diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index abb8d8f1a..9b8ef5561 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5310,11 +5310,11 @@ requires_config_enabled MBEDTLS_ECDSA_C client_needs_more_time 2 run_test "DTLS fragmenting: proxy MTU + 3d" \ -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ + "$P_SRV dgram_packing=0 dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ mtu=512" \ - "$P_CLI dtls=1 debug_level=2 \ + "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ mtu=512" \ @@ -5452,7 +5452,7 @@ client_needs_more_time 2 run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \ -p "$P_PXY drop=8 delay=8 duplicate=8" \ "$G_NEXT_SRV -u" \ - "$P_CLI dtls=1 debug_level=2 \ + "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ mtu=512 force_version=dtls1_2" \ @@ -5469,7 +5469,7 @@ client_needs_more_time 2 run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \ -p "$P_PXY drop=8 delay=8 duplicate=8" \ "$G_NEXT_SRV -u" \ - "$P_CLI dtls=1 debug_level=2 \ + "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ mtu=512 force_version=dtls1_2" \ @@ -5550,7 +5550,7 @@ client_needs_more_time 2 run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.0" \ -p "$P_PXY drop=8 delay=8 duplicate=8" \ "$O_LEGACY_SRV -dtls1 -verify 10" \ - "$P_CLI dtls=1 debug_level=2 \ + "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ mtu=512 force_version=dtls1" \ @@ -5583,7 +5583,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 client_needs_more_time 2 run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.0" \ -p "$P_PXY drop=8 delay=8 duplicate=8" \ - "$P_SRV dtls=1 debug_level=2 \ + "$P_SRV dgram_packing=0 dtls=1 debug_level=2 \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ mtu=512 force_version=dtls1" \ @@ -5612,8 +5612,8 @@ run_test "DTLS proxy: reference" \ not_with_valgrind # spurious resend due to timeout run_test "DTLS proxy: duplicate every packet" \ -p "$P_PXY duplicate=1" \ - "$P_SRV dtls=1 debug_level=2" \ - "$P_CLI dtls=1 debug_level=2" \ + "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ + "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ 0 \ -c "replayed record" \ -s "replayed record" \ @@ -5625,8 +5625,8 @@ run_test "DTLS proxy: duplicate every packet" \ run_test "DTLS proxy: duplicate every packet, server anti-replay off" \ -p "$P_PXY duplicate=1" \ - "$P_SRV dtls=1 debug_level=2 anti_replay=0" \ - "$P_CLI dtls=1 debug_level=2" \ + "$P_SRV dtls=1 dgram_packing=0 debug_level=2 anti_replay=0" \ + "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ 0 \ -c "replayed record" \ -S "replayed record" \ @@ -5639,24 +5639,24 @@ run_test "DTLS proxy: duplicate every packet, server anti-replay off" \ run_test "DTLS proxy: multiple records in same datagram" \ -p "$P_PXY pack=50" \ - "$P_SRV dtls=1 debug_level=2" \ - "$P_CLI dtls=1 debug_level=2" \ + "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ + "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ 0 \ -c "next record in same datagram" \ -s "next record in same datagram" run_test "DTLS proxy: multiple records in same datagram, duplicate every packet" \ -p "$P_PXY pack=50 duplicate=1" \ - "$P_SRV dtls=1 debug_level=2" \ - "$P_CLI dtls=1 debug_level=2" \ + "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ + "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ 0 \ -c "next record in same datagram" \ -s "next record in same datagram" run_test "DTLS proxy: inject invalid AD record, default badmac_limit" \ -p "$P_PXY bad_ad=1" \ - "$P_SRV dtls=1 debug_level=1" \ - "$P_CLI dtls=1 debug_level=1 read_timeout=100" \ + "$P_SRV dtls=1 dgram_packing=0 debug_level=1" \ + "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \ 0 \ -c "discarding invalid record (mac)" \ -s "discarding invalid record (mac)" \ @@ -5667,8 +5667,8 @@ run_test "DTLS proxy: inject invalid AD record, default badmac_limit" \ run_test "DTLS proxy: inject invalid AD record, badmac_limit 1" \ -p "$P_PXY bad_ad=1" \ - "$P_SRV dtls=1 debug_level=1 badmac_limit=1" \ - "$P_CLI dtls=1 debug_level=1 read_timeout=100" \ + "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=1" \ + "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \ 1 \ -C "discarding invalid record (mac)" \ -S "discarding invalid record (mac)" \ @@ -5679,8 +5679,8 @@ run_test "DTLS proxy: inject invalid AD record, badmac_limit 1" \ run_test "DTLS proxy: inject invalid AD record, badmac_limit 2" \ -p "$P_PXY bad_ad=1" \ - "$P_SRV dtls=1 debug_level=1 badmac_limit=2" \ - "$P_CLI dtls=1 debug_level=1 read_timeout=100" \ + "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=2" \ + "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \ 0 \ -c "discarding invalid record (mac)" \ -s "discarding invalid record (mac)" \ @@ -5691,8 +5691,8 @@ run_test "DTLS proxy: inject invalid AD record, badmac_limit 2" \ run_test "DTLS proxy: inject invalid AD record, badmac_limit 2, exchanges 2"\ -p "$P_PXY bad_ad=1" \ - "$P_SRV dtls=1 debug_level=1 badmac_limit=2 exchanges=2" \ - "$P_CLI dtls=1 debug_level=1 read_timeout=100 exchanges=2" \ + "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=2 exchanges=2" \ + "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100 exchanges=2" \ 1 \ -c "discarding invalid record (mac)" \ -s "discarding invalid record (mac)" \ @@ -5716,9 +5716,9 @@ run_test "DTLS proxy: delay ChangeCipherSpec" \ client_needs_more_time 2 run_test "DTLS proxy: 3d (drop, delay, duplicate), \"short\" PSK handshake" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \ + "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 auth_mode=none \ psk=abc123" \ - "$P_CLI dtls=1 hs_timeout=250-10000 tickets=0 psk=abc123 \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 psk=abc123 \ force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 0 \ -s "Extra-header:" \ @@ -5727,8 +5727,8 @@ run_test "DTLS proxy: 3d (drop, delay, duplicate), \"short\" PSK handshake" \ client_needs_more_time 2 run_test "DTLS proxy: 3d, \"short\" RSA handshake" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none" \ - "$P_CLI dtls=1 hs_timeout=250-10000 tickets=0 \ + "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 auth_mode=none" \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 \ force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 0 \ -s "Extra-header:" \ @@ -5737,8 +5737,8 @@ run_test "DTLS proxy: 3d, \"short\" RSA handshake" \ client_needs_more_time 2 run_test "DTLS proxy: 3d, \"short\" (no ticket, no cli_auth) FS handshake" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none" \ - "$P_CLI dtls=1 hs_timeout=250-10000 tickets=0" \ + "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 auth_mode=none" \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0" \ 0 \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" @@ -5746,8 +5746,8 @@ run_test "DTLS proxy: 3d, \"short\" (no ticket, no cli_auth) FS handshake" \ client_needs_more_time 2 run_test "DTLS proxy: 3d, FS, client auth" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=required" \ - "$P_CLI dtls=1 hs_timeout=250-10000 tickets=0" \ + "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 auth_mode=required" \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0" \ 0 \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" @@ -5755,8 +5755,8 @@ run_test "DTLS proxy: 3d, FS, client auth" \ client_needs_more_time 2 run_test "DTLS proxy: 3d, FS, ticket" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 hs_timeout=250-10000 tickets=1 auth_mode=none" \ - "$P_CLI dtls=1 hs_timeout=250-10000 tickets=1" \ + "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=1 auth_mode=none" \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=1" \ 0 \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" @@ -5764,8 +5764,8 @@ run_test "DTLS proxy: 3d, FS, ticket" \ client_needs_more_time 2 run_test "DTLS proxy: 3d, max handshake (FS, ticket + client auth)" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 hs_timeout=250-10000 tickets=1 auth_mode=required" \ - "$P_CLI dtls=1 hs_timeout=250-10000 tickets=1" \ + "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=1 auth_mode=required" \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=1" \ 0 \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" @@ -5773,9 +5773,9 @@ run_test "DTLS proxy: 3d, max handshake (FS, ticket + client auth)" \ client_needs_more_time 2 run_test "DTLS proxy: 3d, max handshake, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 hs_timeout=250-10000 nbio=2 tickets=1 \ + "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 nbio=2 tickets=1 \ auth_mode=required" \ - "$P_CLI dtls=1 hs_timeout=250-10000 nbio=2 tickets=1" \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 nbio=2 tickets=1" \ 0 \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" @@ -5783,9 +5783,9 @@ run_test "DTLS proxy: 3d, max handshake, nbio" \ client_needs_more_time 4 run_test "DTLS proxy: 3d, min handshake, resumption" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \ + "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 auth_mode=none \ psk=abc123 debug_level=3" \ - "$P_CLI dtls=1 hs_timeout=250-10000 tickets=0 psk=abc123 \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 psk=abc123 \ debug_level=3 reconnect=1 read_timeout=1000 max_resend=10 \ force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 0 \ @@ -5797,9 +5797,9 @@ run_test "DTLS proxy: 3d, min handshake, resumption" \ client_needs_more_time 4 run_test "DTLS proxy: 3d, min handshake, resumption, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \ + "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 auth_mode=none \ psk=abc123 debug_level=3 nbio=2" \ - "$P_CLI dtls=1 hs_timeout=250-10000 tickets=0 psk=abc123 \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 psk=abc123 \ debug_level=3 reconnect=1 read_timeout=1000 max_resend=10 \ force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 nbio=2" \ 0 \ @@ -5812,9 +5812,9 @@ client_needs_more_time 4 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "DTLS proxy: 3d, min handshake, client-initiated renego" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \ + "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 auth_mode=none \ psk=abc123 renegotiation=1 debug_level=2" \ - "$P_CLI dtls=1 hs_timeout=250-10000 tickets=0 psk=abc123 \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 psk=abc123 \ renegotiate=1 debug_level=2 \ force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 0 \ @@ -5827,9 +5827,9 @@ client_needs_more_time 4 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "DTLS proxy: 3d, min handshake, client-initiated renego, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \ + "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 auth_mode=none \ psk=abc123 renegotiation=1 debug_level=2" \ - "$P_CLI dtls=1 hs_timeout=250-10000 tickets=0 psk=abc123 \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 psk=abc123 \ renegotiate=1 debug_level=2 \ force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 0 \ @@ -5842,10 +5842,10 @@ client_needs_more_time 4 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "DTLS proxy: 3d, min handshake, server-initiated renego" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \ + "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 auth_mode=none \ psk=abc123 renegotiate=1 renegotiation=1 exchanges=4 \ debug_level=2" \ - "$P_CLI dtls=1 hs_timeout=250-10000 tickets=0 psk=abc123 \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 psk=abc123 \ renegotiation=1 exchanges=4 debug_level=2 \ force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 0 \ @@ -5858,10 +5858,10 @@ client_needs_more_time 4 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "DTLS proxy: 3d, min handshake, server-initiated renego, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \ + "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 auth_mode=none \ psk=abc123 renegotiate=1 renegotiation=1 exchanges=4 \ debug_level=2 nbio=2" \ - "$P_CLI dtls=1 hs_timeout=250-10000 tickets=0 psk=abc123 \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 psk=abc123 \ renegotiation=1 exchanges=4 debug_level=2 nbio=2 \ force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 0 \ @@ -5875,7 +5875,7 @@ not_with_valgrind # risk of non-mbedtls peer timing out run_test "DTLS proxy: 3d, openssl server" \ -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ "$O_SRV -dtls1 -mtu 2048" \ - "$P_CLI dtls=1 hs_timeout=250-60000 tickets=0" \ + "$P_CLI dgram_packing=0 dtls=1 hs_timeout=250-60000 tickets=0" \ 0 \ -c "HTTP/1.0 200 OK" @@ -5884,7 +5884,7 @@ not_with_valgrind # risk of non-mbedtls peer timing out run_test "DTLS proxy: 3d, openssl server, fragmentation" \ -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ "$O_SRV -dtls1 -mtu 768" \ - "$P_CLI dtls=1 hs_timeout=250-60000 tickets=0" \ + "$P_CLI dgram_packing=0 dtls=1 hs_timeout=250-60000 tickets=0" \ 0 \ -c "HTTP/1.0 200 OK" @@ -5893,7 +5893,7 @@ not_with_valgrind # risk of non-mbedtls peer timing out run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ "$O_SRV -dtls1 -mtu 768" \ - "$P_CLI dtls=1 hs_timeout=250-60000 nbio=2 tickets=0" \ + "$P_CLI dgram_packing=0 dtls=1 hs_timeout=250-60000 nbio=2 tickets=0" \ 0 \ -c "HTTP/1.0 200 OK" @@ -5903,7 +5903,7 @@ not_with_valgrind # risk of non-mbedtls peer timing out run_test "DTLS proxy: 3d, gnutls server" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$G_SRV -u --mtu 2048 -a" \ - "$P_CLI dtls=1 hs_timeout=250-60000" \ + "$P_CLI dgram_packing=0 dtls=1 hs_timeout=250-60000" \ 0 \ -s "Extra-header:" \ -c "Extra-header:" @@ -5914,7 +5914,7 @@ not_with_valgrind # risk of non-mbedtls peer timing out run_test "DTLS proxy: 3d, gnutls server, fragmentation" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$G_SRV -u --mtu 512" \ - "$P_CLI dtls=1 hs_timeout=250-60000" \ + "$P_CLI dgram_packing=0 dtls=1 hs_timeout=250-60000" \ 0 \ -s "Extra-header:" \ -c "Extra-header:" @@ -5925,7 +5925,7 @@ not_with_valgrind # risk of non-mbedtls peer timing out run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$G_SRV -u --mtu 512" \ - "$P_CLI dtls=1 hs_timeout=250-60000 nbio=2" \ + "$P_CLI dgram_packing=0 dtls=1 hs_timeout=250-60000 nbio=2" \ 0 \ -s "Extra-header:" \ -c "Extra-header:"