Add DTLS interop testing with OpenSSL server
PSK suites failing with client auth
This commit is contained in:
parent
805e2300af
commit
d1af1025d0
1 changed files with 19 additions and 4 deletions
|
@ -172,9 +172,15 @@ filter_ciphersuites()
|
||||||
# Currently OpenSSL doesn't support DTLS 1.2
|
# Currently OpenSSL doesn't support DTLS 1.2
|
||||||
if [ `minor_ver "$MODE"` -ge 3 ] && is_dtls "$MODE"; then
|
if [ `minor_ver "$MODE"` -ge 3 ] && is_dtls "$MODE"; then
|
||||||
O_CIPHERS=""
|
O_CIPHERS=""
|
||||||
|
case "$PEER" in
|
||||||
|
[Oo]pen*)
|
||||||
|
P_CIPHERS=""
|
||||||
|
;;
|
||||||
|
esac
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# We need to force IPv4 by connecting to 127.0.0.1 but then auth fails
|
# For GnuTLS client -> PolarSSL server,
|
||||||
|
# we need to force IPv4 by connecting to 127.0.0.1 but then auth fails
|
||||||
if [ "X$VERIFY" = "XYES" ] && is_dtls "$MODE"; then
|
if [ "X$VERIFY" = "XYES" ] && is_dtls "$MODE"; then
|
||||||
G_CIPHERS=""
|
G_CIPHERS=""
|
||||||
fi
|
fi
|
||||||
|
@ -723,10 +729,18 @@ setup_arguments()
|
||||||
esac
|
esac
|
||||||
|
|
||||||
P_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE"
|
P_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE"
|
||||||
O_SERVER_ARGS="-accept $PORT -www -cipher NULL,ALL -$MODE"
|
O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$MODE"
|
||||||
G_SERVER_ARGS="-p $PORT --http $G_MODE"
|
G_SERVER_ARGS="-p $PORT --http $G_MODE"
|
||||||
G_SERVER_PRIO="EXPORT:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
|
G_SERVER_PRIO="EXPORT:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
|
||||||
|
|
||||||
|
# with OpenSSL 1.0.1h, -www, -WWW and -HTTP break DTLS handshakes
|
||||||
|
if is_dtls "$MODE"; then
|
||||||
|
# temporary until we support handshake fragmentation
|
||||||
|
O_SERVER_ARGS="$O_SERVER_ARGS -mtu 16383"
|
||||||
|
else
|
||||||
|
O_SERVER_ARGS="$O_SERVER_ARGS -www"
|
||||||
|
fi
|
||||||
|
|
||||||
P_CLIENT_ARGS="server_port=$PORT server_addr=127.0.0.1 force_version=$MODE"
|
P_CLIENT_ARGS="server_port=$PORT server_addr=127.0.0.1 force_version=$MODE"
|
||||||
O_CLIENT_ARGS="-connect localhost:$PORT -$MODE"
|
O_CLIENT_ARGS="-connect localhost:$PORT -$MODE"
|
||||||
G_CLIENT_ARGS="-p $PORT --debug 3 $G_MODE"
|
G_CLIENT_ARGS="-p $PORT --debug 3 $G_MODE"
|
||||||
|
@ -835,7 +849,8 @@ start_server() {
|
||||||
|
|
||||||
log "$SERVER_CMD"
|
log "$SERVER_CMD"
|
||||||
echo "$SERVER_CMD" > $SRV_OUT
|
echo "$SERVER_CMD" > $SRV_OUT
|
||||||
$SERVER_CMD >> $SRV_OUT 2>&1 &
|
# for servers without -www or equivalent
|
||||||
|
yes Filler-text-for-server-to-send | $SERVER_CMD >> $SRV_OUT 2>&1 &
|
||||||
PROCESS_ID=$!
|
PROCESS_ID=$!
|
||||||
|
|
||||||
sleep 1
|
sleep 1
|
||||||
|
@ -1078,7 +1093,7 @@ for VERIFY in $VERIFIES; do
|
||||||
add_openssl_ciphersuites
|
add_openssl_ciphersuites
|
||||||
filter_ciphersuites
|
filter_ciphersuites
|
||||||
|
|
||||||
if [ "X" != "X$P_CIPHERS" ] && ! is_dtls "$MODE"; then
|
if [ "X" != "X$P_CIPHERS" ]; then
|
||||||
start_server "OpenSSL"
|
start_server "OpenSSL"
|
||||||
for i in $P_CIPHERS; do
|
for i in $P_CIPHERS; do
|
||||||
run_client PolarSSL $i
|
run_client PolarSSL $i
|
||||||
|
|
Loading…
Reference in a new issue