mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-01 22:14:24 +01:00
Add DTLS cookies test to ssl-opt.sh
This commit is contained in:
parent
26820e3061
commit
0eb6cab979
109
tests/ssl-opt.sh
109
tests/ssl-opt.sh
@ -6,7 +6,7 @@
|
|||||||
# rather specific options (max fragment length, truncated hmac, etc)
|
# rather specific options (max fragment length, truncated hmac, etc)
|
||||||
# or procedures (session resumption from cache or ticket, renego, etc).
|
# or procedures (session resumption from cache or ticket, renego, etc).
|
||||||
#
|
#
|
||||||
# Assumes all options are compiled in.
|
# Assumes a build with default options.
|
||||||
|
|
||||||
set -u
|
set -u
|
||||||
|
|
||||||
@ -75,6 +75,7 @@ requires_openssl_with_sslv2() {
|
|||||||
OPENSSL_HAS_SSL2="NO"
|
OPENSSL_HAS_SSL2="NO"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$OPENSSL_HAS_SSL2" = "NO" ]; then
|
if [ "$OPENSSL_HAS_SSL2" = "NO" ]; then
|
||||||
SKIP_NEXT="YES"
|
SKIP_NEXT="YES"
|
||||||
fi
|
fi
|
||||||
@ -94,6 +95,26 @@ requires_gnutls() {
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# skip next test if IPv6 isn't available on this host
|
||||||
|
requires_ipv6() {
|
||||||
|
if [ -z "${HAS_IPV6:-}" ]; then
|
||||||
|
$P_SRV server_addr='::1' > $SRV_OUT 2>&1 &
|
||||||
|
SRV_PID=$!
|
||||||
|
sleep 1
|
||||||
|
kill $SRV_PID >/dev/null 2>&1
|
||||||
|
if grep "NET - Binding of the socket failed" $SRV_OUT >/dev/null; then
|
||||||
|
HAS_IPV6="NO"
|
||||||
|
else
|
||||||
|
HAS_IPV6="YES"
|
||||||
|
fi
|
||||||
|
rm -r $SRV_OUT
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$HAS_IPV6" = "NO" ]; then
|
||||||
|
SKIP_NEXT="YES"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
# print_name <name>
|
# print_name <name>
|
||||||
print_name() {
|
print_name() {
|
||||||
echo -n "$1 "
|
echo -n "$1 "
|
||||||
@ -148,7 +169,11 @@ wait_server_start() {
|
|||||||
WATCHDOG_PID=$!
|
WATCHDOG_PID=$!
|
||||||
|
|
||||||
# make a tight loop, server usually takes less than 1 sec to start
|
# make a tight loop, server usually takes less than 1 sec to start
|
||||||
|
if [ "$DTLS" -eq 1 ]; then
|
||||||
|
until lsof -nbi UDP:"$PORT" | grep UDP >/dev/null; do :; done
|
||||||
|
else
|
||||||
until lsof -nbi TCP:"$PORT" | grep LISTEN >/dev/null; do :; done
|
until lsof -nbi TCP:"$PORT" | grep LISTEN >/dev/null; do :; done
|
||||||
|
fi
|
||||||
|
|
||||||
kill $WATCHDOG_PID
|
kill $WATCHDOG_PID
|
||||||
wait $WATCHDOG_PID
|
wait $WATCHDOG_PID
|
||||||
@ -174,6 +199,15 @@ wait_client_done() {
|
|||||||
echo "EXIT: $CLI_EXIT" >> $CLI_OUT
|
echo "EXIT: $CLI_EXIT" >> $CLI_OUT
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# check if the given command uses dtls and sets global variable DTLS
|
||||||
|
detect_dtls() {
|
||||||
|
if echo "$1" | grep ' dtls=1 \| -dtls1\| -u ' >/dev/null; then
|
||||||
|
DTLS=1
|
||||||
|
else
|
||||||
|
DTLS=0
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
# Usage: run_test name srv_cmd cli_cmd cli_exit [option [...]]
|
# Usage: run_test name srv_cmd cli_cmd cli_exit [option [...]]
|
||||||
# Options: -s pattern pattern that must be present in server output
|
# Options: -s pattern pattern that must be present in server output
|
||||||
# -c pattern pattern that must be present in client output
|
# -c pattern pattern that must be present in client output
|
||||||
@ -201,6 +235,9 @@ run_test() {
|
|||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# update DTLS variable
|
||||||
|
detect_dtls "$SRV_CMD"
|
||||||
|
|
||||||
# prepend valgrind to our commands if active
|
# prepend valgrind to our commands if active
|
||||||
if [ "$MEMCHECK" -gt 0 ]; then
|
if [ "$MEMCHECK" -gt 0 ]; then
|
||||||
if is_polar "$SRV_CMD"; then
|
if is_polar "$SRV_CMD"; then
|
||||||
@ -358,9 +395,9 @@ fi
|
|||||||
PORT="0000$$"
|
PORT="0000$$"
|
||||||
PORT="1$(echo $PORT | tail -c 5)"
|
PORT="1$(echo $PORT | tail -c 5)"
|
||||||
|
|
||||||
# fix commands to use this port
|
# fix commands to use this port, force IPv4 while at it
|
||||||
P_SRV="$P_SRV server_port=$PORT"
|
P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$PORT"
|
||||||
P_CLI="$P_CLI server_port=$PORT"
|
P_CLI="$P_CLI server_addr=127.0.0.1 server_port=$PORT"
|
||||||
O_SRV="$O_SRV -accept $PORT"
|
O_SRV="$O_SRV -accept $PORT"
|
||||||
O_CLI="$O_CLI -connect localhost:$PORT"
|
O_CLI="$O_CLI -connect localhost:$PORT"
|
||||||
G_SRV="$G_SRV -p $PORT"
|
G_SRV="$G_SRV -p $PORT"
|
||||||
@ -958,43 +995,39 @@ run_test "Authentication: client no cert, ssl3" \
|
|||||||
# tests for SNI
|
# tests for SNI
|
||||||
|
|
||||||
run_test "SNI: no SNI callback" \
|
run_test "SNI: no SNI callback" \
|
||||||
"$P_SRV debug_level=3 server_addr=127.0.0.1 \
|
"$P_SRV debug_level=3 \
|
||||||
crt_file=data_files/server5.crt key_file=data_files/server5.key" \
|
crt_file=data_files/server5.crt key_file=data_files/server5.key" \
|
||||||
"$P_CLI debug_level=0 server_addr=127.0.0.1 \
|
"$P_CLI server_name=localhost" \
|
||||||
server_name=localhost" \
|
|
||||||
0 \
|
0 \
|
||||||
-S "parse ServerName extension" \
|
-S "parse ServerName extension" \
|
||||||
-c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \
|
-c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \
|
||||||
-c "subject name *: C=NL, O=PolarSSL, CN=localhost"
|
-c "subject name *: C=NL, O=PolarSSL, CN=localhost"
|
||||||
|
|
||||||
run_test "SNI: matching cert 1" \
|
run_test "SNI: matching cert 1" \
|
||||||
"$P_SRV debug_level=3 server_addr=127.0.0.1 \
|
"$P_SRV debug_level=3 \
|
||||||
crt_file=data_files/server5.crt key_file=data_files/server5.key \
|
crt_file=data_files/server5.crt key_file=data_files/server5.key \
|
||||||
sni=localhost,data_files/server2.crt,data_files/server2.key,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key" \
|
sni=localhost,data_files/server2.crt,data_files/server2.key,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key" \
|
||||||
"$P_CLI debug_level=0 server_addr=127.0.0.1 \
|
"$P_CLI server_name=localhost" \
|
||||||
server_name=localhost" \
|
|
||||||
0 \
|
0 \
|
||||||
-s "parse ServerName extension" \
|
-s "parse ServerName extension" \
|
||||||
-c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
|
-c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
|
||||||
-c "subject name *: C=NL, O=PolarSSL, CN=localhost"
|
-c "subject name *: C=NL, O=PolarSSL, CN=localhost"
|
||||||
|
|
||||||
run_test "SNI: matching cert 2" \
|
run_test "SNI: matching cert 2" \
|
||||||
"$P_SRV debug_level=3 server_addr=127.0.0.1 \
|
"$P_SRV debug_level=3 \
|
||||||
crt_file=data_files/server5.crt key_file=data_files/server5.key \
|
crt_file=data_files/server5.crt key_file=data_files/server5.key \
|
||||||
sni=localhost,data_files/server2.crt,data_files/server2.key,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key" \
|
sni=localhost,data_files/server2.crt,data_files/server2.key,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key" \
|
||||||
"$P_CLI debug_level=0 server_addr=127.0.0.1 \
|
"$P_CLI server_name=polarssl.example" \
|
||||||
server_name=polarssl.example" \
|
|
||||||
0 \
|
0 \
|
||||||
-s "parse ServerName extension" \
|
-s "parse ServerName extension" \
|
||||||
-c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
|
-c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
|
||||||
-c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example"
|
-c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example"
|
||||||
|
|
||||||
run_test "SNI: no matching cert" \
|
run_test "SNI: no matching cert" \
|
||||||
"$P_SRV debug_level=3 server_addr=127.0.0.1 \
|
"$P_SRV debug_level=3 \
|
||||||
crt_file=data_files/server5.crt key_file=data_files/server5.key \
|
crt_file=data_files/server5.crt key_file=data_files/server5.key \
|
||||||
sni=localhost,data_files/server2.crt,data_files/server2.key,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key" \
|
sni=localhost,data_files/server2.crt,data_files/server2.key,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key" \
|
||||||
"$P_CLI debug_level=0 server_addr=127.0.0.1 \
|
"$P_CLI server_name=nonesuch.example" \
|
||||||
server_name=nonesuch.example" \
|
|
||||||
1 \
|
1 \
|
||||||
-s "parse ServerName extension" \
|
-s "parse ServerName extension" \
|
||||||
-s "ssl_sni_wrapper() returned" \
|
-s "ssl_sni_wrapper() returned" \
|
||||||
@ -1843,6 +1876,50 @@ run_test "Large packet TLS 1.2 AEAD shorter tag" \
|
|||||||
0 \
|
0 \
|
||||||
-s "Read from client: 16384 bytes read"
|
-s "Read from client: 16384 bytes read"
|
||||||
|
|
||||||
|
# Tests for DTLS HelloVerifyRequest
|
||||||
|
|
||||||
|
run_test "DTLS cookie: enabled" \
|
||||||
|
"$P_SRV dtls=1 debug_level=2" \
|
||||||
|
"$P_CLI dtls=1 debug_level=2" \
|
||||||
|
0 \
|
||||||
|
-s "cookie verification failed" \
|
||||||
|
-s "cookie verification passed" \
|
||||||
|
-S "cookie verification skipped" \
|
||||||
|
-c "received hello verify request" \
|
||||||
|
-S "SSL - The requested feature is not available"
|
||||||
|
|
||||||
|
run_test "DTLS cookie: disabled" \
|
||||||
|
"$P_SRV dtls=1 debug_level=2 cookies=0" \
|
||||||
|
"$P_CLI dtls=1 debug_level=2" \
|
||||||
|
0 \
|
||||||
|
-S "cookie verification failed" \
|
||||||
|
-S "cookie verification passed" \
|
||||||
|
-s "cookie verification skipped" \
|
||||||
|
-C "received hello verify request" \
|
||||||
|
-S "SSL - The requested feature is not available"
|
||||||
|
|
||||||
|
# wait for client having a timeout, or server sending an alert
|
||||||
|
#run_test "DTLS cookie: default (failing)" \
|
||||||
|
# "$P_SRV dtls=1 debug_level=2 cookies=-1" \
|
||||||
|
# "$P_CLI dtls=1 debug_level=2" \
|
||||||
|
# 0 \
|
||||||
|
# -S "cookie verification failed" \
|
||||||
|
# -S "cookie verification passed" \
|
||||||
|
# -S "cookie verification skipped" \
|
||||||
|
# -C "received hello verify request" \
|
||||||
|
# -s "SSL - The requested feature is not available"
|
||||||
|
|
||||||
|
requires_ipv6
|
||||||
|
run_test "DTLS cookie: enabled, IPv6" \
|
||||||
|
"$P_SRV dtls=1 debug_level=2 server_addr=::1" \
|
||||||
|
"$P_CLI dtls=1 debug_level=2 server_addr=::1" \
|
||||||
|
0 \
|
||||||
|
-s "cookie verification failed" \
|
||||||
|
-s "cookie verification passed" \
|
||||||
|
-S "cookie verification skipped" \
|
||||||
|
-c "received hello verify request" \
|
||||||
|
-S "SSL - The requested feature is not available"
|
||||||
|
|
||||||
# Final report
|
# Final report
|
||||||
|
|
||||||
echo "------------------------------------------------------------------------"
|
echo "------------------------------------------------------------------------"
|
||||||
|
Loading…
Reference in New Issue
Block a user