Merge remote-tracking branch 'public/pr/2449' into mbedtls-2.16

* public/pr/2449:
  Reword changelog entry
  Reenable GnuTLS next based tests
This commit is contained in:
Simon Butcher 2019-03-01 13:01:54 +00:00
commit 3664fdb5f6
2 changed files with 10 additions and 21 deletions

View file

@ -37,6 +37,8 @@ Changes
* Ensure that ssl-opt.h can be run in OS X. #2029 * Ensure that ssl-opt.h can be run in OS X. #2029
* Reduce the complexity of the timing tests. They were assuming more than the * Reduce the complexity of the timing tests. They were assuming more than the
underlying OS actually guarantees. underlying OS actually guarantees.
* Re-enable certain interoperability tests in ssl-opt.sh which had previously
been disabled for lack of a sufficiently recent version of GnuTLS on the CI.
= mbed TLS 2.16.0 branch released 2018-12-21 = mbed TLS 2.16.0 branch released 2018-12-21

View file

@ -6713,13 +6713,7 @@ run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \
-c "fragmenting handshake message" \ -c "fragmenting handshake message" \
-C "error" -C "error"
## The two tests below are disabled due to a bug in GnuTLS client that causes requires_gnutls_next
## handshake failures when the NewSessionTicket message is lost, see
## https://gitlab.com/gnutls/gnutls/issues/543
## We can re-enable them when a fixed version fo GnuTLS is available
## and installed in our CI system.
skip_next_test
requires_gnutls
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_ECDSA_C
@ -6731,12 +6725,11 @@ run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \
crt_file=data_files/server7_int-ca.crt \ crt_file=data_files/server7_int-ca.crt \
key_file=data_files/server7.key \ key_file=data_files/server7.key \
hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \ hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
"$G_CLI -u --insecure 127.0.0.1" \ "$G_NEXT_CLI -u --insecure 127.0.0.1" \
0 \ 0 \
-s "fragmenting handshake message" -s "fragmenting handshake message"
skip_next_test requires_gnutls_next
requires_gnutls
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_ECDSA_C
@ -6748,7 +6741,7 @@ run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.0" \
crt_file=data_files/server7_int-ca.crt \ crt_file=data_files/server7_int-ca.crt \
key_file=data_files/server7.key \ key_file=data_files/server7.key \
hs_timeout=250-60000 mtu=512 force_version=dtls1" \ hs_timeout=250-60000 mtu=512 force_version=dtls1" \
"$G_CLI -u --insecure 127.0.0.1" \ "$G_NEXT_CLI -u --insecure 127.0.0.1" \
0 \ 0 \
-s "fragmenting handshake message" -s "fragmenting handshake message"
@ -7318,29 +7311,23 @@ run_test "DTLS proxy: 3d, gnutls server" \
-s "Extra-header:" \ -s "Extra-header:" \
-c "Extra-header:" -c "Extra-header:"
# The next two test are disabled because they tend to trigger a bug in the requires_gnutls_next
# version of GnuTLS that's currently installed on our CI. The bug occurs when
# different fragments of the same handshake message are received out-of-order
# by GnuTLS and results in a timeout. It's been fixed in GnuTLS 3.5.2.
skip_next_test
requires_gnutls
client_needs_more_time 8 client_needs_more_time 8
not_with_valgrind # risk of non-mbedtls peer timing out not_with_valgrind # risk of non-mbedtls peer timing out
run_test "DTLS proxy: 3d, gnutls server, fragmentation" \ run_test "DTLS proxy: 3d, gnutls server, fragmentation" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \
"$G_SRV -u --mtu 512" \ "$G_NEXT_SRV -u --mtu 512" \
"$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000" \ "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000" \
0 \ 0 \
-s "Extra-header:" \ -s "Extra-header:" \
-c "Extra-header:" -c "Extra-header:"
skip_next_test requires_gnutls_next
requires_gnutls
client_needs_more_time 8 client_needs_more_time 8
not_with_valgrind # risk of non-mbedtls peer timing out not_with_valgrind # risk of non-mbedtls peer timing out
run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \ run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \
"$G_SRV -u --mtu 512" \ "$G_NEXT_SRV -u --mtu 512" \
"$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2" \ "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2" \
0 \ 0 \
-s "Extra-header:" \ -s "Extra-header:" \