Cosmetics in ssl_server2 & complete tests for HVR

2014-10-13 19:04:37 +02:00 · 2014-10-13 19:04:37 +02:00 · caecdaed25
commit caecdaed25
parent 2d87e419e0
2 changed files with 33 additions and 20 deletions
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@ -1683,17 +1683,26 @@ reset:
    printf( "  . Performing the SSL/TLS handshake..." );
    fflush( stdout );

-    while( ( ret = ssl_handshake( &ssl ) ) != 0 )
-    {
-        if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
-        {
-            printf( " failed\n  ! ssl_handshake returned -0x%x\n\n", -ret );
-            goto reset;
-        }
-    }
+    do ret = ssl_handshake( &ssl );
+    while( ret == POLARSSL_ERR_NET_WANT_READ ||
+           ret == POLARSSL_ERR_NET_WANT_WRITE );

-    printf( " ok\n    [ Protocol is %s ]\n    [ Ciphersuite is %s ]\n",
-            ssl_get_version( &ssl ), ssl_get_ciphersuite( &ssl ) );
+    if( ret == POLARSSL_ERR_SSL_HELLO_VERIFY_REQUIRED )
+    {
+        printf( " hello verification requested\n" );
+        ret = 0;
+        goto reset;
+    }
+    else if( ret != 0 )
+    {
+        printf( " failed\n  ! ssl_handshake returned -0x%x\n\n", -ret );
+        goto reset;
+    }
+    else /* ret == 0 */
+    {
+        printf( " ok\n    [ Protocol is %s ]\n    [ Ciphersuite is %s ]\n",
+                ssl_get_version( &ssl ), ssl_get_ciphersuite( &ssl ) );
+    }

 #if defined(POLARSSL_SSL_ALPN)
    if( opt.alpn_string != NULL )
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@ -2046,6 +2046,7 @@ run_test    "DTLS cookie: enabled" \
            -s "cookie verification passed" \
            -S "cookie verification skipped" \
            -c "received hello verify request" \
+            -s "hello verification requested" \
            -S "SSL - The requested feature is not available"

 run_test    "DTLS cookie: disabled" \
@ -2056,18 +2057,19 @@ run_test    "DTLS cookie: disabled" \
            -S "cookie verification passed" \
            -s "cookie verification skipped" \
            -C "received hello verify request" \
+            -S "hello verification requested" \
            -S "SSL - The requested feature is not available"

-# wait for client having a timeout, or server sending an alert
-#run_test    "DTLS cookie: default (failing)" \
-#            "$P_SRV dtls=1 debug_level=2 cookies=-1" \
-#            "$P_CLI dtls=1 debug_level=2" \
-#            0 \
-#            -S "cookie verification failed" \
-#            -S "cookie verification passed" \
-#            -S "cookie verification skipped" \
-#            -C "received hello verify request" \
-#            -s "SSL - The requested feature is not available"
+run_test    "DTLS cookie: default (failing)" \
+            "$P_SRV dtls=1 debug_level=2 cookies=-1" \
+            "$P_CLI dtls=1 debug_level=2 hs_timeout=100-400" \
+            1 \
+            -s "cookie verification failed" \
+            -S "cookie verification passed" \
+            -S "cookie verification skipped" \
+            -C "received hello verify request" \
+            -S "hello verification requested" \
+            -s "SSL - The requested feature is not available"

 requires_ipv6
 run_test    "DTLS cookie: enabled, IPv6" \
@ -2078,6 +2080,7 @@ run_test    "DTLS cookie: enabled, IPv6" \
            -s "cookie verification passed" \
            -S "cookie verification skipped" \
            -c "received hello verify request" \
+            -s "hello verification requested" \
            -S "SSL - The requested feature is not available"

 run_test    "DTLS cookie: enabled, nbio" \
@ -2088,6 +2091,7 @@ run_test    "DTLS cookie: enabled, nbio" \
            -s "cookie verification passed" \
            -S "cookie verification skipped" \
            -c "received hello verify request" \
+            -s "hello verification requested" \
            -S "SSL - The requested feature is not available"

 # Tests for various cases of client authentication with DTLS