1
0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-28 00:21:48 +03:00

Test ssl_fork_server

Test ssl_fork_server with both TLS 1.2 and TLS 1.3.
Test against both OpenSSL and GnuTLS.

In the server, flush more often. Otherwise, when stdout is redirected to a
file, the server gets killed before it writes important information, such as
the logs that we expect in the test cases.

In the server, only write output for 10 seconds, not 100. That's enough time
to start concurrent clients if desired. 100 seconds causes ssl-opt to take a
very long time when the client actually listens to the whole input (which
`gnutls-cli` does, but not `openssl s_client`).

Clean up compile-time requirements in ssl_fork_server.c: any certificate-based
key exchange is ok, so don't insist on built-in RSA.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
2024-09-04 17:47:14 +02:00
parent 3abca9510a
commit c83e56cc45
3 changed files with 63 additions and 17 deletions

View File

@ -119,6 +119,50 @@ run_test "Sample: ssl_server, gnutls client, TLS 1.3" \
-S "error" \
-C "ERROR"
requires_protocol_version tls12
run_test "Sample: ssl_fork_server, openssl client, TLS 1.2" \
-P 4433 \
"$PROGRAMS_DIR/ssl_fork_server" \
"$O_CLI -tls1_2" \
0 \
-s "Successful connection using: TLS-" \
-c "New, TLSv1.2, Cipher is" \
-S "error" \
-C "ERROR"
requires_protocol_version tls12
run_test "Sample: ssl_fork_server, gnutls client, TLS 1.2" \
-P 4433 \
"$PROGRAMS_DIR/ssl_fork_server" \
"$G_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 localhost" \
0 \
-s "Successful connection using: TLS-" \
-c "Description:.*TLS1.2" \
-S "error" \
-C "ERROR"
requires_protocol_version tls13
run_test "Sample: ssl_fork_server, openssl client, TLS 1.3" \
-P 4433 \
"$PROGRAMS_DIR/ssl_fork_server" \
"$O_CLI -tls1_3" \
0 \
-s "Successful connection using: TLS1-3-" \
-c "New, TLSv1.3, Cipher is" \
-S "error" \
-C "ERROR"
requires_protocol_version tls13
run_test "Sample: ssl_fork_server, gnutls client, TLS 1.3" \
-P 4433 \
"$PROGRAMS_DIR/ssl_fork_server" \
"$G_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3 localhost" \
0 \
-s "Successful connection using: TLS1-3-" \
-c "Description:.*TLS1.3" \
-S "error" \
-C "ERROR"
requires_protocol_version tls12
run_test "Sample: ssl_pthread_server, openssl client, TLS 1.2" \
-P 4433 \

View File

@ -500,6 +500,7 @@ detect_required_features() {
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_certificate_authentication
;;
*"programs/ssl/ssl_fork_server "*|\
*"programs/ssl/ssl_pthread_server "*|\
*"programs/ssl/ssl_server "*)
requires_config_enabled MBEDTLS_CTR_DRBG_C