From d60950c2d0cfc421ddfca68ad801bbf44c2ef0aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 13 Oct 2021 13:12:47 +0200 Subject: [PATCH 1/4] Use newer OpenSSL for tests failing with the old MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/ssl-opt.sh | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 66c648573..0422c1b1b 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2694,10 +2694,13 @@ run_test "Session resume using tickets, DTLS: openssl server" \ -c "parse new session ticket" \ -c "a session has been resumed" +# For reasons that aren't fully understood, this test randomly fails with high +# probabiliby with OpenSSL 1.0.2g on the CI, see #5012. +requires_openssl_next run_test "Session resume using tickets, DTLS: openssl client" \ "$P_SRV dtls=1 debug_level=3 tickets=1" \ - "( $O_CLI -dtls -sess_out $SESSION; \ - $O_CLI -dtls -sess_in $SESSION; \ + "( $O_NEXT_CLI -dtls -sess_out $SESSION; \ + $O_NEXT_CLI -dtls -sess_in $SESSION; \ rm -f $SESSION )" \ 0 \ -s "found session ticket extension" \ @@ -2894,10 +2897,13 @@ run_test "Session resume using cache, DTLS: session copy" \ -s "a session has been resumed" \ -c "a session has been resumed" +# For reasons that aren't fully understood, this test randomly fails with high +# probabiliby with OpenSSL 1.0.2g on the CI, see #5012. +requires_openssl_next run_test "Session resume using cache, DTLS: openssl client" \ "$P_SRV dtls=1 debug_level=3 tickets=0" \ - "( $O_CLI -dtls -sess_out $SESSION; \ - $O_CLI -dtls -sess_in $SESSION; \ + "( $O_NEXT_CLI -dtls -sess_out $SESSION; \ + $O_NEXT_CLI -dtls -sess_in $SESSION; \ rm -f $SESSION )" \ 0 \ -s "found session ticket extension" \ From 09cfa18976fa0b14d2dd78f377bf173b4eb60403 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 13 Oct 2021 16:13:44 +0100 Subject: [PATCH 2/4] Spelling fix Signed-off-by: Paul Elliott --- tests/ssl-opt.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 0422c1b1b..fb4403c3e 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2695,7 +2695,7 @@ run_test "Session resume using tickets, DTLS: openssl server" \ -c "a session has been resumed" # For reasons that aren't fully understood, this test randomly fails with high -# probabiliby with OpenSSL 1.0.2g on the CI, see #5012. +# probability with OpenSSL 1.0.2g on the CI, see #5012. requires_openssl_next run_test "Session resume using tickets, DTLS: openssl client" \ "$P_SRV dtls=1 debug_level=3 tickets=1" \ @@ -2898,7 +2898,7 @@ run_test "Session resume using cache, DTLS: session copy" \ -c "a session has been resumed" # For reasons that aren't fully understood, this test randomly fails with high -# probabiliby with OpenSSL 1.0.2g on the CI, see #5012. +# probability with OpenSSL 1.0.2g on the CI, see #5012. requires_openssl_next run_test "Session resume using cache, DTLS: openssl client" \ "$P_SRV dtls=1 debug_level=3 tickets=0" \ From 1428f252ad9b506d1fe9bfa9e6834a2f857a1e20 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 12 Oct 2021 16:02:55 +0100 Subject: [PATCH 3/4] Fix incorrect check for DTLS Missing wildcards meant that some servers were not identified as DTLS, which lead to port checking on TCP rather than UDP, and thus mistakenly cancelling tests as the server had not come up. Signed-off-by: Paul Elliott --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index fb4403c3e..e9d67182a 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -753,7 +753,7 @@ wait_client_done() { # check if the given command uses dtls and sets global variable DTLS detect_dtls() { case "$1" in - *dtls=1*|-dtls|-u) DTLS=1;; + *dtls=1*|*-dtls*|*-u*) DTLS=1;; *) DTLS=0;; esac } From 0421715ade83391430ae6071f8734aa0154f4a77 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 12 Oct 2021 16:10:37 +0100 Subject: [PATCH 4/4] Use 127.0.0.1 rather than localhost This was causing some tests using the openssl s_client to not connect - I suspect this was due to localhost (at least on my machine) resolving to ::1 rather than 127.0.0.1. Note that the error seen would have been that the session file specified with -sess_out did not get created. Signed-off-by: Paul Elliott --- tests/ssl-opt.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index e9d67182a..b5ddc37c9 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1309,22 +1309,24 @@ SRV_DELAY_SECONDS=0 # fix commands to use this port, force IPv4 while at it # +SRV_PORT will be replaced by either $SRV_PORT or $PXY_PORT later +# Note: Using 'localhost' rather than 127.0.0.1 here is unwise, as on many +# machines that will resolve to ::1, and we don't want ipv6 here. P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT" P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT" P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}" O_SRV="$O_SRV -accept $SRV_PORT" -O_CLI="$O_CLI -connect localhost:+SRV_PORT" +O_CLI="$O_CLI -connect 127.0.0.1:+SRV_PORT" G_SRV="$G_SRV -p $SRV_PORT" G_CLI="$G_CLI -p +SRV_PORT" if [ -n "${OPENSSL_LEGACY:-}" ]; then O_LEGACY_SRV="$O_LEGACY_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem" - O_LEGACY_CLI="$O_LEGACY_CLI -connect localhost:+SRV_PORT" + O_LEGACY_CLI="$O_LEGACY_CLI -connect 127.0.0.1:+SRV_PORT" fi if [ -n "${OPENSSL_NEXT:-}" ]; then O_NEXT_SRV="$O_NEXT_SRV -accept $SRV_PORT" - O_NEXT_CLI="$O_NEXT_CLI -connect localhost:+SRV_PORT" + O_NEXT_CLI="$O_NEXT_CLI -connect 127.0.0.1:+SRV_PORT" fi if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then