Manuel Pégourié-Gonnard
8a7cf2543a
Add a few #ifdefs
2014-10-21 16:32:51 +02:00
Manuel Pégourié-Gonnard
ba958b8bdc
Add test for server-initiated renego
...
Just assuming the HelloRequest isn't lost for now
2014-10-21 16:32:50 +02:00
Manuel Pégourié-Gonnard
a9d7d03e30
SIGTERM also interrupts server2 during net_read()
2014-10-21 16:32:50 +02:00
Manuel Pégourié-Gonnard
6a2bc23f63
Allow exchanges=0 in ssl_server2
...
Useful for testing with defensics with no data exchange
2014-10-21 16:32:50 +02:00
Manuel Pégourié-Gonnard
cce220d6aa
Adapt ssl_server2 to datagram-style read
2014-10-21 16:32:49 +02:00
Manuel Pégourié-Gonnard
46fb942046
Fix warning about function that should be static
2014-10-21 16:32:49 +02:00
Manuel Pégourié-Gonnard
f1e9b09a0c
Fix missing #ifdef's
2014-10-21 16:32:48 +02:00
Manuel Pégourié-Gonnard
85beb30b11
Add test for resumption with non-blocking I/O
2014-10-21 16:32:48 +02:00
Manuel Pégourié-Gonnard
a59af05dce
Give more time to tests that time out too often
2014-10-21 16:32:47 +02:00
Manuel Pégourié-Gonnard
4e2f245752
Fix timer issues
...
- timer not firing when constantly receiving bad messages
- timer not reset on failed reads
- timer incorrectly restarted on resend during read
2014-10-21 16:32:47 +02:00
Manuel Pégourié-Gonnard
7a26d73735
Add test for session resumption
2014-10-21 16:32:47 +02:00
Manuel Pégourié-Gonnard
df9a0a8460
Drop unexpected ApplicationData
...
This is likely to happen on resumption if client speaks first at the
application level.
2014-10-21 16:32:46 +02:00
Manuel Pégourié-Gonnard
f1e0df3ccd
Allow ssl_client2 to resend on read timeout
2014-10-21 16:32:46 +02:00
Manuel Pégourié-Gonnard
6b65141718
Implement ssl_read() timeout (DTLS only for now)
2014-10-21 16:32:46 +02:00
Manuel Pégourié-Gonnard
2707430a4d
Fix types and comments about read_timeout
2014-10-21 16:32:45 +02:00
Manuel Pégourié-Gonnard
6c1fa3a184
Fix misplaced initialisation of timeout
2014-10-21 16:32:45 +02:00
Manuel Pégourié-Gonnard
37a4de2cec
Use shorter timeouts in ssl-opt.sh proxy tests
2014-10-21 16:32:44 +02:00
Manuel Pégourié-Gonnard
d823bd0a04
Add handshake_timeout option to test server/client
2014-10-21 16:32:44 +02:00
Manuel Pégourié-Gonnard
c8d8e97cbd
Move to milliseconds in recv_timeout()
2014-10-21 16:32:44 +02:00
Manuel Pégourié-Gonnard
905dd2425c
Add ssl_set_handshake_timeout()
2014-10-21 16:32:43 +02:00
Manuel Pégourié-Gonnard
0ac247fd88
Implement timeout back-off (fixed range for now)
2014-10-21 16:32:43 +02:00
Manuel Pégourié-Gonnard
ce8588c9ef
Make udp_proxy more robust
...
There seemed to be some race conditions with server closing its fd right after
sending HelloVerifyRequest causing the proxy to exit after a failed read.
2014-10-21 16:32:43 +02:00
Manuel Pégourié-Gonnard
6093d81c20
Add tests with proxy and non-blocking I/O
2014-10-21 16:32:42 +02:00
Manuel Pégourié-Gonnard
579950c2bb
Fix bug with non-blocking I/O and cookies
2014-10-21 16:32:42 +02:00
Manuel Pégourié-Gonnard
f03651217c
Adapt programs to use nbio with DTLS
2014-10-21 16:32:42 +02:00
Manuel Pégourié-Gonnard
7de3c9eecb
Count timeout per flight, not per message
2014-10-21 16:32:41 +02:00
Manuel Pégourié-Gonnard
db2858ce96
Preparation for timers
...
Currently directly using timing.c, plan to use callbacks later to loosen
coupling, but first just get things working.
2014-10-21 16:32:41 +02:00
Manuel Pégourié-Gonnard
bd97fdb3a4
Make ssl_server2's HVR handling more realistic
...
It makes not sense to keep the connection open until the client is verified.
Until now it was useful since closing it crates a race where the second
ClientHello might be lost. But now that our client is able to resend, that's
not an issue any more.
2014-10-21 16:32:40 +02:00
Manuel Pégourié-Gonnard
36795197d9
Rm now useless MTU setting in compat.sh
2014-10-21 16:32:40 +02:00
Manuel Pégourié-Gonnard
7a66cbca75
Rm some redundant tests
2014-10-21 16:32:40 +02:00
Manuel Pégourié-Gonnard
9590e0a176
Add proxy tests with gnutls-srv & fragmentation
2014-10-21 16:32:40 +02:00
Manuel Pégourié-Gonnard
fa60f128d6
Quit using "yes" in ssl-opt.sh with openssl
...
It caused s_server to send an AppData record of 16Kb every millisecond or so,
which destroyed readability of the proxy and client logs.
2014-10-21 16:32:39 +02:00
Manuel Pégourié-Gonnard
ae666c5092
proxy: avoid always dropping the same packet
2014-10-21 16:32:39 +02:00
Manuel Pégourié-Gonnard
08a1d4bce1
Fix bug with client auth with DTLS
2014-10-21 16:32:39 +02:00
Manuel Pégourié-Gonnard
d0fd1daa6b
Add test with proxy and openssl server
2014-10-21 16:32:38 +02:00
Manuel Pégourié-Gonnard
1b753f1e27
Add test for renego with proxy
2014-10-21 16:32:38 +02:00
Manuel Pégourié-Gonnard
23b7b703aa
Fix issue with renego & resend
2014-10-21 16:32:38 +02:00
Manuel Pégourié-Gonnard
8cc7e03ae0
udp_proxy: show encrypted messages as encrypted
2014-10-21 16:32:37 +02:00
Manuel Pégourié-Gonnard
18e519a660
Add proxy tests with more handshake flows
2014-10-21 16:32:37 +02:00
Manuel Pégourié-Gonnard
6265d305f1
Fix some delayed packets going the wrong way
2014-10-21 16:32:36 +02:00
Manuel Pégourié-Gonnard
bf02319b58
udp_proxy: don't overwrite delayed packets
2014-10-21 16:32:36 +02:00
Manuel Pégourié-Gonnard
76fe9e41c1
Test that anti-replay ignores all duplicates
2014-10-21 16:32:36 +02:00
Manuel Pégourié-Gonnard
f03c7aa469
Add replay detection in parse_client_hello()
2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard
2739313cea
Make anti-replay a runtime option
2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard
8464a46b6b
Make DTLS_ANTI_REPLAY depends on PROTO_DTLS
2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard
246c13a05f
Fix epoch checking
2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard
b47368a00a
Add replay detection
2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard
4956fd7437
Test and fix anti-replay functions
2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard
7a7e140d4e
Add functions for replay protection
2014-10-21 16:32:33 +02:00
Manuel Pégourié-Gonnard
ea22ce577e
Rm unneeded counter increment with DTLS
2014-10-21 16:32:33 +02:00