Manuel Pégourié-Gonnard
fa60f128d6
Quit using "yes" in ssl-opt.sh with openssl
...
It caused s_server to send an AppData record of 16Kb every millisecond or so,
which destroyed readability of the proxy and client logs.
2014-10-21 16:32:39 +02:00
Manuel Pégourié-Gonnard
ae666c5092
proxy: avoid always dropping the same packet
2014-10-21 16:32:39 +02:00
Manuel Pégourié-Gonnard
d0fd1daa6b
Add test with proxy and openssl server
2014-10-21 16:32:38 +02:00
Manuel Pégourié-Gonnard
8cc7e03ae0
udp_proxy: show encrypted messages as encrypted
2014-10-21 16:32:37 +02:00
Manuel Pégourié-Gonnard
6265d305f1
Fix some delayed packets going the wrong way
2014-10-21 16:32:36 +02:00
Manuel Pégourié-Gonnard
bf02319b58
udp_proxy: don't overwrite delayed packets
2014-10-21 16:32:36 +02:00
Manuel Pégourié-Gonnard
2739313cea
Make anti-replay a runtime option
2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard
6312e0f4e6
udp_proxy: allow successive clients
2014-10-21 16:32:32 +02:00
Manuel Pégourié-Gonnard
484b8f9ed8
Fix bug in ssl_client2 reconnect option
2014-10-21 16:32:32 +02:00
Manuel Pégourié-Gonnard
b46780edee
Enlarge udp_proxy's message buffer
2014-10-21 16:32:32 +02:00
Manuel Pégourié-Gonnard
ae8d2399a5
udp_proxy: also drop messages from the last flight
2014-10-21 16:32:31 +02:00
Manuel Pégourié-Gonnard
992e13665d
Make decisions pseudo-random in udp_proxy
2014-10-21 16:32:31 +02:00
Manuel Pégourié-Gonnard
bc010a045c
udp_proxy: don't drop messages in the last flight
...
Resending the last flight is on the todo-list, but I want to be able to test
what's already done now.
2014-10-21 16:32:30 +02:00
Manuel Pégourié-Gonnard
b6440a496b
ssl_server2 now dies on SIGTERM during a read
2014-10-21 16:32:29 +02:00
Manuel Pégourié-Gonnard
7cf3518284
Enhance output of udp_proxy (with time)
2014-10-21 16:32:29 +02:00
Manuel Pégourié-Gonnard
a014829024
Use ssl_set_bio_timeout() in test client/server
2014-10-21 16:32:27 +02:00
Manuel Pégourié-Gonnard
63eca930d7
Drop invalid records with DTLS
2014-10-21 16:30:28 +02:00
Manuel Pégourié-Gonnard
6c18a39807
Add option 'bad_ad' to udp_proxy
2014-10-21 16:30:27 +02:00
Manuel Pégourié-Gonnard
eb00bfd9c2
Add option 'mtu' to udp_proxy
2014-10-21 16:30:27 +02:00
Manuel Pégourié-Gonnard
81f2fe9f08
Add option 'delay_ccs' to udp_proxy
2014-10-21 16:30:27 +02:00
Manuel Pégourié-Gonnard
60fdd7e0f2
Add option 'drop' to udp_proxy
2014-10-21 16:30:26 +02:00
Manuel Pégourié-Gonnard
21398c37c0
Add option 'delay' to udp_proxy
2014-10-21 16:30:26 +02:00
Manuel Pégourié-Gonnard
2c41bd85e0
Add a 'duplicate' option to udp_proxy
2014-10-21 16:30:26 +02:00
Manuel Pégourié-Gonnard
44d5e63e6a
Enhance output of udp_proxy
2014-10-21 16:30:25 +02:00
Manuel Pégourié-Gonnard
cb4137b646
Add test utility udp_proxy
...
Currently just forwards: will delay, duplicate and drop later.
2014-10-21 16:30:25 +02:00
Manuel Pégourié-Gonnard
4ba6ab6d0d
Fix glitch with HelloVerifyRequest
...
With the close-rebind strategy, sometimes the second ClientHello was lost (if
received before close), and since our client doesn't resend yet, the tests
would fail (no problem with other client that resend). Anyway, it's not really
clean to lose messages.
2014-10-21 16:30:20 +02:00
Manuel Pégourié-Gonnard
26820e3061
Add option 'cookies' to ssl_server2
2014-10-21 16:30:18 +02:00
Manuel Pégourié-Gonnard
a64acd4f84
Add separate SSL_COOKIE_C define
2014-10-21 16:30:18 +02:00
Manuel Pégourié-Gonnard
232edd46be
Move cookie callbacks implementation to own module
2014-10-21 16:30:17 +02:00
Manuel Pégourié-Gonnard
d485d194f9
Move to a callback interface for DTLS cookies
2014-10-21 16:30:17 +02:00
Manuel Pégourié-Gonnard
82202f0a9c
Make DTLS_HELLO_VERIFY a compile option
2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard
98545f128a
Generate random key for HelloVerifyRequest
2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard
336b824f07
Use ssl_set_client_transport_id() in ssl_server2
2014-10-21 16:30:15 +02:00
Manuel Pégourié-Gonnard
ae5050c212
Start adapting ssl_client2 to datagram I/O
2014-10-21 16:30:11 +02:00
Manuel Pégourié-Gonnard
798f15a500
Fix version adjustments with force_ciphersuite
2014-10-21 16:30:10 +02:00
Manuel Pégourié-Gonnard
fe3f73bdeb
Allow force_version to select DTLS
2014-10-21 16:30:10 +02:00
Manuel Pégourié-Gonnard
8a06d9c5d6
Actually use UDP for DTLS in test client/server
2014-10-21 16:30:09 +02:00
Manuel Pégourié-Gonnard
f5a1312eaa
Add UDP support to the NET module
2014-10-21 16:30:09 +02:00
Manuel Pégourié-Gonnard
83218f1da1
Add dtls version aliases to test serv/cli
2014-10-21 16:30:05 +02:00
Manuel Pégourié-Gonnard
864a81fdc0
More ssl_set_XXX() functions can return BAD_INPUT
2014-10-21 16:30:04 +02:00
Manuel Pégourié-Gonnard
e29fd4beaf
Add a dtls option to test server and client
2014-10-21 16:30:03 +02:00
Manuel Pégourié-Gonnard
f138874811
Properly send close_notify in ssl_client2
2014-08-19 16:14:36 +02:00
Manuel Pégourié-Gonnard
a8c0a0dbd0
Add "exchanges" option to test server and client
...
Goal is to test renegotiation better: we need more than one exchange for
server-initiated renego to work reliably (the previous hack for this wouldn't
work with non-blocking I/O and probably not with DTLS either).
Also check message termination in a semi-realistic way.
2014-08-19 13:26:05 +02:00
Manuel Pégourié-Gonnard
296e3b1174
Request renego before write in ssl_server2
...
Will be useful for:
- detecting termination of messages by other means than connection close
- DTLS (can be seen as a special case of the above: datagram-oriented)
2014-08-19 12:59:03 +02:00
Manuel Pégourié-Gonnard
e08660e612
Fix ssl_read() and close_notify error handling in programs
2014-08-19 10:34:37 +02:00
Manuel Pégourié-Gonnard
67686c42e6
Fix undocumented option in ssl_server2
2014-08-19 10:34:37 +02:00
Manuel Pégourié-Gonnard
250b1ca6f3
Fix ssl_server2 exiting on recoverable errors
2014-08-19 10:34:37 +02:00
Paul Bakker
bc3e54c70d
Fix overly rigorous defines in ssl_server2.c
2014-08-18 14:36:17 +02:00
Paul Bakker
d153ef335f
Missing dependencies on POLARSSL_ECP_C fixed
2014-08-18 12:00:28 +02:00
Paul Bakker
09c9dd80ef
Revert 42cc641
. Issue already fixed in 333fdec
.
2014-08-18 11:06:56 +02:00