994f8b554f
Ok for close_notify to fail
2014-10-21 16:32:52 +02:00
a9d7d03e30
SIGTERM also interrupts server2 during net_read()
2014-10-21 16:32:50 +02:00
6a2bc23f63
Allow exchanges=0 in ssl_server2
...
Useful for testing with defensics with no data exchange
2014-10-21 16:32:50 +02:00
cce220d6aa
Adapt ssl_server2 to datagram-style read
2014-10-21 16:32:49 +02:00
85beb30b11
Add test for resumption with non-blocking I/O
2014-10-21 16:32:48 +02:00
f1e0df3ccd
Allow ssl_client2 to resend on read timeout
2014-10-21 16:32:46 +02:00
6b65141718
Implement ssl_read() timeout (DTLS only for now)
2014-10-21 16:32:46 +02:00
d823bd0a04
Add handshake_timeout option to test server/client
2014-10-21 16:32:44 +02:00
f03651217c
Adapt programs to use nbio with DTLS
2014-10-21 16:32:42 +02:00
bd97fdb3a4
Make ssl_server2's HVR handling more realistic
...
It makes not sense to keep the connection open until the client is verified.
Until now it was useful since closing it crates a race where the second
ClientHello might be lost. But now that our client is able to resend, that's
not an issue any more.
2014-10-21 16:32:40 +02:00
2739313cea
Make anti-replay a runtime option
2014-10-21 16:32:35 +02:00
484b8f9ed8
Fix bug in ssl_client2 reconnect option
2014-10-21 16:32:32 +02:00
b6440a496b
ssl_server2 now dies on SIGTERM during a read
2014-10-21 16:32:29 +02:00
a014829024
Use ssl_set_bio_timeout() in test client/server
2014-10-21 16:32:27 +02:00
4ba6ab6d0d
Fix glitch with HelloVerifyRequest
...
With the close-rebind strategy, sometimes the second ClientHello was lost (if
received before close), and since our client doesn't resend yet, the tests
would fail (no problem with other client that resend). Anyway, it's not really
clean to lose messages.
2014-10-21 16:30:20 +02:00
26820e3061
Add option 'cookies' to ssl_server2
2014-10-21 16:30:18 +02:00
a64acd4f84
Add separate SSL_COOKIE_C define
2014-10-21 16:30:18 +02:00
232edd46be
Move cookie callbacks implementation to own module
2014-10-21 16:30:17 +02:00
d485d194f9
Move to a callback interface for DTLS cookies
2014-10-21 16:30:17 +02:00
82202f0a9c
Make DTLS_HELLO_VERIFY a compile option
2014-10-21 16:30:16 +02:00
98545f128a
Generate random key for HelloVerifyRequest
2014-10-21 16:30:16 +02:00
336b824f07
Use ssl_set_client_transport_id() in ssl_server2
2014-10-21 16:30:15 +02:00
ae5050c212
Start adapting ssl_client2 to datagram I/O
2014-10-21 16:30:11 +02:00
798f15a500
Fix version adjustments with force_ciphersuite
2014-10-21 16:30:10 +02:00
fe3f73bdeb
Allow force_version to select DTLS
2014-10-21 16:30:10 +02:00
8a06d9c5d6
Actually use UDP for DTLS in test client/server
2014-10-21 16:30:09 +02:00
f5a1312eaa
Add UDP support to the NET module
2014-10-21 16:30:09 +02:00
83218f1da1
Add dtls version aliases to test serv/cli
2014-10-21 16:30:05 +02:00
864a81fdc0
More ssl_set_XXX() functions can return BAD_INPUT
2014-10-21 16:30:04 +02:00
e29fd4beaf
Add a dtls option to test server and client
2014-10-21 16:30:03 +02:00
f138874811
Properly send close_notify in ssl_client2
2014-08-19 16:14:36 +02:00
a8c0a0dbd0
Add "exchanges" option to test server and client
...
Goal is to test renegotiation better: we need more than one exchange for
server-initiated renego to work reliably (the previous hack for this wouldn't
work with non-blocking I/O and probably not with DTLS either).
Also check message termination in a semi-realistic way.
2014-08-19 13:26:05 +02:00
296e3b1174
Request renego before write in ssl_server2
...
Will be useful for:
- detecting termination of messages by other means than connection close
- DTLS (can be seen as a special case of the above: datagram-oriented)
2014-08-19 12:59:03 +02:00
e08660e612
Fix ssl_read() and close_notify error handling in programs
2014-08-19 10:34:37 +02:00
67686c42e6
Fix undocumented option in ssl_server2
2014-08-19 10:34:37 +02:00
250b1ca6f3
Fix ssl_server2 exiting on recoverable errors
2014-08-19 10:34:37 +02:00
bc3e54c70d
Fix overly rigorous defines in ssl_server2.c
2014-08-18 14:36:17 +02:00
09c9dd80ef
Revert 42cc641. Issue already fixed in 333fdec.
2014-08-18 11:06:56 +02:00
c1283d3f4c
Only use signal() in ssl_server2 on non-Windows platforms
2014-08-18 11:05:51 +02:00
dcab293bd4
Get rid of SERVERQUIT code in ssl_{client,server}2
2014-08-14 18:33:00 +02:00
db49330e08
ssl_server2 aborts cleanly on SIGTERM
...
(while waiting for a new connection)
2014-08-14 18:33:00 +02:00
7c03424d1c
ssl_mail_client.c: silence warning, check base64_encode() status
...
Found with Clang's `scan-build` tool.
ssl_mail_client.c does a dead store by assigning the return value of
base64_encode() to `len` and not using the value. This causes
scan-build to issue a warning.
Instead of storing the return value into `len`, store it to `ret`, since
base64_encode() returns a status code, not a length. Also check if the
return value is nonzero and print an error; this silences scan-build.
2014-08-14 11:34:35 +02:00
42cc641159
Don't print uninitialized buffer in ssl_mail_client
2014-08-14 11:34:34 +02:00
9dbe7c5f17
Remove unreachable code from ssl_pthread_server
2014-08-14 11:34:34 +02:00
955028f858
Fix compile error in ssl_pthread_server
2014-08-14 11:34:33 +02:00
333fdeca3a
Properly initialize buf
2014-08-04 12:12:09 +02:00
a317a98221
Adapt programs / test suites
2014-07-09 10:19:24 +02:00
c5fd391e04
Check return value of ssl_set_xxx() in programs
2014-07-08 14:20:26 +02:00
8fb99abaac
Merge changes for leaner memory footprint
2014-07-04 15:02:19 +02:00
481fcfde93
Make PSK_LEN configurable and adjust PMS size
2014-07-04 14:59:08 +02:00
