Commit Graph

241 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
bd97fdb3a4 Make ssl_server2's HVR handling more realistic
It makes not sense to keep the connection open until the client is verified.
Until now it was useful since closing it crates a race where the second
ClientHello might be lost. But now that our client is able to resend, that's
not an issue any more.
2014-10-21 16:32:40 +02:00
Manuel Pégourié-Gonnard
2739313cea Make anti-replay a runtime option 2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard
484b8f9ed8 Fix bug in ssl_client2 reconnect option 2014-10-21 16:32:32 +02:00
Manuel Pégourié-Gonnard
b6440a496b ssl_server2 now dies on SIGTERM during a read 2014-10-21 16:32:29 +02:00
Manuel Pégourié-Gonnard
a014829024 Use ssl_set_bio_timeout() in test client/server 2014-10-21 16:32:27 +02:00
Manuel Pégourié-Gonnard
4ba6ab6d0d Fix glitch with HelloVerifyRequest
With the close-rebind strategy, sometimes the second ClientHello was lost (if
received before close), and since our client doesn't resend yet, the tests
would fail (no problem with other client that resend). Anyway, it's not really
clean to lose messages.
2014-10-21 16:30:20 +02:00
Manuel Pégourié-Gonnard
26820e3061 Add option 'cookies' to ssl_server2 2014-10-21 16:30:18 +02:00
Manuel Pégourié-Gonnard
a64acd4f84 Add separate SSL_COOKIE_C define 2014-10-21 16:30:18 +02:00
Manuel Pégourié-Gonnard
232edd46be Move cookie callbacks implementation to own module 2014-10-21 16:30:17 +02:00
Manuel Pégourié-Gonnard
d485d194f9 Move to a callback interface for DTLS cookies 2014-10-21 16:30:17 +02:00
Manuel Pégourié-Gonnard
82202f0a9c Make DTLS_HELLO_VERIFY a compile option 2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard
98545f128a Generate random key for HelloVerifyRequest 2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard
336b824f07 Use ssl_set_client_transport_id() in ssl_server2 2014-10-21 16:30:15 +02:00
Manuel Pégourié-Gonnard
ae5050c212 Start adapting ssl_client2 to datagram I/O 2014-10-21 16:30:11 +02:00
Manuel Pégourié-Gonnard
798f15a500 Fix version adjustments with force_ciphersuite 2014-10-21 16:30:10 +02:00
Manuel Pégourié-Gonnard
fe3f73bdeb Allow force_version to select DTLS 2014-10-21 16:30:10 +02:00
Manuel Pégourié-Gonnard
8a06d9c5d6 Actually use UDP for DTLS in test client/server 2014-10-21 16:30:09 +02:00
Manuel Pégourié-Gonnard
f5a1312eaa Add UDP support to the NET module 2014-10-21 16:30:09 +02:00
Manuel Pégourié-Gonnard
83218f1da1 Add dtls version aliases to test serv/cli 2014-10-21 16:30:05 +02:00
Manuel Pégourié-Gonnard
864a81fdc0 More ssl_set_XXX() functions can return BAD_INPUT 2014-10-21 16:30:04 +02:00
Manuel Pégourié-Gonnard
e29fd4beaf Add a dtls option to test server and client 2014-10-21 16:30:03 +02:00
Manuel Pégourié-Gonnard
f138874811 Properly send close_notify in ssl_client2 2014-08-19 16:14:36 +02:00
Manuel Pégourié-Gonnard
a8c0a0dbd0 Add "exchanges" option to test server and client
Goal is to test renegotiation better: we need more than one exchange for
server-initiated renego to work reliably (the previous hack for this wouldn't
work with non-blocking I/O and probably not with DTLS either).

Also check message termination in a semi-realistic way.
2014-08-19 13:26:05 +02:00
Manuel Pégourié-Gonnard
296e3b1174 Request renego before write in ssl_server2
Will be useful for:
- detecting termination of messages by other means than connection close
- DTLS (can be seen as a special case of the above: datagram-oriented)
2014-08-19 12:59:03 +02:00
Manuel Pégourié-Gonnard
e08660e612 Fix ssl_read() and close_notify error handling in programs 2014-08-19 10:34:37 +02:00
Manuel Pégourié-Gonnard
67686c42e6 Fix undocumented option in ssl_server2 2014-08-19 10:34:37 +02:00
Manuel Pégourié-Gonnard
250b1ca6f3 Fix ssl_server2 exiting on recoverable errors 2014-08-19 10:34:37 +02:00
Paul Bakker
bc3e54c70d Fix overly rigorous defines in ssl_server2.c 2014-08-18 14:36:17 +02:00
Paul Bakker
09c9dd80ef Revert 42cc641. Issue already fixed in 333fdec. 2014-08-18 11:06:56 +02:00
Paul Bakker
c1283d3f4c Only use signal() in ssl_server2 on non-Windows platforms 2014-08-18 11:05:51 +02:00
Manuel Pégourié-Gonnard
dcab293bd4 Get rid of SERVERQUIT code in ssl_{client,server}2 2014-08-14 18:33:00 +02:00
Manuel Pégourié-Gonnard
db49330e08 ssl_server2 aborts cleanly on SIGTERM
(while waiting for a new connection)
2014-08-14 18:33:00 +02:00
Alfred Klomp
7c03424d1c ssl_mail_client.c: silence warning, check base64_encode() status
Found with Clang's `scan-build` tool.

ssl_mail_client.c does a dead store by assigning the return value of
base64_encode() to `len` and not using the value.  This causes
scan-build to issue a warning.

Instead of storing the return value into `len`, store it to `ret`, since
base64_encode() returns a status code, not a length. Also check if the
return value is nonzero and print an error; this silences scan-build.
2014-08-14 11:34:35 +02:00
Manuel Pégourié-Gonnard
42cc641159 Don't print uninitialized buffer in ssl_mail_client 2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
9dbe7c5f17 Remove unreachable code from ssl_pthread_server 2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
955028f858 Fix compile error in ssl_pthread_server 2014-08-14 11:34:33 +02:00
Paul Bakker
333fdeca3a Properly initialize buf 2014-08-04 12:12:09 +02:00
Paul Bakker
a317a98221 Adapt programs / test suites 2014-07-09 10:19:24 +02:00
Manuel Pégourié-Gonnard
c5fd391e04 Check return value of ssl_set_xxx() in programs 2014-07-08 14:20:26 +02:00
Paul Bakker
8fb99abaac Merge changes for leaner memory footprint 2014-07-04 15:02:19 +02:00
Manuel Pégourié-Gonnard
481fcfde93 Make PSK_LEN configurable and adjust PMS size 2014-07-04 14:59:08 +02:00
Manuel Pégourié-Gonnard
fae355e8ee Add tests for ssl_set_renegotiation_enforced() 2014-07-04 14:32:27 +02:00
Paul Bakker
2a45d1c8bb Merge changes to config examples and configuration issues 2014-06-25 11:27:00 +02:00
Manuel Pégourié-Gonnard
dea29c51fd Extend request_size to small sizes in ssl_client2 2014-06-25 11:26:11 +02:00
Manuel Pégourié-Gonnard
0669f272e9 Fix printing large packets in ssl_server2 2014-06-25 11:26:11 +02:00
Manuel Pégourié-Gonnard
8a4d571af8 Fix warnings in no-SSL configs 2014-06-24 14:19:59 +02:00
Manuel Pégourié-Gonnard
4505ed3c90 Fix missing free() with recent ssl_server2 options 2014-06-20 18:35:16 +02:00
Paul Bakker
9b7fb6f68e Prevent warning for possibly uninitialized variable in ssl_server2 2014-06-12 23:01:43 +02:00
Manuel Pégourié-Gonnard
8de259b953 Minor code simplification in ssl programs 2014-06-11 18:35:33 +02:00
Manuel Pégourié-Gonnard
95c0a63023 Add tests for ssl_get_bytes_avail() 2014-06-11 18:34:47 +02:00