diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2019-01-23 08:42:54 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2019-01-23 13:24:00 +0100 |
| commit | 9b80e7939047df53d913cec76350cb3a3cd09513 (patch) | |
| tree | e605ff5eeeb023ddf9ac65d5def898a417ae0e4e | |
| parent | 6cc79b52e53c5ee2973932c45e0886164ff2cc51 (diff) | |
| download | gnutls-tmp-test-tickets.tar.gz | |
tests: added tests for multiple ticket receptiontmp-test-tickets
This introduces tests for the reception (parsing) of multiple tickets
by a gnutls client. It uses the tlslite-ng server because unlike a gnutls
server, tlslite-ng does send multiple tickets in a single record. That
way we test that we can parse both ways of sending tickets.
Resolves: #511
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | tests/suite/Makefile.am | 3 | ||||
| -rwxr-xr-x | tests/suite/multi-ticket-reception.sh | 99 | ||||
| m--------- | tests/suite/tls-fuzzer/tlslite-ng | 0 |
3 files changed, 101 insertions, 1 deletions
diff --git a/tests/suite/Makefile.am b/tests/suite/Makefile.am index f6e413ee56..8dccbc5726 100644 --- a/tests/suite/Makefile.am +++ b/tests/suite/Makefile.am @@ -92,7 +92,8 @@ scripts_to_test = chain.sh \ testrng.sh testcompat-polarssl.sh testcompat-openssl.sh \ testrandom.sh tls-fuzzer/tls-fuzzer-nocert.sh \ tls-fuzzer/tls-fuzzer-cert.sh tls-fuzzer/tls-fuzzer-alpn.sh \ - tls-fuzzer/tls-fuzzer-nocert-tls13.sh tls-fuzzer/tls-fuzzer-psk.sh + tls-fuzzer/tls-fuzzer-nocert-tls13.sh tls-fuzzer/tls-fuzzer-psk.sh \ + multi-ticket-reception.sh TESTS_ENVIRONMENT = EXEEXT=$(EXEEXT) \ LC_ALL="C" \ diff --git a/tests/suite/multi-ticket-reception.sh b/tests/suite/multi-ticket-reception.sh new file mode 100755 index 0000000000..63de24e904 --- /dev/null +++ b/tests/suite/multi-ticket-reception.sh @@ -0,0 +1,99 @@ +#!/bin/sh + +# Copyright (C) 2019 Red Hat, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +srcdir="${srcdir:-.}" +TLSPY_SERV="${srcdir}/tls-fuzzer/tlslite-ng/scripts/tls.py" +PYPATH="${srcdir}/tls-fuzzer/tlsfuzzer/" +CLI="${CLI:-../../src/gnutls-cli${EXEEXT}}" +unset RETCODE + +if ! test -x "${TLSPY_SERV}"; then + exit 77 +fi + +if ! test -x "${CLI}"; then + exit 77 +fi + +if test "${WINDIR}" != ""; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi + +. "${srcdir}/../scripts/common.sh" + +KEY1=${srcdir}/tls-fuzzer/tlslite-ng/tests/serverX509Key.pem +CERT1=${srcdir}/tls-fuzzer/tlsfuzzer/tests/serverX509Cert.pem + +#create links necessary for tlslite to function +pushd "${srcdir}/tls-fuzzer/tlsfuzzer" +test -L ecdsa || ln -s ../python-ecdsa/src/ecdsa ecdsa +test -L tlslite || ln -s ../tlslite-ng/tlslite tlslite 2>/dev/null +popd + +echo "Checking whether receiving 1 ticket succeeds (sanity)" + +eval "${GETPORT}" +PYTHONPATH="${PYPATH}" ${TLSPY_SERV} server --tickets 1 -k ${KEY1} -c ${CERT1} 127.0.0.1:${PORT} & +PID=$! +wait_server ${PID} + +${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-VERS-ALL:+VERS-TLS1.3 --insecure </dev/null || \ + fail ${PID} "1. handshake should have succeeded!" + + +kill ${PID} +wait + +echo "Checking whether receiving 3 tickets in the same record succeeds" + +eval "${GETPORT}" +PYTHONPATH="${PYPATH}" ${TLSPY_SERV} server --tickets 3 -k ${KEY1} -c ${CERT1} 127.0.0.1:${PORT} & +PID=$! +wait_server ${PID} + +${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-VERS-ALL:+VERS-TLS1.3 --insecure </dev/null || \ + fail ${PID} "2. handshake should have succeeded!" + + +kill ${PID} +wait + +echo "Checking whether receiving multiple tickets that span many records succeeds" + +eval "${GETPORT}" +PYTHONPATH="${PYPATH}" ${TLSPY_SERV} server --tickets 1512 -k ${KEY1} -c ${CERT1} 127.0.0.1:${PORT} & +PID=$! +wait_server ${PID} + +${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-VERS-ALL:+VERS-TLS1.3 --insecure </dev/null || \ + fail ${PID} "3. handshake should have succeeded!" + + +kill ${PID} +wait + + +exit 0 diff --git a/tests/suite/tls-fuzzer/tlslite-ng b/tests/suite/tls-fuzzer/tlslite-ng -Subproject 3696909715ba73ee807d3959a26d36b56f718ba +Subproject 029425144f6b26d5ab8acc3a79e3ead79253ad7 |