mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-29 20:34:20 +01:00
Merge pull request #5073 from paul-elliott-arm/fix-resumption-openssl-client-tests-2.x
Backport 2.x : Use newer OpenSSL for tests failing with the old
This commit is contained in:
Gilles Peskine
GitHub
commit
ecb8da0f0c
@ -77,6 +77,14 @@ else
|
|||||||
O_LEGACY_CLI=false
|
O_LEGACY_CLI=false
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ -n "${OPENSSL_NEXT:-}" ]; then
|
||||||
|
O_NEXT_SRV="$OPENSSL_NEXT s_server -www -cert data_files/server5.crt -key data_files/server5.key"
|
||||||
|
O_NEXT_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client"
|
||||||
|
else
|
||||||
|
O_NEXT_SRV=false
|
||||||
|
O_NEXT_CLI=false
|
||||||
|
fi
|
||||||
|
|
||||||
if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
|
if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
|
||||||
G_NEXT_SRV="$GNUTLS_NEXT_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
|
G_NEXT_SRV="$GNUTLS_NEXT_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
|
||||||
else
|
else
|
||||||
@ -355,6 +363,19 @@ requires_openssl_legacy() {
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
requires_openssl_next() {
|
||||||
|
if [ -z "${OPENSSL_NEXT_AVAILABLE:-}" ]; then
|
||||||
|
if which "${OPENSSL_NEXT:-}" >/dev/null 2>&1; then
|
||||||
|
OPENSSL_NEXT_AVAILABLE="YES"
|
||||||
|
else
|
||||||
|
OPENSSL_NEXT_AVAILABLE="NO"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
if [ "$OPENSSL_NEXT_AVAILABLE" = "NO" ]; then
|
||||||
|
SKIP_NEXT="YES"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
# skip next test if IPv6 isn't available on this host
|
# skip next test if IPv6 isn't available on this host
|
||||||
requires_ipv6() {
|
requires_ipv6() {
|
||||||
if [ -z "${HAS_IPV6:-}" ]; then
|
if [ -z "${HAS_IPV6:-}" ]; then
|
||||||
@ -665,7 +686,7 @@ wait_client_done() {
|
|||||||
# check if the given command uses dtls and sets global variable DTLS
|
# check if the given command uses dtls and sets global variable DTLS
|
||||||
detect_dtls() {
|
detect_dtls() {
|
||||||
case "$1" in
|
case "$1" in
|
||||||
*dtls=1*|-dtls|-u) DTLS=1;;
|
*dtls=1*|*-dtls*|*-u*) DTLS=1;;
|
||||||
*) DTLS=0;;
|
*) DTLS=0;;
|
||||||
esac
|
esac
|
||||||
}
|
}
|
||||||
@ -1212,17 +1233,24 @@ SRV_DELAY_SECONDS=0
|
|||||||
|
|
||||||
# fix commands to use this port, force IPv4 while at it
|
# fix commands to use this port, force IPv4 while at it
|
||||||
# +SRV_PORT will be replaced by either $SRV_PORT or $PXY_PORT later
|
# +SRV_PORT will be replaced by either $SRV_PORT or $PXY_PORT later
|
||||||
|
# Note: Using 'localhost' rather than 127.0.0.1 here is unwise, as on many
|
||||||
|
# machines that will resolve to ::1, and we don't want ipv6 here.
|
||||||
P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT"
|
P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT"
|
||||||
P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT"
|
P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT"
|
||||||
P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}"
|
P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}"
|
||||||
O_SRV="$O_SRV -accept $SRV_PORT"
|
O_SRV="$O_SRV -accept $SRV_PORT"
|
||||||
O_CLI="$O_CLI -connect localhost:+SRV_PORT"
|
O_CLI="$O_CLI -connect 127.0.0.1:+SRV_PORT"
|
||||||
G_SRV="$G_SRV -p $SRV_PORT"
|
G_SRV="$G_SRV -p $SRV_PORT"
|
||||||
G_CLI="$G_CLI -p +SRV_PORT"
|
G_CLI="$G_CLI -p +SRV_PORT"
|
||||||
|
|
||||||
if [ -n "${OPENSSL_LEGACY:-}" ]; then
|
if [ -n "${OPENSSL_LEGACY:-}" ]; then
|
||||||
O_LEGACY_SRV="$O_LEGACY_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem"
|
O_LEGACY_SRV="$O_LEGACY_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem"
|
||||||
O_LEGACY_CLI="$O_LEGACY_CLI -connect localhost:+SRV_PORT"
|
O_LEGACY_CLI="$O_LEGACY_CLI -connect 127.0.0.1:+SRV_PORT"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -n "${OPENSSL_NEXT:-}" ]; then
|
||||||
|
O_NEXT_SRV="$O_NEXT_SRV -accept $SRV_PORT"
|
||||||
|
O_NEXT_CLI="$O_NEXT_CLI -connect 127.0.0.1:+SRV_PORT"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
|
if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
|
||||||
@ -2938,10 +2966,13 @@ run_test "Session resume using tickets, DTLS: openssl server" \
|
|||||||
-c "parse new session ticket" \
|
-c "parse new session ticket" \
|
||||||
-c "a session has been resumed"
|
-c "a session has been resumed"
|
||||||
|
|
||||||
|
# For reasons that aren't fully understood, this test randomly fails with high
|
||||||
|
# probability with OpenSSL 1.0.2g on the CI, see #5012.
|
||||||
|
requires_openssl_next
|
||||||
run_test "Session resume using tickets, DTLS: openssl client" \
|
run_test "Session resume using tickets, DTLS: openssl client" \
|
||||||
"$P_SRV dtls=1 debug_level=3 tickets=1" \
|
"$P_SRV dtls=1 debug_level=3 tickets=1" \
|
||||||
"( $O_CLI -dtls1 -sess_out $SESSION; \
|
"( $O_NEXT_CLI -dtls1 -sess_out $SESSION; \
|
||||||
$O_CLI -dtls1 -sess_in $SESSION; \
|
$O_NEXT_CLI -dtls1 -sess_in $SESSION; \
|
||||||
rm -f $SESSION )" \
|
rm -f $SESSION )" \
|
||||||
0 \
|
0 \
|
||||||
-s "found session ticket extension" \
|
-s "found session ticket extension" \
|
||||||
@ -3138,10 +3169,13 @@ run_test "Session resume using cache, DTLS: session copy" \
|
|||||||
-s "a session has been resumed" \
|
-s "a session has been resumed" \
|
||||||
-c "a session has been resumed"
|
-c "a session has been resumed"
|
||||||
|
|
||||||
|
# For reasons that aren't fully understood, this test randomly fails with high
|
||||||
|
# probability with OpenSSL 1.0.2g on the CI, see #5012.
|
||||||
|
requires_openssl_next
|
||||||
run_test "Session resume using cache, DTLS: openssl client" \
|
run_test "Session resume using cache, DTLS: openssl client" \
|
||||||
"$P_SRV dtls=1 debug_level=3 tickets=0" \
|
"$P_SRV dtls=1 debug_level=3 tickets=0" \
|
||||||
"( $O_CLI -dtls1 -sess_out $SESSION; \
|
"( $O_NEXT_CLI -dtls1 -sess_out $SESSION; \
|
||||||
$O_CLI -dtls1 -sess_in $SESSION; \
|
$O_NEXT_CLI -dtls1 -sess_in $SESSION; \
|
||||||
rm -f $SESSION )" \
|
rm -f $SESSION )" \
|
||||||
0 \
|
0 \
|
||||||
-s "found session ticket extension" \
|
-s "found session ticket extension" \
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user