From 4c88345f19d8e251f33a3779e5859a3eccd49aa1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 20 Feb 2014 21:32:41 +0100 Subject: [PATCH] Add test for ssl_cache max_entries --- programs/ssl/ssl_server2.c | 19 +++++++++++++++++++ tests/ssl-opt.sh | 31 +++++++++++++++++++++++++++++-- 2 files changed, 48 insertions(+), 2 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 955d87810..54ba769b4 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -69,6 +69,7 @@ #define DFL_AUTH_MODE SSL_VERIFY_OPTIONAL #define DFL_MFL_CODE SSL_MAX_FRAG_LEN_NONE #define DFL_TICKETS SSL_SESSION_TICKETS_ENABLED +#define DFL_CACHE_MAX -1 #define LONG_RESPONSE "

01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ "02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ @@ -110,6 +111,7 @@ struct options int auth_mode; /* verify mode for connection */ unsigned char mfl_code; /* code for maximum fragment length */ int tickets; /* enable / disable session tickets */ + int cache_max; /* max number of session cache entries */ } opt; static void my_debug( void *ctx, int level, const char *str ) @@ -162,6 +164,13 @@ static void my_debug( void *ctx, int level, const char *str ) #define USAGE_TICKETS "" #endif /* POLARSSL_SSL_SESSION_TICKETS */ +#if defined(POLARSSL_SSL_CACHE_C) +#define USAGE_CACHE \ + " cache_max=%%d default: cache default (50)\n" +#else +#define USAGE_CACHE "" +#endif /* POLARSSL_SSL_CACHE_C */ + #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH) #define USAGE_MAX_FRAG_LEN \ " max_frag_len=%%d default: 16384 (tls default)\n" \ @@ -307,6 +316,7 @@ int main( int argc, char *argv[] ) opt.auth_mode = DFL_AUTH_MODE; opt.mfl_code = DFL_MFL_CODE; opt.tickets = DFL_TICKETS; + opt.cache_max = DFL_CACHE_MAX; for( i = 1; i < argc; i++ ) { @@ -456,6 +466,12 @@ int main( int argc, char *argv[] ) if( opt.tickets < 0 || opt.tickets > 1 ) goto usage; } + else if( strcmp( p, "cache_max" ) == 0 ) + { + opt.cache_max = atoi( q ); + if( opt.cache_max < 0 ) + goto usage; + } else goto usage; } @@ -726,6 +742,9 @@ int main( int argc, char *argv[] ) ssl_set_dbg( &ssl, my_debug, stdout ); #if defined(POLARSSL_SSL_CACHE_C) + if( opt.cache_max != -1 ) + ssl_cache_set_max_entries( &cache, opt.cache_max ); + ssl_set_session_cache( &ssl, ssl_cache_get, &cache, ssl_cache_set, &cache ); #endif diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 0dd072b3d..a60248d75 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -102,7 +102,7 @@ run_test "Truncated HMAC #1" \ # Tests for Session Tickets -run_test "Session resume using tickets" \ +run_test "Session resume using tickets #1" \ "debug_level=4 tickets=1" \ "debug_level=4 reconnect=1 tickets=1" \ 0 \ @@ -111,7 +111,16 @@ run_test "Session resume using tickets" \ -s "a session has been resumed" \ -c "a session has been resumed" -# Test for Session Resume base in session-ID and cache +run_test "Session resume using tickets #2" \ + "debug_level=4 tickets=1 cache_max=0" \ + "debug_level=4 reconnect=1 tickets=1" \ + 0 \ + -S "session successfully restored from cache" \ + -s "session successfully restored from ticket" \ + -s "a session has been resumed" \ + -c "a session has been resumed" + +# Test for Session Resume based on session-ID and cache run_test "Session resume using cache #1" \ "debug_level=4 tickets=0" \ @@ -131,6 +140,24 @@ run_test "Session resume using cache #2" \ -s "a session has been resumed" \ -c "a session has been resumed" +run_test "Session resume using cache #3" \ + "debug_level=4 tickets=0 cache_max=0" \ + "debug_level=4 reconnect=1 tickets=0" \ + 0 \ + -S "session successfully restored from cache" \ + -S "session successfully restored from ticket" \ + -s "no session has been resumed" \ + -c "no session has been resumed" + +run_test "Session resume using cache #4" \ + "debug_level=4 tickets=1 cache_max=1" \ + "debug_level=4 reconnect=1 tickets=0" \ + 0 \ + -s "session successfully restored from cache" \ + -S "session successfully restored from ticket" \ + -s "a session has been resumed" \ + -c "a session has been resumed" + # Tests for Max Fragment Length extension run_test "Max fragment length #1" \