lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-30 22:43:08 +03:00
Code Activity

Test ssl_pthread_server

Browse Source 
Test ssl_pthread_server with both TLS 1.2 and TLS 1.3.
Test against both OpenSSL and GnuTLS.

In the server, flush more often. Otherwise, when stdout is redirected to a
file, the server gets killed before it writes important information, such as
the logs that we expect in the test cases.

Clean up compile-time requirements in ssl_pthread_server.c: any certificate-based
key exchange is ok, so don't insist on built-in RSA.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
2024-09-04 16:31:06 +02:00
parent 37c374981c
commit fab6099d4a
3 changed files with 71 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
programs/ssl/ssl_pthread_server.c
View File

@ -10,20 +10,21 @@
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \ #if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_SRV_C) || \ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \ !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C)
!defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
!defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_THREADING_C) || \
!defined(MBEDTLS_THREADING_PTHREAD) || !defined(MBEDTLS_PEM_PARSE_C)
int main(void) int main(void)
{ {
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C " mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
"and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or " "MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C "
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or " "not defined.\n");
"MBEDTLS_THREADING_C and/or MBEDTLS_THREADING_PTHREAD " mbedtls_exit(0);
"and/or MBEDTLS_PEM_PARSE_C not defined.\n"); }
#elif !defined(MBEDTLS_THREADING_C) || !defined(MBEDTLS_THREADING_PTHREAD)
int main(void)
{
mbedtls_printf("MBEDTLS_THREADING_PTHREAD not defined.\n");
mbedtls_exit(0); mbedtls_exit(0);
} }
#else #else
@ -123,6 +124,7 @@ static void *handle_ssl_connection(void *data)
* 5. Handshake * 5. Handshake
*/ */
mbedtls_printf(" [ #%ld ] Performing the SSL/TLS handshake\n", thread_id); mbedtls_printf(" [ #%ld ] Performing the SSL/TLS handshake\n", thread_id);
fflush(stdout);
while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) { while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
@ -138,6 +140,7 @@ static void *handle_ssl_connection(void *data)
* 6. Read the HTTP Request * 6. Read the HTTP Request
*/ */
mbedtls_printf(" [ #%ld ] < Read from client\n", thread_id); mbedtls_printf(" [ #%ld ] < Read from client\n", thread_id);
fflush(stdout);
do { do {
len = sizeof(buf) - 1; len = sizeof(buf) - 1;
@ -170,6 +173,7 @@ static void *handle_ssl_connection(void *data)
len = ret; len = ret;
mbedtls_printf(" [ #%ld ] %d bytes read\n=====\n%s\n=====\n", mbedtls_printf(" [ #%ld ] %d bytes read\n=====\n%s\n=====\n",
thread_id, len, (char *) buf); thread_id, len, (char *) buf);
fflush(stdout);
if (ret > 0) { if (ret > 0) {
break; break;
@ -180,6 +184,7 @@ static void *handle_ssl_connection(void *data)
* 7. Write the 200 Response * 7. Write the 200 Response
*/ */
mbedtls_printf(" [ #%ld ] > Write to client:\n", thread_id); mbedtls_printf(" [ #%ld ] > Write to client:\n", thread_id);
fflush(stdout);
len = sprintf((char *) buf, HTTP_RESPONSE, len = sprintf((char *) buf, HTTP_RESPONSE,
mbedtls_ssl_get_ciphersuite(&ssl)); mbedtls_ssl_get_ciphersuite(&ssl));
@ -201,6 +206,7 @@ static void *handle_ssl_connection(void *data)
len = ret; len = ret;
mbedtls_printf(" [ #%ld ] %d bytes written\n=====\n%s\n=====\n", mbedtls_printf(" [ #%ld ] %d bytes written\n=====\n%s\n=====\n",
thread_id, len, (char *) buf); thread_id, len, (char *) buf);
fflush(stdout);
mbedtls_printf(" [ #%ld ] . Closing the connection...", thread_id); mbedtls_printf(" [ #%ld ] . Closing the connection...", thread_id);
@ -214,6 +220,7 @@ static void *handle_ssl_connection(void *data)
} }
mbedtls_printf(" ok\n"); mbedtls_printf(" ok\n");
fflush(stdout);
ret = 0; ret = 0;
@ -442,6 +449,7 @@ reset:
* 3. Wait until a client connects * 3. Wait until a client connects
*/ */
mbedtls_printf(" [ main ] Waiting for a remote connection\n"); mbedtls_printf(" [ main ] Waiting for a remote connection\n");
fflush(stdout);
if ((ret = mbedtls_net_accept(&listen_fd, &client_fd, if ((ret = mbedtls_net_accept(&listen_fd, &client_fd,
NULL, 0, NULL)) != 0) { NULL, 0, NULL)) != 0) {
@ -483,7 +491,4 @@ exit:
mbedtls_exit(ret); mbedtls_exit(ret);
} }
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && #endif /* configuration allows running this program */
MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&
MBEDTLS_RSA_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_THREADING_C &&
MBEDTLS_THREADING_PTHREAD && MBEDTLS_PEM_PARSE_C */

44
tests/opt-testcases/sample.sh
View File

@ -118,3 +118,47 @@ run_test "Sample: ssl_server, gnutls client, TLS 1.3" \
-c "Description:.*TLS1.3" \ -c "Description:.*TLS1.3" \
-S "error" \ -S "error" \
-C "ERROR" -C "ERROR"
requires_protocol_version tls12
run_test "Sample: ssl_pthread_server, openssl client, TLS 1.2" \
-P 4433 \
"$PROGRAMS_DIR/ssl_pthread_server" \
"$O_CLI -tls1_2" \
0 \
-s "Successful connection using: TLS-" \
-c "New, TLSv1.2, Cipher is" \
-S "error" \
-C "ERROR"
requires_protocol_version tls12
run_test "Sample: ssl_pthread_server, gnutls client, TLS 1.2" \
-P 4433 \
"$PROGRAMS_DIR/ssl_pthread_server" \
"$G_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 localhost" \
0 \
-s "Successful connection using: TLS-" \
-c "Description:.*TLS1.2" \
-S "error" \
-C "ERROR"
requires_protocol_version tls13
run_test "Sample: ssl_pthread_server, openssl client, TLS 1.3" \
-P 4433 \
"$PROGRAMS_DIR/ssl_pthread_server" \
"$O_CLI -tls1_3" \
0 \
-s "Successful connection using: TLS1-3-" \
-c "New, TLSv1.3, Cipher is" \
-S "error" \
-C "ERROR"
requires_protocol_version tls13
run_test "Sample: ssl_pthread_server, gnutls client, TLS 1.3" \
-P 4433 \
"$PROGRAMS_DIR/ssl_pthread_server" \
"$G_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3 localhost" \
0 \
-s "Successful connection using: TLS1-3-" \
-c "Description:.*TLS1.3" \
-S "error" \
-C "ERROR"

6
tests/ssl-opt.sh
View File

@ -500,6 +500,7 @@ detect_required_features() {
requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_CLI_C
requires_certificate_authentication requires_certificate_authentication
;; ;;
*"programs/ssl/ssl_pthread_server "*|\
*"programs/ssl/ssl_server "*) *"programs/ssl/ssl_server "*)
requires_config_enabled MBEDTLS_CTR_DRBG_C requires_config_enabled MBEDTLS_CTR_DRBG_C
requires_config_enabled MBEDTLS_ENTROPY_C requires_config_enabled MBEDTLS_ENTROPY_C
@ -509,6 +510,11 @@ detect_required_features() {
;; ;;
esac esac
case " $CMD_LINE " in
*"programs/ssl/ssl_pthread_server "*)
requires_config_enabled MBEDTLS_THREADING_PTHREAD;;
esac
case "$CMD_LINE" in case "$CMD_LINE" in
*[-_\ =]psk*|*[-_\ =]PSK*) :;; # No certificate requirement with PSK *[-_\ =]psk*|*[-_\ =]PSK*) :;; # No certificate requirement with PSK
*/server5*|\ */server5*|\