mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2024-12-26 18:20:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Test ssl_fork_server

Browse Source 
Test ssl_fork_server with both TLS 1.2 and TLS 1.3.
Test against both OpenSSL and GnuTLS.

In the server, flush more often. Otherwise, when stdout is redirected to a
file, the server gets killed before it writes important information, such as
the logs that we expect in the test cases.

In the server, only write output for 10 seconds, not 100. That's enough time
to start concurrent clients if desired. 100 seconds causes ssl-opt to take a
very long time when the client actually listens to the whole input (which
`gnutls-cli` does, but not `openssl s_client`).

Clean up compile-time requirements in ssl_fork_server.c: any certificate-based
key exchange is ok, so don't insist on built-in RSA.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2024-09-04 17:47:14 +02:00
parent 3abca9510a
commit c83e56cc45
3 changed files with 63 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
programs/ssl/ssl_fork_server.c
View File

@ -9,22 +9,15 @@
#include "mbedtls/platform.h"
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_SRV_C) || \
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
!defined(MBEDTLS_TIMING_C) || !defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_PEM_PARSE_C)
int main(int argc, char *argv[])
#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \
!defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C)
int main(void)
{
((void) argc);
((void) argv);
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C "
"and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
"MBEDTLS_TIMING_C and/or MBEDTLS_PEM_PARSE_C not defined.\n");
mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or "
"MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C "
"not defined.\n");
mbedtls_exit(0);
}
#elif defined(_WIN32)
@ -225,6 +218,7 @@ int main(void)
if (pid != 0) {
mbedtls_printf(" ok\n");
mbedtls_net_close(&client_fd);
fflush(stdout);
if ((ret = mbedtls_ctr_drbg_reseed(&ctr_drbg,
(const unsigned char *) "parent",
@ -282,6 +276,7 @@ int main(void)
}
mbedtls_printf("pid %d: SSL handshake ok\n", pid);
fflush(stdout);
/*
* 6. Read the HTTP Request
@ -312,12 +307,14 @@ int main(void)
mbedtls_printf("pid %d: mbedtls_ssl_read returned %d\n", pid, ret);
break;
}
fflush(stdout);
break;
}
len = ret;
mbedtls_printf("pid %d: %d bytes read\n\n%s", pid, len, (char *) buf);
fflush(stdout);
if (ret > 0) {
break;
@ -333,7 +330,7 @@ int main(void)
len = sprintf((char *) buf, HTTP_RESPONSE,
mbedtls_ssl_get_ciphersuite(&ssl));
while (cnt++ < 100) {
while (cnt++ < 10) {
while ((ret = mbedtls_ssl_write(&ssl, buf, len)) <= 0) {
if (ret == MBEDTLS_ERR_NET_CONN_RESET) {
mbedtls_printf(
@ -349,12 +346,16 @@ int main(void)
}
}
len = ret;
mbedtls_printf("pid %d: %d bytes written\n\n%s\n", pid, len, (char *) buf);
mbedtls_printf("pid %d: %d bytes written (cnt=%d)\n\n%s\n",
pid, len, cnt, (char *) buf);
fflush(stdout);
mbedtls_net_usleep(1000000);
}
mbedtls_ssl_close_notify(&ssl);
mbedtls_printf("pid %d: shutting down\n", pid);
fflush(stdout);
goto exit;
}

44
tests/opt-testcases/sample.sh
View File

@ -119,6 +119,50 @@ run_test "Sample: ssl_server, gnutls client, TLS 1.3" \
-S "error" \
-C "ERROR"
requires_protocol_version tls12
run_test "Sample: ssl_fork_server, openssl client, TLS 1.2" \
-P 4433 \
"$PROGRAMS_DIR/ssl_fork_server" \
"$O_CLI -tls1_2" \
0 \
-s "Successful connection using: TLS-" \
-c "New, TLSv1.2, Cipher is" \
-S "error" \
-C "ERROR"
requires_protocol_version tls12
run_test "Sample: ssl_fork_server, gnutls client, TLS 1.2" \
-P 4433 \
"$PROGRAMS_DIR/ssl_fork_server" \
"$G_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 localhost" \
0 \
-s "Successful connection using: TLS-" \
-c "Description:.*TLS1.2" \
-S "error" \
-C "ERROR"
requires_protocol_version tls13
run_test "Sample: ssl_fork_server, openssl client, TLS 1.3" \
-P 4433 \
"$PROGRAMS_DIR/ssl_fork_server" \
"$O_CLI -tls1_3" \
0 \
-s "Successful connection using: TLS1-3-" \
-c "New, TLSv1.3, Cipher is" \
-S "error" \
-C "ERROR"
requires_protocol_version tls13
run_test "Sample: ssl_fork_server, gnutls client, TLS 1.3" \
-P 4433 \
"$PROGRAMS_DIR/ssl_fork_server" \
"$G_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3 localhost" \
0 \
-s "Successful connection using: TLS1-3-" \
-c "Description:.*TLS1.3" \
-S "error" \
-C "ERROR"
requires_protocol_version tls12
run_test "Sample: ssl_pthread_server, openssl client, TLS 1.2" \
-P 4433 \

1
tests/ssl-opt.sh
View File

@ -500,6 +500,7 @@ detect_required_features() {
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_certificate_authentication
;;
*"programs/ssl/ssl_fork_server "*|\
*"programs/ssl/ssl_pthread_server "*|\
*"programs/ssl/ssl_server "*)
requires_config_enabled MBEDTLS_CTR_DRBG_C