mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 01:55:52 +01:00
Merge branch 'datagram_packing' into message_reordering
This commit is contained in:
commit
903ee3d363
@ -3,6 +3,10 @@ mbed TLS ChangeLog (Sorted per branch, date)
|
|||||||
= mbed TLS x.x.x branch released xxxx-xx-xx
|
= mbed TLS x.x.x branch released xxxx-xx-xx
|
||||||
|
|
||||||
Features
|
Features
|
||||||
|
* Add support for fragmentation of outgoing DTLS handshake messages. This
|
||||||
|
is controlled by the maximum fragment length as set locally or negotiated
|
||||||
|
with the peer, as well as new per-connection MTU option, set using
|
||||||
|
mbedtls_ssl_set_mtu().
|
||||||
* Add support for fragmentation of outoing DTLS handshake messages.
|
* Add support for fragmentation of outoing DTLS handshake messages.
|
||||||
* Add support for packing multiple records within a single datagram,
|
* Add support for packing multiple records within a single datagram,
|
||||||
enabled by default.
|
enabled by default.
|
||||||
|
@ -963,10 +963,6 @@ struct mbedtls_ssl_config
|
|||||||
unsigned int dhm_min_bitlen; /*!< min. bit length of the DHM prime */
|
unsigned int dhm_min_bitlen; /*!< min. bit length of the DHM prime */
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
|
||||||
uint16_t mtu; /*!< path mtu, used to fragment outoing messages */
|
|
||||||
#endif
|
|
||||||
|
|
||||||
unsigned char max_major_ver; /*!< max. major version used */
|
unsigned char max_major_ver; /*!< max. major version used */
|
||||||
unsigned char max_minor_ver; /*!< max. minor version used */
|
unsigned char max_minor_ver; /*!< max. minor version used */
|
||||||
unsigned char min_major_ver; /*!< min. major version used */
|
unsigned char min_major_ver; /*!< min. major version used */
|
||||||
@ -1128,6 +1124,10 @@ struct mbedtls_ssl_context
|
|||||||
|
|
||||||
unsigned char cur_out_ctr[8]; /*!< Outgoing record sequence number. */
|
unsigned char cur_out_ctr[8]; /*!< Outgoing record sequence number. */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
|
uint16_t mtu; /*!< path mtu, used to fragment outgoing messages */
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_ZLIB_SUPPORT)
|
#if defined(MBEDTLS_ZLIB_SUPPORT)
|
||||||
unsigned char *compress_buf; /*!< zlib data buffer */
|
unsigned char *compress_buf; /*!< zlib data buffer */
|
||||||
#endif
|
#endif
|
||||||
@ -1390,6 +1390,46 @@ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
|
|||||||
mbedtls_ssl_recv_t *f_recv,
|
mbedtls_ssl_recv_t *f_recv,
|
||||||
mbedtls_ssl_recv_timeout_t *f_recv_timeout );
|
mbedtls_ssl_recv_timeout_t *f_recv_timeout );
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
|
/**
|
||||||
|
* \brief Set the Maximum Tranport Unit (MTU).
|
||||||
|
* Special value: 0 means unset (no limit).
|
||||||
|
* This represents the maximum size of a datagram payload
|
||||||
|
* handled by the transport layer (usually UDP) as determined
|
||||||
|
* by the network link and stack. In practice, this controls
|
||||||
|
* the maximum size datagram the DTLS layer will pass to the
|
||||||
|
* \c f_send() callback set using \c mbedtls_ssl_set_bio().
|
||||||
|
*
|
||||||
|
* \note This can be called at any point during the connection, for
|
||||||
|
* example when a PMTU estimate becomes available from other
|
||||||
|
* sources, such as lower (or higher) protocol layers.
|
||||||
|
*
|
||||||
|
* \note This only controls the size of the packets we send.
|
||||||
|
* Client-side, you can request the server to use smaller
|
||||||
|
* records with \c mbedtls_ssl_conf_max_frag_len().
|
||||||
|
*
|
||||||
|
* \note If both a MTU and a maximum fragment length have been
|
||||||
|
* configured (or negotiated with the peer), the resulting
|
||||||
|
* lower limit (after translating the MTU setting to a limit
|
||||||
|
* on the record content length) is used.
|
||||||
|
*
|
||||||
|
* \note This can only be used to decrease the maximum size
|
||||||
|
* of datagrams sent. It cannot be used to increase the
|
||||||
|
* maximum size of records over the limit set by
|
||||||
|
* #MBEDTLS_SSL_OUT_CONTENT_LEN.
|
||||||
|
*
|
||||||
|
* \note Values lower than the current record layer expansion will
|
||||||
|
* result in an error when trying to send data.
|
||||||
|
*
|
||||||
|
* \note Using record compression together with a non-zero MTU value
|
||||||
|
* will result in an error when trying to send data.
|
||||||
|
*
|
||||||
|
* \param ssl SSL context
|
||||||
|
* \param mtu Value of the path MTU in bytes
|
||||||
|
*/
|
||||||
|
void mbedtls_ssl_set_mtu( mbedtls_ssl_context *ssl, uint16_t mtu );
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Set the timeout period for mbedtls_ssl_read()
|
* \brief Set the timeout period for mbedtls_ssl_read()
|
||||||
* (Default: no timeout.)
|
* (Default: no timeout.)
|
||||||
@ -2471,35 +2511,6 @@ void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
|
|||||||
char cert_req_ca_list );
|
char cert_req_ca_list );
|
||||||
#endif /* MBEDTLS_SSL_SRV_C */
|
#endif /* MBEDTLS_SSL_SRV_C */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
|
||||||
/**
|
|
||||||
* \brief Set the Maximum Tranport Unit (MTU).
|
|
||||||
* Special value: 0 means unset (no limit).
|
|
||||||
* This represents the maximum size of a datagram payload
|
|
||||||
* handled by the transport layer (usually UDP) as determined
|
|
||||||
* by the network link and stack. In practice, this controls
|
|
||||||
* the maximum size datagram the DTLS layer will pass to the
|
|
||||||
* \c f_send() callback set using \c mbedtls_ssl_set_bio().
|
|
||||||
*
|
|
||||||
* \note This only controls the size of the packet we send.
|
|
||||||
* Client-side, you can request the server to use smaller
|
|
||||||
* records with \c mbedtls_conf_max_frag_len().
|
|
||||||
*
|
|
||||||
* \note If both a MTU and a maximum fragment length have been
|
|
||||||
* configured (or negotiated with the peer), the lower limit
|
|
||||||
* is used.
|
|
||||||
*
|
|
||||||
* \note Values larger than \c MBEDTLS_SSL_OUT_CONTENT_LEN have no
|
|
||||||
* effect. This can only be used to decrease the maximum size
|
|
||||||
* of datagrams sent. Values lower than record layer expansion
|
|
||||||
* are ignored.
|
|
||||||
*
|
|
||||||
* \param conf SSL configuration
|
|
||||||
* \param mtu Value of the path MTU in bytes
|
|
||||||
*/
|
|
||||||
void mbedtls_ssl_conf_mtu( mbedtls_ssl_config *conf, uint16_t mtu );
|
|
||||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||||
/**
|
/**
|
||||||
* \brief Set the maximum fragment length to emit and/or negotiate
|
* \brief Set the maximum fragment length to emit and/or negotiate
|
||||||
@ -2520,7 +2531,7 @@ void mbedtls_ssl_conf_mtu( mbedtls_ssl_config *conf, uint16_t mtu );
|
|||||||
*
|
*
|
||||||
* \note For DTLS, it is also possible to set a limit for the total
|
* \note For DTLS, it is also possible to set a limit for the total
|
||||||
* size of daragrams passed to the transport layer, including
|
* size of daragrams passed to the transport layer, including
|
||||||
* record overhead, see \c mbedtls_ssl_conf_mtu().
|
* record overhead, see \c mbedtls_ssl_set_mtu().
|
||||||
*
|
*
|
||||||
* \param conf SSL configuration
|
* \param conf SSL configuration
|
||||||
* \param mfl_code Code for maximum fragment length (allowed values:
|
* \param mfl_code Code for maximum fragment length (allowed values:
|
||||||
@ -2828,7 +2839,7 @@ size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl );
|
|||||||
* \note This function is not available (always returns an error)
|
* \note This function is not available (always returns an error)
|
||||||
* when record compression is enabled.
|
* when record compression is enabled.
|
||||||
*
|
*
|
||||||
* \sa mbedtls_ssl_conf_mtu()
|
* \sa mbedtls_ssl_set_mtu()
|
||||||
* \sa mbedtls_ssl_get_max_frag_len()
|
* \sa mbedtls_ssl_get_max_frag_len()
|
||||||
* \sa mbedtls_ssl_get_record_expansion()
|
* \sa mbedtls_ssl_get_record_expansion()
|
||||||
*
|
*
|
||||||
|
@ -111,7 +111,7 @@ static void ssl_update_in_pointers( mbedtls_ssl_context *ssl,
|
|||||||
|
|
||||||
static uint16_t ssl_get_maximum_datagram_size( mbedtls_ssl_context const *ssl )
|
static uint16_t ssl_get_maximum_datagram_size( mbedtls_ssl_context const *ssl )
|
||||||
{
|
{
|
||||||
uint16_t mtu = ssl->conf->mtu;
|
uint16_t mtu = ssl->mtu;
|
||||||
|
|
||||||
if( mtu != 0 && mtu < MBEDTLS_SSL_OUT_BUFFER_LEN )
|
if( mtu != 0 && mtu < MBEDTLS_SSL_OUT_BUFFER_LEN )
|
||||||
return( (int) mtu );
|
return( (int) mtu );
|
||||||
@ -3132,7 +3132,7 @@ void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl )
|
|||||||
* - ssl->out_msg[0]: the handshake type (ClientHello, ServerHello, etc)
|
* - ssl->out_msg[0]: the handshake type (ClientHello, ServerHello, etc)
|
||||||
* - ssl->out_msg + 4: the handshake message body
|
* - ssl->out_msg + 4: the handshake message body
|
||||||
*
|
*
|
||||||
* Ouputs, ie state before passing to flight_append() or write_record():
|
* Outputs, ie state before passing to flight_append() or write_record():
|
||||||
* - ssl->out_msglen: the length of the record contents
|
* - ssl->out_msglen: the length of the record contents
|
||||||
* (including handshake headers but excluding record headers)
|
* (including handshake headers but excluding record headers)
|
||||||
* - ssl->out_msg: the record contents (handshake headers + content)
|
* - ssl->out_msg: the record contents (handshake headers + content)
|
||||||
@ -3393,14 +3393,24 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
|
|||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||||
|
flush == SSL_DONT_FORCE_FLUSH )
|
||||||
{
|
{
|
||||||
size_t remaining = ssl_get_remaining_payload_in_datagram( ssl );
|
size_t remaining;
|
||||||
|
ret = ssl_get_remaining_payload_in_datagram( ssl );
|
||||||
|
if( ret < 0 )
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_get_remaining_payload_in_datagram",
|
||||||
|
ret );
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
remaining = (size_t) ret;
|
||||||
if( remaining == 0 )
|
if( remaining == 0 )
|
||||||
flush = SSL_FORCE_FLUSH;
|
flush = SSL_FORCE_FLUSH;
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Stil %u bytes available in current datagram", (unsigned) remaining ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Still %u bytes available in current datagram", (unsigned) remaining ) );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||||
@ -7004,6 +7014,13 @@ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
|
|||||||
ssl->f_recv_timeout = f_recv_timeout;
|
ssl->f_recv_timeout = f_recv_timeout;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
|
void mbedtls_ssl_set_mtu( mbedtls_ssl_context *ssl, uint16_t mtu )
|
||||||
|
{
|
||||||
|
ssl->mtu = mtu;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout )
|
void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout )
|
||||||
{
|
{
|
||||||
conf->read_timeout = timeout;
|
conf->read_timeout = timeout;
|
||||||
@ -7492,13 +7509,6 @@ void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config *conf, char arc4 )
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
|
||||||
void mbedtls_ssl_conf_mtu( mbedtls_ssl_config *conf, uint16_t mtu )
|
|
||||||
{
|
|
||||||
conf->mtu = mtu;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||||
int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code )
|
int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code )
|
||||||
{
|
{
|
||||||
@ -7751,7 +7761,6 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
|
|||||||
#if defined(MBEDTLS_ZLIB_SUPPORT)
|
#if defined(MBEDTLS_ZLIB_SUPPORT)
|
||||||
if( ssl->session_out->compression != MBEDTLS_SSL_COMPRESS_NULL )
|
if( ssl->session_out->compression != MBEDTLS_SSL_COMPRESS_NULL )
|
||||||
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||||
}
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
switch( mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ) )
|
switch( mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ) )
|
||||||
@ -7835,9 +7844,9 @@ int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl )
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->mtu != 0 )
|
if( ssl->mtu != 0 )
|
||||||
{
|
{
|
||||||
const size_t mtu = ssl->conf->mtu;
|
const size_t mtu = ssl->mtu;
|
||||||
const int ret = mbedtls_ssl_get_record_expansion( ssl );
|
const int ret = mbedtls_ssl_get_record_expansion( ssl );
|
||||||
const size_t overhead = (size_t) ret;
|
const size_t overhead = (size_t) ret;
|
||||||
|
|
||||||
|
@ -1353,9 +1353,6 @@ int main( int argc, char *argv[] )
|
|||||||
mbedtls_ssl_conf_handshake_timeout( &conf, opt.hs_to_min,
|
mbedtls_ssl_conf_handshake_timeout( &conf, opt.hs_to_min,
|
||||||
opt.hs_to_max );
|
opt.hs_to_max );
|
||||||
|
|
||||||
if( opt.dtls_mtu != DFL_DTLS_MTU )
|
|
||||||
mbedtls_ssl_conf_mtu( &conf, opt.dtls_mtu );
|
|
||||||
|
|
||||||
if( opt.dgram_packing != DFL_DGRAM_PACKING )
|
if( opt.dgram_packing != DFL_DGRAM_PACKING )
|
||||||
mbedtls_ssl_conf_datagram_packing( &ssl, opt.dgram_packing );
|
mbedtls_ssl_conf_datagram_packing( &ssl, opt.dgram_packing );
|
||||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||||
@ -1516,6 +1513,11 @@ int main( int argc, char *argv[] )
|
|||||||
mbedtls_net_send, mbedtls_net_recv,
|
mbedtls_net_send, mbedtls_net_recv,
|
||||||
opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL );
|
opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL );
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
|
if( opt.dtls_mtu != DFL_DTLS_MTU )
|
||||||
|
mbedtls_ssl_set_mtu( &ssl, opt.dtls_mtu );
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_TIMING_C)
|
#if defined(MBEDTLS_TIMING_C)
|
||||||
mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
|
mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
|
||||||
mbedtls_timing_get_delay );
|
mbedtls_timing_get_delay );
|
||||||
|
@ -2181,9 +2181,6 @@ int main( int argc, char *argv[] )
|
|||||||
if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
|
if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
|
||||||
mbedtls_ssl_conf_handshake_timeout( &conf, opt.hs_to_min, opt.hs_to_max );
|
mbedtls_ssl_conf_handshake_timeout( &conf, opt.hs_to_min, opt.hs_to_max );
|
||||||
|
|
||||||
if( opt.dtls_mtu != DFL_DTLS_MTU )
|
|
||||||
mbedtls_ssl_conf_mtu( &conf, opt.dtls_mtu );
|
|
||||||
|
|
||||||
if( opt.dgram_packing != DFL_DGRAM_PACKING )
|
if( opt.dgram_packing != DFL_DGRAM_PACKING )
|
||||||
mbedtls_ssl_conf_datagram_packing( &ssl, opt.dgram_packing );
|
mbedtls_ssl_conf_datagram_packing( &ssl, opt.dgram_packing );
|
||||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||||
@ -2196,7 +2193,6 @@ int main( int argc, char *argv[] )
|
|||||||
};
|
};
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
|
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
|
||||||
if( opt.trunc_hmac != DFL_TRUNC_HMAC )
|
if( opt.trunc_hmac != DFL_TRUNC_HMAC )
|
||||||
mbedtls_ssl_conf_truncated_hmac( &conf, opt.trunc_hmac );
|
mbedtls_ssl_conf_truncated_hmac( &conf, opt.trunc_hmac );
|
||||||
@ -2505,6 +2501,11 @@ int main( int argc, char *argv[] )
|
|||||||
mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv,
|
mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv,
|
||||||
opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL );
|
opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL );
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
|
if( opt.dtls_mtu != DFL_DTLS_MTU )
|
||||||
|
mbedtls_ssl_set_mtu( &ssl, opt.dtls_mtu );
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_TIMING_C)
|
#if defined(MBEDTLS_TIMING_C)
|
||||||
mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
|
mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
|
||||||
mbedtls_timing_get_delay );
|
mbedtls_timing_get_delay );
|
||||||
|
@ -682,6 +682,9 @@ run_test() {
|
|||||||
if [ "$PRESERVE_LOGS" -gt 0 ]; then
|
if [ "$PRESERVE_LOGS" -gt 0 ]; then
|
||||||
mv $SRV_OUT o-srv-${TESTS}.log
|
mv $SRV_OUT o-srv-${TESTS}.log
|
||||||
mv $CLI_OUT o-cli-${TESTS}.log
|
mv $CLI_OUT o-cli-${TESTS}.log
|
||||||
|
if [ -n "$PXY_CMD" ]; then
|
||||||
|
mv $PXY_OUT o-pxy-${TESTS}.log
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
rm -f $SRV_OUT $CLI_OUT $PXY_OUT
|
rm -f $SRV_OUT $CLI_OUT $PXY_OUT
|
||||||
@ -5126,6 +5129,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
|||||||
requires_config_enabled MBEDTLS_RSA_C
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
requires_config_enabled MBEDTLS_ECDSA_C
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
run_test "DTLS fragmenting: both (MTU)" \
|
run_test "DTLS fragmenting: both (MTU)" \
|
||||||
|
-p "$P_PXY mtu=512" \
|
||||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||||
crt_file=data_files/server7_int-ca.crt \
|
crt_file=data_files/server7_int-ca.crt \
|
||||||
key_file=data_files/server7.key \
|
key_file=data_files/server7.key \
|
||||||
@ -5167,6 +5171,9 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake" \
|
|||||||
# Since we don't support reading fragmented ClientHello yet,
|
# Since we don't support reading fragmented ClientHello yet,
|
||||||
# up the MTU to 1450 (larger than ClientHello with session ticket,
|
# up the MTU to 1450 (larger than ClientHello with session ticket,
|
||||||
# but still smaller than client's Certificate to ensure fragmentation).
|
# but still smaller than client's Certificate to ensure fragmentation).
|
||||||
|
#
|
||||||
|
# A resend on the client-side might happen if the server is
|
||||||
|
# slow to reset, therefore omitting '-C "resend"' below.
|
||||||
not_with_valgrind # spurious resend due to timeout
|
not_with_valgrind # spurious resend due to timeout
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
requires_config_enabled MBEDTLS_RSA_C
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
@ -5183,11 +5190,12 @@ run_test "DTLS fragmenting: proxy MTU, resumed handshake" \
|
|||||||
mtu=1450 reconnect=1" \
|
mtu=1450 reconnect=1" \
|
||||||
0 \
|
0 \
|
||||||
-S "resend" \
|
-S "resend" \
|
||||||
-C "resend" \
|
|
||||||
-s "found fragmented DTLS handshake message" \
|
-s "found fragmented DTLS handshake message" \
|
||||||
-c "found fragmented DTLS handshake message" \
|
-c "found fragmented DTLS handshake message" \
|
||||||
-C "error"
|
-C "error"
|
||||||
|
|
||||||
|
# A resend on the client-side might happen if the server is
|
||||||
|
# slow to reset, therefore omitting '-C "resend"' below.
|
||||||
not_with_valgrind # spurious resend due to timeout
|
not_with_valgrind # spurious resend due to timeout
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
requires_config_enabled MBEDTLS_RSA_C
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
@ -5211,11 +5219,12 @@ run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \
|
|||||||
mtu=512" \
|
mtu=512" \
|
||||||
0 \
|
0 \
|
||||||
-S "resend" \
|
-S "resend" \
|
||||||
-C "resend" \
|
|
||||||
-s "found fragmented DTLS handshake message" \
|
-s "found fragmented DTLS handshake message" \
|
||||||
-c "found fragmented DTLS handshake message" \
|
-c "found fragmented DTLS handshake message" \
|
||||||
-C "error"
|
-C "error"
|
||||||
|
|
||||||
|
# A resend on the client-side might happen if the server is
|
||||||
|
# slow to reset, therefore omitting '-C "resend"' below.
|
||||||
not_with_valgrind # spurious resend due to timeout
|
not_with_valgrind # spurious resend due to timeout
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
requires_config_enabled MBEDTLS_RSA_C
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
@ -5240,11 +5249,12 @@ run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \
|
|||||||
mtu=512" \
|
mtu=512" \
|
||||||
0 \
|
0 \
|
||||||
-S "resend" \
|
-S "resend" \
|
||||||
-C "resend" \
|
|
||||||
-s "found fragmented DTLS handshake message" \
|
-s "found fragmented DTLS handshake message" \
|
||||||
-c "found fragmented DTLS handshake message" \
|
-c "found fragmented DTLS handshake message" \
|
||||||
-C "error"
|
-C "error"
|
||||||
|
|
||||||
|
# A resend on the client-side might happen if the server is
|
||||||
|
# slow to reset, therefore omitting '-C "resend"' below.
|
||||||
not_with_valgrind # spurious resend due to timeout
|
not_with_valgrind # spurious resend due to timeout
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
requires_config_enabled MBEDTLS_RSA_C
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
@ -5269,11 +5279,12 @@ run_test "DTLS fragmenting: proxy MTU, AES-CCM renego" \
|
|||||||
mtu=512" \
|
mtu=512" \
|
||||||
0 \
|
0 \
|
||||||
-S "resend" \
|
-S "resend" \
|
||||||
-C "resend" \
|
|
||||||
-s "found fragmented DTLS handshake message" \
|
-s "found fragmented DTLS handshake message" \
|
||||||
-c "found fragmented DTLS handshake message" \
|
-c "found fragmented DTLS handshake message" \
|
||||||
-C "error"
|
-C "error"
|
||||||
|
|
||||||
|
# A resend on the client-side might happen if the server is
|
||||||
|
# slow to reset, therefore omitting '-C "resend"' below.
|
||||||
not_with_valgrind # spurious resend due to timeout
|
not_with_valgrind # spurious resend due to timeout
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
requires_config_enabled MBEDTLS_RSA_C
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
@ -5299,11 +5310,12 @@ run_test "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \
|
|||||||
mtu=512" \
|
mtu=512" \
|
||||||
0 \
|
0 \
|
||||||
-S "resend" \
|
-S "resend" \
|
||||||
-C "resend" \
|
|
||||||
-s "found fragmented DTLS handshake message" \
|
-s "found fragmented DTLS handshake message" \
|
||||||
-c "found fragmented DTLS handshake message" \
|
-c "found fragmented DTLS handshake message" \
|
||||||
-C "error"
|
-C "error"
|
||||||
|
|
||||||
|
# A resend on the client-side might happen if the server is
|
||||||
|
# slow to reset, therefore omitting '-C "resend"' below.
|
||||||
not_with_valgrind # spurious resend due to timeout
|
not_with_valgrind # spurious resend due to timeout
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
requires_config_enabled MBEDTLS_RSA_C
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
@ -5328,7 +5340,6 @@ run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \
|
|||||||
mtu=512" \
|
mtu=512" \
|
||||||
0 \
|
0 \
|
||||||
-S "resend" \
|
-S "resend" \
|
||||||
-C "resend" \
|
|
||||||
-s "found fragmented DTLS handshake message" \
|
-s "found fragmented DTLS handshake message" \
|
||||||
-c "found fragmented DTLS handshake message" \
|
-c "found fragmented DTLS handshake message" \
|
||||||
-C "error"
|
-C "error"
|
||||||
@ -5342,11 +5353,11 @@ run_test "DTLS fragmenting: proxy MTU + 3d" \
|
|||||||
"$P_SRV dgram_packing=0 dtls=1 debug_level=2 auth_mode=required \
|
"$P_SRV dgram_packing=0 dtls=1 debug_level=2 auth_mode=required \
|
||||||
crt_file=data_files/server7_int-ca.crt \
|
crt_file=data_files/server7_int-ca.crt \
|
||||||
key_file=data_files/server7.key \
|
key_file=data_files/server7.key \
|
||||||
mtu=512" \
|
hs_timeout=250-10000 mtu=512" \
|
||||||
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
|
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
|
||||||
crt_file=data_files/server8_int-ca2.crt \
|
crt_file=data_files/server8_int-ca2.crt \
|
||||||
key_file=data_files/server8.key \
|
key_file=data_files/server8.key \
|
||||||
mtu=512" \
|
hs_timeout=250-10000 mtu=512" \
|
||||||
0 \
|
0 \
|
||||||
-s "found fragmented DTLS handshake message" \
|
-s "found fragmented DTLS handshake message" \
|
||||||
-c "found fragmented DTLS handshake message" \
|
-c "found fragmented DTLS handshake message" \
|
||||||
@ -5356,6 +5367,7 @@ run_test "DTLS fragmenting: proxy MTU + 3d" \
|
|||||||
#
|
#
|
||||||
# here and below we just want to test that the we fragment in a way that
|
# here and below we just want to test that the we fragment in a way that
|
||||||
# pleases other implementations, so we don't need the peer to fragment
|
# pleases other implementations, so we don't need the peer to fragment
|
||||||
|
requires_gnutls
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
requires_config_enabled MBEDTLS_RSA_C
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
requires_config_enabled MBEDTLS_ECDSA_C
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
@ -5370,6 +5382,7 @@ run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \
|
|||||||
-c "fragmenting handshake message" \
|
-c "fragmenting handshake message" \
|
||||||
-C "error"
|
-C "error"
|
||||||
|
|
||||||
|
requires_gnutls
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
requires_config_enabled MBEDTLS_RSA_C
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
requires_config_enabled MBEDTLS_ECDSA_C
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
@ -5379,7 +5392,7 @@ run_test "DTLS fragmenting: gnutls server, DTLS 1.0" \
|
|||||||
"$P_CLI dtls=1 debug_level=2 \
|
"$P_CLI dtls=1 debug_level=2 \
|
||||||
crt_file=data_files/server8_int-ca2.crt \
|
crt_file=data_files/server8_int-ca2.crt \
|
||||||
key_file=data_files/server8.key \
|
key_file=data_files/server8.key \
|
||||||
mtu=512 force_version=dtls1_2" \
|
mtu=512 force_version=dtls1" \
|
||||||
0 \
|
0 \
|
||||||
-c "fragmenting handshake message" \
|
-c "fragmenting handshake message" \
|
||||||
-C "error"
|
-C "error"
|
||||||
@ -5477,14 +5490,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
|||||||
requires_config_enabled MBEDTLS_RSA_C
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
requires_config_enabled MBEDTLS_ECDSA_C
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
client_needs_more_time 2
|
client_needs_more_time 4
|
||||||
run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \
|
run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \
|
||||||
-p "$P_PXY drop=8 delay=8 duplicate=8" \
|
-p "$P_PXY drop=8 delay=8 duplicate=8" \
|
||||||
"$G_NEXT_SRV -u" \
|
"$G_NEXT_SRV -u" \
|
||||||
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
|
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
|
||||||
crt_file=data_files/server8_int-ca2.crt \
|
crt_file=data_files/server8_int-ca2.crt \
|
||||||
key_file=data_files/server8.key \
|
key_file=data_files/server8.key \
|
||||||
mtu=512 force_version=dtls1_2" \
|
hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
|
||||||
0 \
|
0 \
|
||||||
-c "fragmenting handshake message" \
|
-c "fragmenting handshake message" \
|
||||||
-C "error"
|
-C "error"
|
||||||
@ -5494,14 +5507,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
|||||||
requires_config_enabled MBEDTLS_RSA_C
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
requires_config_enabled MBEDTLS_ECDSA_C
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
||||||
client_needs_more_time 2
|
client_needs_more_time 4
|
||||||
run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \
|
run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \
|
||||||
-p "$P_PXY drop=8 delay=8 duplicate=8" \
|
-p "$P_PXY drop=8 delay=8 duplicate=8" \
|
||||||
"$G_NEXT_SRV -u" \
|
"$G_NEXT_SRV -u" \
|
||||||
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
|
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
|
||||||
crt_file=data_files/server8_int-ca2.crt \
|
crt_file=data_files/server8_int-ca2.crt \
|
||||||
key_file=data_files/server8.key \
|
key_file=data_files/server8.key \
|
||||||
mtu=512 force_version=dtls1_2" \
|
hs_timeout=250-60000 mtu=512 force_version=dtls1" \
|
||||||
0 \
|
0 \
|
||||||
-c "fragmenting handshake message" \
|
-c "fragmenting handshake message" \
|
||||||
-C "error"
|
-C "error"
|
||||||
@ -5518,13 +5531,13 @@ run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \
|
|||||||
## requires_config_enabled MBEDTLS_RSA_C
|
## requires_config_enabled MBEDTLS_RSA_C
|
||||||
## requires_config_enabled MBEDTLS_ECDSA_C
|
## requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
## requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
## requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
## client_needs_more_time 2
|
## client_needs_more_time 4
|
||||||
## run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \
|
## run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \
|
||||||
## -p "$P_PXY drop=8 delay=8 duplicate=8" \
|
## -p "$P_PXY drop=8 delay=8 duplicate=8" \
|
||||||
## "$P_SRV dtls=1 debug_level=2 server_addr=::1 \
|
## "$P_SRV dtls=1 debug_level=2 server_addr=::1 \
|
||||||
## crt_file=data_files/server7_int-ca.crt \
|
## crt_file=data_files/server7_int-ca.crt \
|
||||||
## key_file=data_files/server7.key \
|
## key_file=data_files/server7.key \
|
||||||
## mtu=512 force_version=dtls1_2" \
|
## hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
|
||||||
## "$G_CLI -u" \
|
## "$G_CLI -u" \
|
||||||
## 0 \
|
## 0 \
|
||||||
## -s "fragmenting handshake message"
|
## -s "fragmenting handshake message"
|
||||||
@ -5535,13 +5548,13 @@ run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \
|
|||||||
## requires_config_enabled MBEDTLS_RSA_C
|
## requires_config_enabled MBEDTLS_RSA_C
|
||||||
## requires_config_enabled MBEDTLS_ECDSA_C
|
## requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
## requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
## requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
||||||
## client_needs_more_time 2
|
## client_needs_more_time 4
|
||||||
## run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.0" \
|
## run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.0" \
|
||||||
## -p "$P_PXY drop=8 delay=8 duplicate=8" \
|
## -p "$P_PXY drop=8 delay=8 duplicate=8" \
|
||||||
## "$P_SRV dtls=1 debug_level=2 server_addr=::1 \
|
## "$P_SRV dtls=1 debug_level=2 server_addr=::1 \
|
||||||
## crt_file=data_files/server7_int-ca.crt \
|
## crt_file=data_files/server7_int-ca.crt \
|
||||||
## key_file=data_files/server7.key \
|
## key_file=data_files/server7.key \
|
||||||
## mtu=512 force_version=dtls1" \
|
## hs_timeout=250-60000 mtu=512 force_version=dtls1" \
|
||||||
## "$G_CLI -u" \
|
## "$G_CLI -u" \
|
||||||
## 0 \
|
## 0 \
|
||||||
## -s "fragmenting handshake message"
|
## -s "fragmenting handshake message"
|
||||||
@ -5558,14 +5571,14 @@ run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \
|
|||||||
## requires_config_enabled MBEDTLS_RSA_C
|
## requires_config_enabled MBEDTLS_RSA_C
|
||||||
## requires_config_enabled MBEDTLS_ECDSA_C
|
## requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
## requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
## requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
## client_needs_more_time 2
|
## client_needs_more_time 4
|
||||||
## run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \
|
## run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \
|
||||||
## -p "$P_PXY drop=8 delay=8 duplicate=8" \
|
## -p "$P_PXY drop=8 delay=8 duplicate=8" \
|
||||||
## "$O_SRV -dtls1_2 -verify 10" \
|
## "$O_SRV -dtls1_2 -verify 10" \
|
||||||
## "$P_CLI dtls=1 debug_level=2 \
|
## "$P_CLI dtls=1 debug_level=2 \
|
||||||
## crt_file=data_files/server8_int-ca2.crt \
|
## crt_file=data_files/server8_int-ca2.crt \
|
||||||
## key_file=data_files/server8.key \
|
## key_file=data_files/server8.key \
|
||||||
## mtu=512 force_version=dtls1_2" \
|
## hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
|
||||||
## 0 \
|
## 0 \
|
||||||
## -c "fragmenting handshake message" \
|
## -c "fragmenting handshake message" \
|
||||||
## -C "error"
|
## -C "error"
|
||||||
@ -5575,14 +5588,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
|||||||
requires_config_enabled MBEDTLS_RSA_C
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
requires_config_enabled MBEDTLS_ECDSA_C
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
||||||
client_needs_more_time 2
|
client_needs_more_time 4
|
||||||
run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.0" \
|
run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.0" \
|
||||||
-p "$P_PXY drop=8 delay=8 duplicate=8" \
|
-p "$P_PXY drop=8 delay=8 duplicate=8" \
|
||||||
"$O_LEGACY_SRV -dtls1 -verify 10" \
|
"$O_LEGACY_SRV -dtls1 -verify 10" \
|
||||||
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
|
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
|
||||||
crt_file=data_files/server8_int-ca2.crt \
|
crt_file=data_files/server8_int-ca2.crt \
|
||||||
key_file=data_files/server8.key \
|
key_file=data_files/server8.key \
|
||||||
mtu=512 force_version=dtls1" \
|
hs_timeout=250-60000 mtu=512 force_version=dtls1" \
|
||||||
0 \
|
0 \
|
||||||
-c "fragmenting handshake message" \
|
-c "fragmenting handshake message" \
|
||||||
-C "error"
|
-C "error"
|
||||||
@ -5592,13 +5605,13 @@ run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.0" \
|
|||||||
## requires_config_enabled MBEDTLS_RSA_C
|
## requires_config_enabled MBEDTLS_RSA_C
|
||||||
## requires_config_enabled MBEDTLS_ECDSA_C
|
## requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
## requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
## requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
## client_needs_more_time 2
|
## client_needs_more_time 4
|
||||||
## run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \
|
## run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \
|
||||||
## -p "$P_PXY drop=8 delay=8 duplicate=8" \
|
## -p "$P_PXY drop=8 delay=8 duplicate=8" \
|
||||||
## "$P_SRV dtls=1 debug_level=2 \
|
## "$P_SRV dtls=1 debug_level=2 \
|
||||||
## crt_file=data_files/server7_int-ca.crt \
|
## crt_file=data_files/server7_int-ca.crt \
|
||||||
## key_file=data_files/server7.key \
|
## key_file=data_files/server7.key \
|
||||||
## mtu=512 force_version=dtls1_2" \
|
## hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
|
||||||
## "$O_CLI -dtls1_2" \
|
## "$O_CLI -dtls1_2" \
|
||||||
## 0 \
|
## 0 \
|
||||||
## -s "fragmenting handshake message"
|
## -s "fragmenting handshake message"
|
||||||
@ -5610,13 +5623,13 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
|||||||
requires_config_enabled MBEDTLS_RSA_C
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
requires_config_enabled MBEDTLS_ECDSA_C
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
||||||
client_needs_more_time 2
|
client_needs_more_time 4
|
||||||
run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.0" \
|
run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.0" \
|
||||||
-p "$P_PXY drop=8 delay=8 duplicate=8" \
|
-p "$P_PXY drop=8 delay=8 duplicate=8" \
|
||||||
"$P_SRV dgram_packing=0 dtls=1 debug_level=2 \
|
"$P_SRV dgram_packing=0 dtls=1 debug_level=2 \
|
||||||
crt_file=data_files/server7_int-ca.crt \
|
crt_file=data_files/server7_int-ca.crt \
|
||||||
key_file=data_files/server7.key \
|
key_file=data_files/server7.key \
|
||||||
mtu=512 force_version=dtls1" \
|
hs_timeout=250-60000 mtu=512 force_version=dtls1" \
|
||||||
"$O_LEGACY_CLI -nbio -dtls1" \
|
"$O_LEGACY_CLI -nbio -dtls1" \
|
||||||
0 \
|
0 \
|
||||||
-s "fragmenting handshake message"
|
-s "fragmenting handshake message"
|
||||||
|
Loading…
Reference in New Issue
Block a user