mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2024-12-26 18:20:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Test ssl_pthread_server

Browse Source 
Test ssl_pthread_server with both TLS 1.2 and TLS 1.3.
Test against both OpenSSL and GnuTLS.

In the server, flush more often. Otherwise, when stdout is redirected to a
file, the server gets killed before it writes important information, such as
the logs that we expect in the test cases.

Clean up compile-time requirements in ssl_pthread_server.c: any certificate-based
key exchange is ok, so don't insist on built-in RSA.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2024-09-04 16:31:06 +02:00
parent a21e893398
commit 3abca9510a
3 changed files with 71 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
programs/ssl/ssl_pthread_server.c
View File

@ -10,20 +10,21 @@
#include "mbedtls/platform.h"
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_SRV_C) || \
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
!defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_THREADING_C) || \
!defined(MBEDTLS_THREADING_PTHREAD) || !defined(MBEDTLS_PEM_PARSE_C)
#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \
!defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C)
int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C "
"and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
"MBEDTLS_THREADING_C and/or MBEDTLS_THREADING_PTHREAD "
"and/or MBEDTLS_PEM_PARSE_C not defined.\n");
mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or "
"MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C "
"not defined.\n");
mbedtls_exit(0);
}
#elif !defined(MBEDTLS_THREADING_C) || !defined(MBEDTLS_THREADING_PTHREAD)
int main(void)
{
mbedtls_printf("MBEDTLS_THREADING_PTHREAD not defined.\n");
mbedtls_exit(0);
}
#else
@ -123,6 +124,7 @@ static void *handle_ssl_connection(void *data)
* 5. Handshake
*/
mbedtls_printf(" [ #%ld ] Performing the SSL/TLS handshake\n", thread_id);
fflush(stdout);
while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
@ -138,6 +140,7 @@ static void *handle_ssl_connection(void *data)
* 6. Read the HTTP Request
*/
mbedtls_printf(" [ #%ld ] < Read from client\n", thread_id);
fflush(stdout);
do {
len = sizeof(buf) - 1;
@ -170,6 +173,7 @@ static void *handle_ssl_connection(void *data)
len = ret;
mbedtls_printf(" [ #%ld ] %d bytes read\n=====\n%s\n=====\n",
thread_id, len, (char *) buf);
fflush(stdout);
if (ret > 0) {
break;
@ -180,6 +184,7 @@ static void *handle_ssl_connection(void *data)
* 7. Write the 200 Response
*/
mbedtls_printf(" [ #%ld ] > Write to client:\n", thread_id);
fflush(stdout);
len = sprintf((char *) buf, HTTP_RESPONSE,
mbedtls_ssl_get_ciphersuite(&ssl));
@ -201,6 +206,7 @@ static void *handle_ssl_connection(void *data)
len = ret;
mbedtls_printf(" [ #%ld ] %d bytes written\n=====\n%s\n=====\n",
thread_id, len, (char *) buf);
fflush(stdout);
mbedtls_printf(" [ #%ld ] . Closing the connection...", thread_id);
@ -214,6 +220,7 @@ static void *handle_ssl_connection(void *data)
}
mbedtls_printf(" ok\n");
fflush(stdout);
ret = 0;
@ -442,6 +449,7 @@ reset:
* 3. Wait until a client connects
*/
mbedtls_printf(" [ main ] Waiting for a remote connection\n");
fflush(stdout);
if ((ret = mbedtls_net_accept(&listen_fd, &client_fd,
NULL, 0, NULL)) != 0) {
@ -483,7 +491,4 @@ exit:
mbedtls_exit(ret);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&
MBEDTLS_RSA_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_THREADING_C &&
MBEDTLS_THREADING_PTHREAD && MBEDTLS_PEM_PARSE_C */
#endif /* configuration allows running this program */

44
tests/opt-testcases/sample.sh
View File

@ -118,3 +118,47 @@ run_test "Sample: ssl_server, gnutls client, TLS 1.3" \
-c "Description:.*TLS1.3" \
-S "error" \
-C "ERROR"
requires_protocol_version tls12
run_test "Sample: ssl_pthread_server, openssl client, TLS 1.2" \
-P 4433 \
"$PROGRAMS_DIR/ssl_pthread_server" \
"$O_CLI -tls1_2" \
0 \
-s "Successful connection using: TLS-" \
-c "New, TLSv1.2, Cipher is" \
-S "error" \
-C "ERROR"
requires_protocol_version tls12
run_test "Sample: ssl_pthread_server, gnutls client, TLS 1.2" \
-P 4433 \
"$PROGRAMS_DIR/ssl_pthread_server" \
"$G_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 localhost" \
0 \
-s "Successful connection using: TLS-" \
-c "Description:.*TLS1.2" \
-S "error" \
-C "ERROR"
requires_protocol_version tls13
run_test "Sample: ssl_pthread_server, openssl client, TLS 1.3" \
-P 4433 \
"$PROGRAMS_DIR/ssl_pthread_server" \
"$O_CLI -tls1_3" \
0 \
-s "Successful connection using: TLS1-3-" \
-c "New, TLSv1.3, Cipher is" \
-S "error" \
-C "ERROR"
requires_protocol_version tls13
run_test "Sample: ssl_pthread_server, gnutls client, TLS 1.3" \
-P 4433 \
"$PROGRAMS_DIR/ssl_pthread_server" \
"$G_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3 localhost" \
0 \
-s "Successful connection using: TLS1-3-" \
-c "Description:.*TLS1.3" \
-S "error" \
-C "ERROR"

6
tests/ssl-opt.sh
View File

@ -500,6 +500,7 @@ detect_required_features() {
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_certificate_authentication
;;
*"programs/ssl/ssl_pthread_server "*|\
*"programs/ssl/ssl_server "*)
requires_config_enabled MBEDTLS_CTR_DRBG_C
requires_config_enabled MBEDTLS_ENTROPY_C
@ -509,6 +510,11 @@ detect_required_features() {
;;
esac
case " $CMD_LINE " in
*"programs/ssl/ssl_pthread_server "*)
requires_config_enabled MBEDTLS_THREADING_PTHREAD;;
esac
case "$CMD_LINE" in
*[-_\ =]psk*|*[-_\ =]PSK*) :;; # No certificate requirement with PSK
*/server5*|\