Commit graph

815 commits

Author SHA1 Message Date
Paul Bakker
f2a459df05 Preparation for PolarSSL 1.4.0 2014-10-21 16:40:54 +02:00
Manuel Pégourié-Gonnard
a6ace04c5c Test for lost HelloRequest 2014-10-21 16:32:57 +02:00
Manuel Pégourié-Gonnard
f1384470bf Avoid spurious timeout in ssl-opt.sh 2014-10-21 16:32:57 +02:00
Manuel Pégourié-Gonnard
74a1378175 Avoid false positive in ssl-opt.sh with memcheck 2014-10-21 16:32:56 +02:00
Manuel Pégourié-Gonnard
e698f59a25 Add tests for ssl_set_dtls_badmac_limit() 2014-10-21 16:32:56 +02:00
Manuel Pégourié-Gonnard
caecdaed25 Cosmetics in ssl_server2 & complete tests for HVR 2014-10-21 16:32:54 +02:00
Manuel Pégourié-Gonnard
37e08e1689 Fix max_fragment_length with DTLS 2014-10-21 16:32:53 +02:00
Manuel Pégourié-Gonnard
127ab88dba Give more time to lossy tests with normal timers 2014-10-21 16:32:51 +02:00
Manuel Pégourié-Gonnard
ba958b8bdc Add test for server-initiated renego
Just assuming the HelloRequest isn't lost for now
2014-10-21 16:32:50 +02:00
Manuel Pégourié-Gonnard
85beb30b11 Add test for resumption with non-blocking I/O 2014-10-21 16:32:48 +02:00
Manuel Pégourié-Gonnard
a59af05dce Give more time to tests that time out too often 2014-10-21 16:32:47 +02:00
Manuel Pégourié-Gonnard
7a26d73735 Add test for session resumption 2014-10-21 16:32:47 +02:00
Manuel Pégourié-Gonnard
df9a0a8460 Drop unexpected ApplicationData
This is likely to happen on resumption if client speaks first at the
application level.
2014-10-21 16:32:46 +02:00
Manuel Pégourié-Gonnard
37a4de2cec Use shorter timeouts in ssl-opt.sh proxy tests 2014-10-21 16:32:44 +02:00
Manuel Pégourié-Gonnard
6093d81c20 Add tests with proxy and non-blocking I/O 2014-10-21 16:32:42 +02:00
Manuel Pégourié-Gonnard
579950c2bb Fix bug with non-blocking I/O and cookies 2014-10-21 16:32:42 +02:00
Manuel Pégourié-Gonnard
bd97fdb3a4 Make ssl_server2's HVR handling more realistic
It makes not sense to keep the connection open until the client is verified.
Until now it was useful since closing it crates a race where the second
ClientHello might be lost. But now that our client is able to resend, that's
not an issue any more.
2014-10-21 16:32:40 +02:00
Manuel Pégourié-Gonnard
36795197d9 Rm now useless MTU setting in compat.sh 2014-10-21 16:32:40 +02:00
Manuel Pégourié-Gonnard
7a66cbca75 Rm some redundant tests 2014-10-21 16:32:40 +02:00
Manuel Pégourié-Gonnard
9590e0a176 Add proxy tests with gnutls-srv & fragmentation 2014-10-21 16:32:40 +02:00
Manuel Pégourié-Gonnard
fa60f128d6 Quit using "yes" in ssl-opt.sh with openssl
It caused s_server to send an AppData record of 16Kb every millisecond or so,
which destroyed readability of the proxy and client logs.
2014-10-21 16:32:39 +02:00
Manuel Pégourié-Gonnard
08a1d4bce1 Fix bug with client auth with DTLS 2014-10-21 16:32:39 +02:00
Manuel Pégourié-Gonnard
d0fd1daa6b Add test with proxy and openssl server 2014-10-21 16:32:38 +02:00
Manuel Pégourié-Gonnard
1b753f1e27 Add test for renego with proxy 2014-10-21 16:32:38 +02:00
Manuel Pégourié-Gonnard
18e519a660 Add proxy tests with more handshake flows 2014-10-21 16:32:37 +02:00
Manuel Pégourié-Gonnard
76fe9e41c1 Test that anti-replay ignores all duplicates 2014-10-21 16:32:36 +02:00
Manuel Pégourié-Gonnard
2739313cea Make anti-replay a runtime option 2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard
246c13a05f Fix epoch checking 2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard
b47368a00a Add replay detection 2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard
4956fd7437 Test and fix anti-replay functions 2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard
825a49ed7c Add more udp_proxy tests 2014-10-21 16:32:32 +02:00
Manuel Pégourié-Gonnard
a6189f0fb0 udp_proxy wasn't actually killed 2014-10-21 16:32:30 +02:00
Manuel Pégourié-Gonnard
a0719727da Add tests with dropped packets 2014-10-21 16:32:30 +02:00
Manuel Pégourié-Gonnard
63eca930d7 Drop invalid records with DTLS 2014-10-21 16:30:28 +02:00
Manuel Pégourié-Gonnard
990f9e428a Handle late handshake messages gracefully 2014-10-21 16:30:26 +02:00
Manuel Pégourié-Gonnard
be9eb877f7 Adapt ssl-opt.sh to allow using udp_proxy in tests 2014-10-21 16:30:25 +02:00
Manuel Pégourié-Gonnard
0a65934ef3 Re-enable valgrind for all tests
Now we can handle duplicated messages due to the peer re-sending (due to us
being soooo slow with valgrind)
2014-10-21 16:30:24 +02:00
Manuel Pégourié-Gonnard
0c4cbc7895 Add test for fragmentation + renego with GnuTLS 2014-10-21 16:30:23 +02:00
Manuel Pégourié-Gonnard
f1499f602e Add interop testing for renego with GnuTLS 2014-10-21 16:30:23 +02:00
Manuel Pégourié-Gonnard
77b0b8d100 Disable some tests with valgrind for now 2014-10-21 16:30:23 +02:00
Manuel Pégourié-Gonnard
64dffc5d14 Make handshake reassembly work with openssl 2014-10-21 16:30:22 +02:00
Manuel Pégourié-Gonnard
a77561765f Add test with openssl with DTLS in ssl-opt.sh 2014-10-21 16:30:22 +02:00
Manuel Pégourié-Gonnard
502bf30fb5 Handle reassembly of handshake messages
Works only with GnuTLS for now, OpenSSL packs other records in the same
datagram after the last fragmented one, which we don't handle yet.

Also, ssl-opt.sh fails the tests with valgrind for now: we're so slow with
valgrind that gnutls-serv retransmits some messages, and we don't handle
duplicated messages yet.
2014-10-21 16:30:22 +02:00
Manuel Pégourié-Gonnard
c392b240c4 Fix server-initiated renegotiation with DTLS 2014-10-21 16:30:21 +02:00
Manuel Pégourié-Gonnard
30d16eb429 Fix client-initiated renegotiation with DTLS 2014-10-21 16:30:20 +02:00
Manuel Pégourié-Gonnard
0eb6cab979 Add DTLS cookies test to ssl-opt.sh 2014-10-21 16:30:19 +02:00
Manuel Pégourié-Gonnard
53aef81a7d Work around OpenSSL bug in compat.sh 2014-10-21 16:30:12 +02:00
Manuel Pégourié-Gonnard
d1af1025d0 Add DTLS interop testing with OpenSSL server
PSK suites failing with client auth
2014-10-21 16:30:12 +02:00
Manuel Pégourié-Gonnard
9bfb1226da Add DTLS interop testing with GnuTLS server 2014-10-21 16:30:12 +02:00
Manuel Pégourié-Gonnard
29980b16bd Add DTLS interop testing (PolarSSL server) 2014-10-21 16:30:11 +02:00