yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-23 00:15:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add tests for session ticket lifetime

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard 2014-02-21 09:18:13 +01:00
parent c55a5b7d6f
commit dbe1ee1988
2 changed files with 44 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
programs/ssl/ssl_server2.c
View File

@ -69,6 +69,7 @@
#define DFL_AUTH_MODE SSL_VERIFY_OPTIONAL #define DFL_AUTH_MODE SSL_VERIFY_OPTIONAL
#define DFL_MFL_CODE SSL_MAX_FRAG_LEN_NONE #define DFL_MFL_CODE SSL_MAX_FRAG_LEN_NONE
#define DFL_TICKETS SSL_SESSION_TICKETS_ENABLED #define DFL_TICKETS SSL_SESSION_TICKETS_ENABLED
#define DFL_TICKET_TIMEOUT -1
#define DFL_CACHE_MAX -1 #define DFL_CACHE_MAX -1
#define DFL_CACHE_TIMEOUT -1 #define DFL_CACHE_TIMEOUT -1
@ -112,6 +113,7 @@ struct options
int auth_mode; /* verify mode for connection */ int auth_mode; /* verify mode for connection */
unsigned char mfl_code; /* code for maximum fragment length */ unsigned char mfl_code; /* code for maximum fragment length */
int tickets; /* enable / disable session tickets */ int tickets; /* enable / disable session tickets */
int ticket_timeout; /* session ticket lifetime */
int cache_max; /* max number of session cache entries */ int cache_max; /* max number of session cache entries */
int cache_timeout; /* expiration delay of session cache entries */ int cache_timeout; /* expiration delay of session cache entries */
} opt; } opt;
@ -161,7 +163,8 @@ static void my_debug( void *ctx, int level, const char *str )
#if defined(POLARSSL_SSL_SESSION_TICKETS) #if defined(POLARSSL_SSL_SESSION_TICKETS)
#define USAGE_TICKETS \ #define USAGE_TICKETS \
" tickets=%%d default: 1 (enabled)\n" " tickets=%%d default: 1 (enabled)\n" \
" ticket_timeout=%%d default: ticket default (1d)\n"
#else #else
#define USAGE_TICKETS "" #define USAGE_TICKETS ""
#endif /* POLARSSL_SSL_SESSION_TICKETS */ #endif /* POLARSSL_SSL_SESSION_TICKETS */
@ -320,6 +323,7 @@ int main( int argc, char *argv[] )
opt.auth_mode = DFL_AUTH_MODE; opt.auth_mode = DFL_AUTH_MODE;
opt.mfl_code = DFL_MFL_CODE; opt.mfl_code = DFL_MFL_CODE;
opt.tickets = DFL_TICKETS; opt.tickets = DFL_TICKETS;
opt.ticket_timeout = DFL_TICKET_TIMEOUT;
opt.cache_max = DFL_CACHE_MAX; opt.cache_max = DFL_CACHE_MAX;
opt.cache_timeout = DFL_CACHE_TIMEOUT; opt.cache_timeout = DFL_CACHE_TIMEOUT;
@ -471,6 +475,12 @@ int main( int argc, char *argv[] )
if( opt.tickets < 0 || opt.tickets > 1 ) if( opt.tickets < 0 || opt.tickets > 1 )
goto usage; goto usage;
} }
else if( strcmp( p, "ticket_timeout" ) == 0 )
{
opt.ticket_timeout = atoi( q );
if( opt.ticket_timeout < 0 )
goto usage;
}
else if( strcmp( p, "cache_max" ) == 0 ) else if( strcmp( p, "cache_max" ) == 0 )
{ {
opt.cache_max = atoi( q ); opt.cache_max = atoi( q );
@ -765,6 +775,9 @@ int main( int argc, char *argv[] )
#if defined(POLARSSL_SSL_SESSION_TICKETS) #if defined(POLARSSL_SSL_SESSION_TICKETS)
ssl_set_session_tickets( &ssl, opt.tickets ); ssl_set_session_tickets( &ssl, opt.tickets );
if( opt.ticket_timeout != -1 )
ssl_set_session_ticket_lifetime( &ssl, opt.ticket_timeout );
#endif #endif
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER ) if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )

32
tests/ssl-opt.sh
View File

@ -104,7 +104,7 @@ run_test "Truncated HMAC #1" \
run_test "Session resume using tickets #1" \ run_test "Session resume using tickets #1" \
"debug_level=4 tickets=1" \ "debug_level=4 tickets=1" \
"debug_level=4 reconnect=1 tickets=1" \ "debug_level=4 tickets=1 reconnect=1" \
0 \ 0 \
-c "client hello, adding session ticket extension" \ -c "client hello, adding session ticket extension" \
-s "found session ticket extension" \ -s "found session ticket extension" \
@ -118,7 +118,35 @@ run_test "Session resume using tickets #1" \
run_test "Session resume using tickets #2" \ run_test "Session resume using tickets #2" \
"debug_level=4 tickets=1 cache_max=0" \ "debug_level=4 tickets=1 cache_max=0" \
"debug_level=4 reconnect=1 tickets=1" \ "debug_level=4 tickets=1 reconnect=1" \
0 \
-c "client hello, adding session ticket extension" \
-s "found session ticket extension" \
-s "server hello, adding session ticket extension" \
-c "found session_ticket extension" \
-c "parse new session ticket" \
-S "session successfully restored from cache" \
-s "session successfully restored from ticket" \
-s "a session has been resumed" \
-c "a session has been resumed"
run_test "Session resume using tickets #3" \
"debug_level=4 tickets=1 cache_max=0 ticket_timeout=1" \
"debug_level=4 tickets=1 reconnect=1 reco_delay=2" \
0 \
-c "client hello, adding session ticket extension" \
-s "found session ticket extension" \
-s "server hello, adding session ticket extension" \
-c "found session_ticket extension" \
-c "parse new session ticket" \
-S "session successfully restored from cache" \
-S "session successfully restored from ticket" \
-S "a session has been resumed" \
-C "a session has been resumed"
run_test "Session resume using tickets #4" \
"debug_level=4 tickets=1 cache_max=0 ticket_timeout=2" \
"debug_level=4 tickets=1 reconnect=1 reco_delay=0" \
0 \ 0 \
-c "client hello, adding session ticket extension" \ -c "client hello, adding session ticket extension" \
-s "found session ticket extension" \ -s "found session ticket extension" \