From d1af1025d0cfe74a0d70459106e421c9889bfeb6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 11 Jul 2014 17:01:06 +0200 Subject: [PATCH] Add DTLS interop testing with OpenSSL server PSK suites failing with client auth --- tests/compat.sh | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index 03382a43f..523b0c7b2 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -172,9 +172,15 @@ filter_ciphersuites() # Currently OpenSSL doesn't support DTLS 1.2 if [ `minor_ver "$MODE"` -ge 3 ] && is_dtls "$MODE"; then O_CIPHERS="" + case "$PEER" in + [Oo]pen*) + P_CIPHERS="" + ;; + esac fi - # We need to force IPv4 by connecting to 127.0.0.1 but then auth fails + # For GnuTLS client -> PolarSSL server, + # we need to force IPv4 by connecting to 127.0.0.1 but then auth fails if [ "X$VERIFY" = "XYES" ] && is_dtls "$MODE"; then G_CIPHERS="" fi @@ -723,10 +729,18 @@ setup_arguments() esac P_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE" - O_SERVER_ARGS="-accept $PORT -www -cipher NULL,ALL -$MODE" + O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$MODE" G_SERVER_ARGS="-p $PORT --http $G_MODE" G_SERVER_PRIO="EXPORT:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE" + # with OpenSSL 1.0.1h, -www, -WWW and -HTTP break DTLS handshakes + if is_dtls "$MODE"; then + # temporary until we support handshake fragmentation + O_SERVER_ARGS="$O_SERVER_ARGS -mtu 16383" + else + O_SERVER_ARGS="$O_SERVER_ARGS -www" + fi + P_CLIENT_ARGS="server_port=$PORT server_addr=127.0.0.1 force_version=$MODE" O_CLIENT_ARGS="-connect localhost:$PORT -$MODE" G_CLIENT_ARGS="-p $PORT --debug 3 $G_MODE" @@ -835,7 +849,8 @@ start_server() { log "$SERVER_CMD" echo "$SERVER_CMD" > $SRV_OUT - $SERVER_CMD >> $SRV_OUT 2>&1 & + # for servers without -www or equivalent + yes Filler-text-for-server-to-send | $SERVER_CMD >> $SRV_OUT 2>&1 & PROCESS_ID=$! sleep 1 @@ -1078,7 +1093,7 @@ for VERIFY in $VERIFIES; do add_openssl_ciphersuites filter_ciphersuites - if [ "X" != "X$P_CIPHERS" ] && ! is_dtls "$MODE"; then + if [ "X" != "X$P_CIPHERS" ]; then start_server "OpenSSL" for i in $P_CIPHERS; do run_client PolarSSL $i