commit 824eb0c6ade808c4501e62fbcf0025f4e694cd11
author yuezonghe <zh.yue@mobiletek.cn> Thu Jun 27 02:32:26 2024 -0700
committer yuezonghe <zh.yue@mobiletek.cn> Thu Jun 27 02:44:13 2024 -0700
tree 13cee949649ece72b1c31aba2eea600eea6614d6
parent 703a1d3d22068e43b7bb3d63b3020b975fee9c3f

zte's code,first commit

Change-Id: I9a04da59e459a9bc0d67f101f700d9d7dc8d681b

ap/lib/libssl/openssl-1.1.1o/test/recipes/70-test_sslcertstatus.t

diff --git a/ap/lib/libssl/openssl-1.1.1o/test/recipes/70-test_sslcertstatus.t b/ap/lib/libssl/openssl-1.1.1o/test/recipes/70-test_sslcertstatus.t
new file mode 100644
index 0000000..6fd89fe
--- /dev/null
+++ b/ap/lib/libssl/openssl-1.1.1o/test/recipes/70-test_sslcertstatus.t
@@ -0,0 +1,67 @@
+#! /usr/bin/env perl
+# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/;
+use OpenSSL::Test::Utils;
+use TLSProxy::Proxy;
+
+my $test_name = "test_sslcertstatus";
+setup($test_name);
+
+plan skip_all => "TLSProxy isn't usable on $^O"
+    if $^O =~ /^(VMS)$/;
+
+plan skip_all => "$test_name needs the dynamic engine feature enabled"
+    if disabled("engine") || disabled("dynamic-engine");
+
+plan skip_all => "$test_name needs the sock feature enabled"
+    if disabled("sock");
+
+plan skip_all => "$test_name needs the ocsp feature enabled"
+    if disabled("ocsp");
+
+plan skip_all => "$test_name needs TLS enabled"
+    if alldisabled(available_protocols("tls"))
+       || (!disabled("tls1_3") && disabled("tls1_2"));
+
+$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
+my $proxy = TLSProxy::Proxy->new(
+    \&certstatus_filter,
+    cmdstr(app(["openssl"]), display => 1),
+    srctop_file("apps", "server.pem"),
+    (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
+);
+
+#Test 1: Sending a status_request extension in both ClientHello and
+#ServerHello but then omitting the CertificateStatus message is valid
+$proxy->clientflags("-status -no_tls1_3");
+$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
+plan tests => 1;
+ok(TLSProxy::Message->success, "Missing CertificateStatus message");
+
+sub certstatus_filter
+{
+    my $proxy = shift;
+
+    # We're only interested in the initial ServerHello
+    if ($proxy->flight != 1) {
+        return;
+    }
+
+    foreach my $message (@{$proxy->message_list}) {
+        if ($message->mt == TLSProxy::Message::MT_SERVER_HELLO) {
+            #Add the status_request to the ServerHello even though we are not
+            #going to send a CertificateStatus message
+            $message->set_extension(TLSProxy::Message::EXT_STATUS_REQUEST,
+                                    "");
+
+            $message->repack();
+        }
+    }
+}