dc6a75a952
ERR_NET_CONN_RESET can't happen with UDP
2014-10-21 16:32:54 +02:00
caecdaed25
Cosmetics in ssl_server2 & complete tests for HVR
2014-10-21 16:32:54 +02:00
2d87e419e0
Adapt ssl_{client,server}2.c to datagram write
2014-10-21 16:32:53 +02:00
994f8b554f
Ok for close_notify to fail
2014-10-21 16:32:52 +02:00
ba958b8bdc
Add test for server-initiated renego
...
Just assuming the HelloRequest isn't lost for now
2014-10-21 16:32:50 +02:00
a9d7d03e30
SIGTERM also interrupts server2 during net_read()
2014-10-21 16:32:50 +02:00
6a2bc23f63
Allow exchanges=0 in ssl_server2
...
Useful for testing with defensics with no data exchange
2014-10-21 16:32:50 +02:00
cce220d6aa
Adapt ssl_server2 to datagram-style read
2014-10-21 16:32:49 +02:00
85beb30b11
Add test for resumption with non-blocking I/O
2014-10-21 16:32:48 +02:00
f1e0df3ccd
Allow ssl_client2 to resend on read timeout
2014-10-21 16:32:46 +02:00
6b65141718
Implement ssl_read() timeout (DTLS only for now)
2014-10-21 16:32:46 +02:00
d823bd0a04
Add handshake_timeout option to test server/client
2014-10-21 16:32:44 +02:00
ce8588c9ef
Make udp_proxy more robust
...
There seemed to be some race conditions with server closing its fd right after
sending HelloVerifyRequest causing the proxy to exit after a failed read.
2014-10-21 16:32:43 +02:00
f03651217c
Adapt programs to use nbio with DTLS
2014-10-21 16:32:42 +02:00
bd97fdb3a4
Make ssl_server2's HVR handling more realistic
...
It makes not sense to keep the connection open until the client is verified.
Until now it was useful since closing it crates a race where the second
ClientHello might be lost. But now that our client is able to resend, that's
not an issue any more.
2014-10-21 16:32:40 +02:00
fa60f128d6
Quit using "yes" in ssl-opt.sh with openssl
...
It caused s_server to send an AppData record of 16Kb every millisecond or so,
which destroyed readability of the proxy and client logs.
2014-10-21 16:32:39 +02:00
ae666c5092
proxy: avoid always dropping the same packet
2014-10-21 16:32:39 +02:00
d0fd1daa6b
Add test with proxy and openssl server
2014-10-21 16:32:38 +02:00
8cc7e03ae0
udp_proxy: show encrypted messages as encrypted
2014-10-21 16:32:37 +02:00
6265d305f1
Fix some delayed packets going the wrong way
2014-10-21 16:32:36 +02:00
bf02319b58
udp_proxy: don't overwrite delayed packets
2014-10-21 16:32:36 +02:00
2739313cea
Make anti-replay a runtime option
2014-10-21 16:32:35 +02:00
6312e0f4e6
udp_proxy: allow successive clients
2014-10-21 16:32:32 +02:00
484b8f9ed8
Fix bug in ssl_client2 reconnect option
2014-10-21 16:32:32 +02:00
b46780edee
Enlarge udp_proxy's message buffer
2014-10-21 16:32:32 +02:00
ae8d2399a5
udp_proxy: also drop messages from the last flight
2014-10-21 16:32:31 +02:00
992e13665d
Make decisions pseudo-random in udp_proxy
2014-10-21 16:32:31 +02:00
bc010a045c
udp_proxy: don't drop messages in the last flight
...
Resending the last flight is on the todo-list, but I want to be able to test
what's already done now.
2014-10-21 16:32:30 +02:00
b6440a496b
ssl_server2 now dies on SIGTERM during a read
2014-10-21 16:32:29 +02:00
7cf3518284
Enhance output of udp_proxy (with time)
2014-10-21 16:32:29 +02:00
a014829024
Use ssl_set_bio_timeout() in test client/server
2014-10-21 16:32:27 +02:00
63eca930d7
Drop invalid records with DTLS
2014-10-21 16:30:28 +02:00
6c18a39807
Add option 'bad_ad' to udp_proxy
2014-10-21 16:30:27 +02:00
eb00bfd9c2
Add option 'mtu' to udp_proxy
2014-10-21 16:30:27 +02:00
81f2fe9f08
Add option 'delay_ccs' to udp_proxy
2014-10-21 16:30:27 +02:00
60fdd7e0f2
Add option 'drop' to udp_proxy
2014-10-21 16:30:26 +02:00
21398c37c0
Add option 'delay' to udp_proxy
2014-10-21 16:30:26 +02:00
2c41bd85e0
Add a 'duplicate' option to udp_proxy
2014-10-21 16:30:26 +02:00
44d5e63e6a
Enhance output of udp_proxy
2014-10-21 16:30:25 +02:00
cb4137b646
Add test utility udp_proxy
...
Currently just forwards: will delay, duplicate and drop later.
2014-10-21 16:30:25 +02:00
4ba6ab6d0d
Fix glitch with HelloVerifyRequest
...
With the close-rebind strategy, sometimes the second ClientHello was lost (if
received before close), and since our client doesn't resend yet, the tests
would fail (no problem with other client that resend). Anyway, it's not really
clean to lose messages.
2014-10-21 16:30:20 +02:00
26820e3061
Add option 'cookies' to ssl_server2
2014-10-21 16:30:18 +02:00
a64acd4f84
Add separate SSL_COOKIE_C define
2014-10-21 16:30:18 +02:00
232edd46be
Move cookie callbacks implementation to own module
2014-10-21 16:30:17 +02:00
d485d194f9
Move to a callback interface for DTLS cookies
2014-10-21 16:30:17 +02:00
82202f0a9c
Make DTLS_HELLO_VERIFY a compile option
2014-10-21 16:30:16 +02:00
98545f128a
Generate random key for HelloVerifyRequest
2014-10-21 16:30:16 +02:00
336b824f07
Use ssl_set_client_transport_id() in ssl_server2
2014-10-21 16:30:15 +02:00
ae5050c212
Start adapting ssl_client2 to datagram I/O
2014-10-21 16:30:11 +02:00
798f15a500
Fix version adjustments with force_ciphersuite
2014-10-21 16:30:10 +02:00
