mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 14:55:33 +00:00
Add code for testing server-initiated renegotiation
This commit is contained in:
parent
53b3e0603b
commit
f3dc2f6a1d
|
@ -1565,6 +1565,8 @@ static inline x509_crt *ssl_own_cert( ssl_context *ssl )
|
|||
}
|
||||
#endif /* POLARSSL_X509_CRT_PARSE_C */
|
||||
|
||||
int ssl_write_hello_request( ssl_context *ssl );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
|
|
@ -335,6 +335,30 @@ static int ssl_parse_ticket( ssl_context *ssl,
|
|||
}
|
||||
#endif /* POLARSSL_SSL_SESSION_TICKETS */
|
||||
|
||||
/*
|
||||
* Write HelloRequest to request renegotiation
|
||||
*/
|
||||
int ssl_write_hello_request( ssl_context *ssl )
|
||||
{
|
||||
int ret;
|
||||
|
||||
SSL_DEBUG_MSG( 2, ( "=> write hello request" ) );
|
||||
|
||||
ssl->out_msglen = 4;
|
||||
ssl->out_msgtype = SSL_MSG_HANDSHAKE;
|
||||
ssl->out_msg[0] = SSL_HS_HELLO_REQUEST;
|
||||
|
||||
if( ( ret = ssl_write_record( ssl ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "ssl_write_record", ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
SSL_DEBUG_MSG( 2, ( "<= write hello request" ) );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
|
||||
/*
|
||||
* Wrapper around f_sni, allowing use of ssl_set_own_cert() but
|
||||
|
|
|
@ -1930,6 +1930,7 @@ int ssl_write_record( ssl_context *ssl )
|
|||
ssl->out_msg[2] = (unsigned char)( ( len - 4 ) >> 8 );
|
||||
ssl->out_msg[3] = (unsigned char)( ( len - 4 ) );
|
||||
|
||||
if( ssl->out_msg[0] != SSL_HS_HELLO_REQUEST )
|
||||
ssl->handshake->update_checksum( ssl, ssl->out_msg, len );
|
||||
}
|
||||
|
||||
|
|
|
@ -50,7 +50,6 @@
|
|||
#endif
|
||||
|
||||
#define DFL_SERVER_PORT 4433
|
||||
#define DFL_REQUEST_PAGE "/"
|
||||
#define DFL_DEBUG_LEVEL 0
|
||||
#define DFL_CA_FILE ""
|
||||
#define DFL_CA_PATH ""
|
||||
|
@ -84,6 +83,9 @@
|
|||
"<h2>PolarSSL Test Server</h2>\r\n" \
|
||||
"<p>Successful connection using: %s</p>\r\n" // LONG_RESPONSE
|
||||
|
||||
/* Temporary, should become a runtime option later */
|
||||
// #define TEST_RENEGO
|
||||
|
||||
/*
|
||||
* global options
|
||||
*/
|
||||
|
@ -939,6 +941,34 @@ reset:
|
|||
buf[written] = '\0';
|
||||
printf( " %d bytes written in %d fragments\n\n%s\n", written, frags, (char *) buf );
|
||||
|
||||
#ifdef TEST_RENEGO
|
||||
/*
|
||||
* Request renegotiation (this must be done when the client is still
|
||||
* waiting for input from our side).
|
||||
*/
|
||||
printf( " . Requestion renegotiation..." );
|
||||
fflush( stdout );
|
||||
while( ( ret = ssl_write_hello_request( &ssl ) ) != 0 )
|
||||
{
|
||||
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
|
||||
{
|
||||
printf( " failed\n ! ssl_write_hello_request returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
||||
if( ( ret = ssl_read( &ssl, buf, 0 ) ) != 0 )
|
||||
{
|
||||
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
|
||||
{
|
||||
printf( " failed\n ! ssl_read returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
||||
printf( " ok\n" );
|
||||
#endif
|
||||
|
||||
ret = 0;
|
||||
goto reset;
|
||||
|
||||
|
|
Loading…
Reference in a new issue