-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Backport 3.6: test sample programs in ssl-opt.sh #9541
base: mbedtls-3.6
Are you sure you want to change the base?
Changes from 1 commit
ab84fe8
8a742b8
26fb456
152fa2d
4b5f619
c36f883
2009670
3024761
1feb2cf
6c3f5a5
4ab3d55
625f3e1
1ef9071
9cb98c7
4959cd0
b3fd659
b9dbbd8
d416cdf
3bfe32a
2ce68ec
20a3c38
a3f3ca0
186d4a5
ea8cea6
1270ba7
2730bd3
0911956
6e8aab9
e2f3052
4960386
01d25cf
58ebd1c
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,10 +1,23 @@ | ||
# Test that SSL sample programs can interoperate with OpenSSL and GnuTLS. | ||
# Test that SSL sample programs can interoperate with each other | ||
# and with OpenSSL and GnuTLS. | ||
|
||
# Copyright The Mbed TLS Contributors | ||
# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later | ||
|
||
: ${PROGRAMS_DIR:=../programs/ssl} | ||
|
||
run_test "Sample: ssl_client1, ssl_server2" \ | ||
-P 4433 \ | ||
"$PROGRAMS_DIR/ssl_server2" \ | ||
"$PROGRAMS_DIR/ssl_client1" \ | ||
0 \ | ||
-s "[1-9][0-9]* bytes read" \ | ||
-s "[1-9][0-9]* bytes written" \ | ||
-c "[1-9][0-9]* bytes read" \ | ||
-c "[1-9][0-9]* bytes written" \ | ||
-S "error" \ | ||
-C "error" | ||
|
||
requires_protocol_version tls12 | ||
run_test "Sample: ssl_client1, openssl server, TLS 1.2" \ | ||
-P 4433 \ | ||
|
@@ -49,6 +62,22 @@ run_test "Sample: ssl_client1, gnutls server, TLS 1.3" \ | |
-S "Error" \ | ||
-C "error" | ||
|
||
# The server complains of extra data after it closes the connection | ||
# because the client keeps sending data, so the server receives | ||
# more application data when it expects a new handshake. We consider | ||
# the test a success if both sides have sent and received application | ||
# data, no matter what happens afterwards. | ||
run_test "Sample: dtls_client, ssl_server2" \ | ||
-P 4433 \ | ||
"$PROGRAMS_DIR/ssl_server2 dtls=1 server_addr=localhost" \ | ||
"$PROGRAMS_DIR/dtls_client" \ | ||
0 \ | ||
-s "[1-9][0-9]* bytes read" \ | ||
-s "[1-9][0-9]* bytes written" \ | ||
-c "[1-9][0-9]* bytes read" \ | ||
-c "[1-9][0-9]* bytes written" \ | ||
-C "error" | ||
|
||
requires_protocol_version dtls12 | ||
run_test "Sample: dtls_client, openssl server, DTLS 1.2" \ | ||
-P 4433 \ | ||
|
@@ -76,6 +105,30 @@ run_test "Sample: dtls_client, gnutls server, DTLS 1.2" \ | |
-S "Error" \ | ||
-C "error" | ||
|
||
run_test "Sample: ssl_server, ssl_client2" \ | ||
-P 4433 \ | ||
"$PROGRAMS_DIR/ssl_server" \ | ||
"$PROGRAMS_DIR/ssl_client2" \ | ||
0 \ | ||
-s "[1-9][0-9]* bytes read" \ | ||
-s "[1-9][0-9]* bytes written" \ | ||
-c "[1-9][0-9]* bytes read" \ | ||
-c "[1-9][0-9]* bytes written" \ | ||
-S "error" \ | ||
-C "error" | ||
|
||
run_test "Sample: ssl_client1 with ssl_server" \ | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Minor: naming is inconsistent. Not sure it matters though. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. There are two naming patterns: “Sample: PROGRAM, PEER” for testing a sample program against a peer that isn't a sample program (OpenSSL, GnuTLS or Mbed TLS's fancy programs), and “Sample: PROGRAM1 with PROGRAM2” for testing two sample programs against each other. I'm open to other naming conventions if you have suggestions. |
||
-P 4433 \ | ||
"$PROGRAMS_DIR/ssl_server" \ | ||
"$PROGRAMS_DIR/ssl_client1" \ | ||
0 \ | ||
-s "[1-9][0-9]* bytes read" \ | ||
-s "[1-9][0-9]* bytes written" \ | ||
-c "[1-9][0-9]* bytes read" \ | ||
-c "[1-9][0-9]* bytes written" \ | ||
-S "error" \ | ||
-C "error" | ||
|
||
requires_protocol_version tls12 | ||
run_test "Sample: ssl_server, openssl client, TLS 1.2" \ | ||
-P 4433 \ | ||
|
@@ -122,6 +175,30 @@ run_test "Sample: ssl_server, gnutls client, TLS 1.3" \ | |
-S "error" \ | ||
-C "ERROR" | ||
|
||
run_test "Sample: ssl_fork_server, ssl_client2" \ | ||
-P 4433 \ | ||
"$PROGRAMS_DIR/ssl_fork_server" \ | ||
"$PROGRAMS_DIR/ssl_client2" \ | ||
0 \ | ||
-s "[1-9][0-9]* bytes read" \ | ||
-s "[1-9][0-9]* bytes written" \ | ||
-c "[1-9][0-9]* bytes read" \ | ||
-c "[1-9][0-9]* bytes written" \ | ||
-S "error" \ | ||
-C "error" | ||
|
||
run_test "Sample: ssl_client1 with ssl_fork_server" \ | ||
-P 4433 \ | ||
"$PROGRAMS_DIR/ssl_fork_server" \ | ||
"$PROGRAMS_DIR/ssl_client1" \ | ||
0 \ | ||
-s "[1-9][0-9]* bytes read" \ | ||
-s "[1-9][0-9]* bytes written" \ | ||
-c "[1-9][0-9]* bytes read" \ | ||
-c "[1-9][0-9]* bytes written" \ | ||
-S "error" \ | ||
-C "error" | ||
|
||
requires_protocol_version tls12 | ||
run_test "Sample: ssl_fork_server, openssl client, TLS 1.2" \ | ||
-P 4433 \ | ||
|
@@ -168,6 +245,30 @@ run_test "Sample: ssl_fork_server, gnutls client, TLS 1.3" \ | |
-S "error" \ | ||
-C "ERROR" | ||
|
||
run_test "Sample: ssl_pthread_server, ssl_client2" \ | ||
-P 4433 \ | ||
"$PROGRAMS_DIR/ssl_pthread_server" \ | ||
"$PROGRAMS_DIR/ssl_client2" \ | ||
0 \ | ||
-s "[1-9][0-9]* bytes read" \ | ||
-s "[1-9][0-9]* bytes written" \ | ||
-c "[1-9][0-9]* bytes read" \ | ||
-c "[1-9][0-9]* bytes written" \ | ||
-S "error" \ | ||
-C "error" | ||
|
||
run_test "Sample: ssl_client1 with ssl_pthread_server" \ | ||
-P 4433 \ | ||
"$PROGRAMS_DIR/ssl_pthread_server" \ | ||
"$PROGRAMS_DIR/ssl_client1" \ | ||
0 \ | ||
-s "[1-9][0-9]* bytes read" \ | ||
-s "[1-9][0-9]* bytes written" \ | ||
-c "[1-9][0-9]* bytes read" \ | ||
-c "[1-9][0-9]* bytes written" \ | ||
-S "error" \ | ||
-C "error" | ||
|
||
requires_protocol_version tls12 | ||
run_test "Sample: ssl_pthread_server, openssl client, TLS 1.2" \ | ||
-P 4433 \ | ||
|
@@ -214,6 +315,38 @@ run_test "Sample: ssl_pthread_server, gnutls client, TLS 1.3" \ | |
-S "error" \ | ||
-C "ERROR" | ||
|
||
# The server complains of extra data after it closes the connection | ||
# because the client keeps sending data, so the server receives | ||
# more application data when it expects a new handshake. We consider | ||
# the test a success if both sides have sent and received application | ||
# data, no matter what happens afterwards. | ||
run_test "Sample: dtls_client with dtls_server" \ | ||
-P 4433 \ | ||
"$PROGRAMS_DIR/dtls_server" \ | ||
"$PROGRAMS_DIR/dtls_client" \ | ||
0 \ | ||
-s "[1-9][0-9]* bytes read" \ | ||
-s "[1-9][0-9]* bytes written" \ | ||
-c "[1-9][0-9]* bytes read" \ | ||
-c "[1-9][0-9]* bytes written" \ | ||
-C "error" | ||
|
||
# The server complains of extra data after it closes the connection | ||
# because the client keeps sending data, so the server receives | ||
# more application data when it expects a new handshake. We consider | ||
# the test a success if both sides have sent and received application | ||
# data, no matter what happens afterwards. | ||
run_test "Sample: ssl_client2, dtls_server" \ | ||
-P 4433 \ | ||
"$PROGRAMS_DIR/dtls_server" \ | ||
"$PROGRAMS_DIR/ssl_client2 dtls=1" \ | ||
0 \ | ||
-s "[1-9][0-9]* bytes read" \ | ||
-s "[1-9][0-9]* bytes written" \ | ||
-c "[1-9][0-9]* bytes read" \ | ||
-c "[1-9][0-9]* bytes written" \ | ||
-C "error" | ||
|
||
requires_protocol_version dtls12 | ||
run_test "Sample: dtls_server, openssl client, DTLS 1.2" \ | ||
-P 4433 \ | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Out of curiosity: why do we need
server_addr=localhost
here?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
By default, on my machine,
ssl_server2
only listens on IPv4. I actually don't understand why: I would have thought it would prioritize IPv6.dtls_client
connects tolocalhost
, whatever it is. I remember it took me a little while to find something that would minimize changes in the test programs, have the tests pass on my machine (wherelocalhost
resolves to::1
), and have the tests pass on the CI (where IPv6 is disabled).I don't know why this isn't necessary for
ssl_client1
.