.168.186.134, resp_p=9090/tcp], T, TLSv12, 23
+encrypted, [orig_h=192.168.186.133, orig_p=43056/tcp, resp_h=192.168.186.134, resp_p=9090/tcp], T, TLSv12, 23
--- a/testing/btest/Baseline/scripts.base.protocols.ssl.tls13_encrypted_handshake_events/ssl.log
+++ b/testing/btest/Baseline/scripts.base.protocols.ssl.tls13_encrypted_handshake_events/ssl.log
@ -0,0 +1,11 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	ssl
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	curve	server_name	resumed	last_alert	next_protocol	established	cert_chain_fuids	client_cert_chain_fuids	subject	issuer	client_subject	client_issuer
+#types	time	string	addr	port	addr	port	string	string	string	string	bool	string	string	bool	vector[string]	vector[string]	string	string	string	string
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.186.133	43056	192.168.186.134	9090	TLSv13	TLS_AES_256_GCM_SHA384	secp256r1	-	F	-	-	T	-	-	-	-	-	-
+#close XXXX-XX-XX-XX-XX-XX
--- a/testing/btest/Traces/tls/tls13_wolfssl.pcap
+++ b/testing/btest/Traces/tls/tls13_wolfssl.pcap
--- a/testing/btest/scripts/base/protocols/ssl/tls13_encrypted_handshake_events.test
+++ b/testing/btest/scripts/base/protocols/ssl/tls13_encrypted_handshake_events.test
@ -0,0 +1,22 @@
+# @TEST-EXEC: zeek -b -C -r $TRACES/tls/tls13_wolfssl.pcap %INPUT
+# @TEST-EXEC: btest-diff ssl.log
+# @TEST-EXEC: btest-diff .stdout
+
+@load base/protocols/ssl
+
+redef SSL::disable_analyzer_after_detection=F;
+
+event ssl_encrypted_data(c: connection, is_orig: bool, record_version: count, content_type: count, length: count)
+	{
+	print "encrypted", c$id, is_orig, SSL::version_strings[record_version], content_type;
+	}
+
+event ssl_established(c: connection)
+	{
+	print "Established!";
+	}
+
+event ssl_probable_encrypted_handshake_message(c: connection, is_orig: bool, length: count)
+	{
+	print "Probable handshake", is_orig, length;
+	}