Test dtls_server

Test against both OpenSSL and GnuTLS.

Don't use a proxy. It's not particularly useful here, and would complicate
figuring out port numbers.

Clean up compile-time requirements dtls_server.c: any certificate-based key
exchange is ok, so don't insist on built-in RSA.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2024-09-04 16:51:50 +02:00
parent c83e56cc45
commit 6b4d6931e7
3 changed files with 39 additions and 16 deletions
programs/ssl
tests
opt-testcases
ssl-opt.sh

@ -18,19 +18,19 @@
#define BIND_IP "::"
#endif
#if !defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \
!defined(MBEDTLS_SSL_COOKIE_C) || !defined(MBEDTLS_NET_C) || \
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_TIMING_C)
#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \
!defined(MBEDTLS_TIMING_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \
!defined(MBEDTLS_SSL_COOKIE_C) || \
!defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C)
int main(void)
{
printf("MBEDTLS_SSL_SRV_C and/or MBEDTLS_SSL_PROTO_DTLS and/or "
"MBEDTLS_SSL_COOKIE_C and/or MBEDTLS_NET_C and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_PEM_PARSE_C and/or MBEDTLS_TIMING_C not defined.\n");
mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or "
"MBEDTLS_TIMING_C and/or MBEDTLS_SSL_PROTO_DTLS and/or "
"MBEDTLS_SSL_COOKIE_C and/or "
"MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C "
"not defined.\n");
mbedtls_exit(0);
}
#else
@ -402,7 +402,5 @@ exit:
mbedtls_exit(ret);
}
#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_PROTO_DTLS &&
MBEDTLS_SSL_COOKIE_C && MBEDTLS_NET_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_CTR_DRBG_C && MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_RSA_C
&& MBEDTLS_PEM_PARSE_C && MBEDTLS_TIMING_C */
#endif /* configuration allows running this program */

@ -206,3 +206,27 @@ run_test "Sample: ssl_pthread_server, gnutls client, TLS 1.3" \
-c "Description:.*TLS1.3" \
-S "error" \
-C "ERROR"
requires_protocol_version dtls12
run_test "Sample: dtls_server, openssl client, DTLS 1.2" \
-P 4433 \
"$PROGRAMS_DIR/dtls_server" \
"$O_CLI -dtls1_2" \
0 \
-s "[1-9][0-9]* bytes read" \
-s "[1-9][0-9]* bytes written" \
-c "New, TLSv1.2, Cipher is" \
-S "error" \
-C "ERROR"
requires_protocol_version dtls12
run_test "Sample: dtls_server, gnutls client, DTLS 1.2" \
-P 4433 \
"$PROGRAMS_DIR/dtls_server" \
"$G_CLI -u --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 localhost" \
0 \
-s "[1-9][0-9]* bytes read" \
-s "[1-9][0-9]* bytes written" \
-c "Description:.*DTLS1.2" \
-S "error" \
-C "ERROR"

@ -500,6 +500,7 @@ detect_required_features() {
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_certificate_authentication
;;
*"programs/ssl/dtls_server "*|\
*"programs/ssl/ssl_fork_server "*|\
*"programs/ssl/ssl_pthread_server "*|\
*"programs/ssl/ssl_server "*)
@ -1277,7 +1278,7 @@ wait_client_done() {
# check if the given command uses dtls and sets global variable DTLS
detect_dtls() {
case "$1" in
*dtls=1*|*-dtls*|*-u*) DTLS=1;;
*dtls=1*|*-dtls*|*-u*|*/dtls_*) DTLS=1;;
*) DTLS=0;;
esac
}