db2858ce96
Preparation for timers
...
Currently directly using timing.c, plan to use callbacks later to loosen
coupling, but first just get things working.
2014-10-21 16:32:41 +02:00
bd97fdb3a4
Make ssl_server2's HVR handling more realistic
...
It makes not sense to keep the connection open until the client is verified.
Until now it was useful since closing it crates a race where the second
ClientHello might be lost. But now that our client is able to resend, that's
not an issue any more.
2014-10-21 16:32:40 +02:00
36795197d9
Rm now useless MTU setting in compat.sh
2014-10-21 16:32:40 +02:00
7a66cbca75
Rm some redundant tests
2014-10-21 16:32:40 +02:00
9590e0a176
Add proxy tests with gnutls-srv & fragmentation
2014-10-21 16:32:40 +02:00
fa60f128d6
Quit using "yes" in ssl-opt.sh with openssl
...
It caused s_server to send an AppData record of 16Kb every millisecond or so,
which destroyed readability of the proxy and client logs.
2014-10-21 16:32:39 +02:00
ae666c5092
proxy: avoid always dropping the same packet
2014-10-21 16:32:39 +02:00
08a1d4bce1
Fix bug with client auth with DTLS
2014-10-21 16:32:39 +02:00
d0fd1daa6b
Add test with proxy and openssl server
2014-10-21 16:32:38 +02:00
1b753f1e27
Add test for renego with proxy
2014-10-21 16:32:38 +02:00
23b7b703aa
Fix issue with renego & resend
2014-10-21 16:32:38 +02:00
8cc7e03ae0
udp_proxy: show encrypted messages as encrypted
2014-10-21 16:32:37 +02:00
18e519a660
Add proxy tests with more handshake flows
2014-10-21 16:32:37 +02:00
6265d305f1
Fix some delayed packets going the wrong way
2014-10-21 16:32:36 +02:00
bf02319b58
udp_proxy: don't overwrite delayed packets
2014-10-21 16:32:36 +02:00
76fe9e41c1
Test that anti-replay ignores all duplicates
2014-10-21 16:32:36 +02:00
f03c7aa469
Add replay detection in parse_client_hello()
2014-10-21 16:32:35 +02:00
2739313cea
Make anti-replay a runtime option
2014-10-21 16:32:35 +02:00
8464a46b6b
Make DTLS_ANTI_REPLAY depends on PROTO_DTLS
2014-10-21 16:32:35 +02:00
246c13a05f
Fix epoch checking
2014-10-21 16:32:34 +02:00
b47368a00a
Add replay detection
2014-10-21 16:32:34 +02:00
4956fd7437
Test and fix anti-replay functions
2014-10-21 16:32:34 +02:00
7a7e140d4e
Add functions for replay protection
2014-10-21 16:32:33 +02:00
ea22ce577e
Rm unneeded counter increment with DTLS
2014-10-21 16:32:33 +02:00
6312e0f4e6
udp_proxy: allow successive clients
2014-10-21 16:32:32 +02:00
484b8f9ed8
Fix bug in ssl_client2 reconnect option
2014-10-21 16:32:32 +02:00
b46780edee
Enlarge udp_proxy's message buffer
2014-10-21 16:32:32 +02:00
825a49ed7c
Add more udp_proxy tests
2014-10-21 16:32:32 +02:00
ae8d2399a5
udp_proxy: also drop messages from the last flight
2014-10-21 16:32:31 +02:00
abf16240dd
Add ability to resend last flight
2014-10-21 16:32:31 +02:00
992e13665d
Make decisions pseudo-random in udp_proxy
2014-10-21 16:32:31 +02:00
cd32a50d67
Fix NewSesssionTicket vs ChangeCipherSpec bug
...
Since we were cheating on state, ssl_read_record() wasn't able to drop
out-of-sequence ChangeCipherSpec messages. Cheat a bit less.
2014-10-21 16:32:31 +02:00
a6189f0fb0
udp_proxy wasn't actually killed
2014-10-21 16:32:30 +02:00
a0719727da
Add tests with dropped packets
2014-10-21 16:32:30 +02:00
bc010a045c
udp_proxy: don't drop messages in the last flight
...
Resending the last flight is on the todo-list, but I want to be able to test
what's already done now.
2014-10-21 16:32:30 +02:00
b6440a496b
ssl_server2 now dies on SIGTERM during a read
2014-10-21 16:32:29 +02:00
767c69561b
Drop out-of-sequence ChangeCipherSpec messages
2014-10-21 16:32:29 +02:00
7cf3518284
Enhance output of udp_proxy (with time)
2014-10-21 16:32:29 +02:00
93017de47e
Minor optim: don't resend on duplicated HVR
2014-10-21 16:32:29 +02:00
c715aed744
Fix epoch swapping
2014-10-21 16:32:28 +02:00
6a2bdfaf73
Actually resend flights
2014-10-21 16:32:28 +02:00
5d8ba53ace
Expand and fix resend infrastructure
2014-10-21 16:32:28 +02:00
ffa67be698
Infrastructure for buffering & resending flights
2014-10-21 16:32:27 +02:00
a014829024
Use ssl_set_bio_timeout() in test client/server
2014-10-21 16:32:27 +02:00
57fa314412
Fix depend documentation
2014-10-21 16:32:27 +02:00
9d9b003a9a
Add net_recv_timeout()
2014-10-21 16:32:26 +02:00
8fa6dfd560
Introduce f_recv_timeout callback
2014-10-21 16:32:26 +02:00
e6bdc4497c
Merge I/O contexts into one
2014-10-21 16:32:25 +02:00
f4acfe1808
Document previous API changes in this branch
2014-10-21 16:32:23 +02:00
d92d6a1b5b
ssl_parse_server_key_exchange() cleanups
2014-10-21 16:30:32 +02:00
