Fix TLSProxy end of test detection

Previously TLSProxy would detect a successful handshake once it saw the server Finished message. This causes problems with abbreviated handshakes, or if the client fails to process a message from the last server flight. This change additionally sends some application data and finishes when the client sends a CloseNotify. Reviewed-by: N Tim Hudson <tjh@openssl.org>

Fix TLSProxy end of test detection
Previously TLSProxy would detect a successful handshake once it saw the server Finished message. This causes problems with abbreviated handshakes, or if the client fails to process a message from the last server flight. This change additionally sends some application data and finishes when the client sends a CloseNotify. Reviewed-by: N Tim Hudson <tjh@openssl.org>
8af538e5 · Matt Caswell · ee4ffd6f · 8af538e5 · 8af538e5
隐藏空白更改
内联并排

Showing with 22 addition and 13 deletion

util/TLSProxy/Message.pm util/TLSProxy/Message.pm +20 -11

util/TLSProxy/Proxy.pm util/TLSProxy/Proxy.pm +2 -2

未找到文件。
--- a/util/TLSProxy/Message.pm
+++ b/util/TLSProxy/Message.pm
@@ -73,6 +73,18 @@ use constant {
    MT_CERTIFICATE_STATUS => 22,
    MT_NEXT_PROTO => 67
 };
+
+#Alert levels
+use constant {
+    AL_LEVEL_WARN => 1,
+    AL_LEVEL_FATAL => 2
+};
+
+#Alert descriptions
+use constant {
+    AL_DESC_CLOSE_NOTIFY => 0
+};
+
 my %message_type = (
    MT_HELLO_REQUEST, "HelloRequest",
    MT_CLIENT_HELLO, "ClientHello",
@@ -164,11 +176,6 @@ sub get_messages
                                              $startoffset);
                    push @messages, $message;

-                    #Check if we have finished the handshake
-                    if ($mt == MT_FINISHED && $server) {
-                        $success = 1;
-                        $end = 1;
-                    }
                    $payload = "";
                } else {
                    #This is just part of the total message
@@ -210,11 +217,6 @@ sub get_messages
                                                  $startoffset);
                        push @messages, $message;

-                        #Check if we have finished the handshake
-                        if ($mt == MT_FINISHED && $server) {
-                            $success = 1;
-                            $end = 1;
-                        }
                        $payload = "";
                    } else {
                        #This is just part of the total message
@@ -230,8 +232,15 @@ sub get_messages
        print "  [ENCRYPTED APPLICATION DATA]\n";
        print "  [".$record->decrypt_data."]\n";
    } elsif ($record->content_type == TLSProxy::Record::RT_ALERT) {
-        #For now assume all alerts are fatal
+        my ($alertlev, $alertdesc) = unpack('CC', $record->decrypt_data);
+        #All alerts end the test
        $end = 1;
+        #A CloseNotify from the client indicates we have finished successfully
+        #(we assume)
+        if (!$server && $alertlev == AL_LEVEL_WARN
+            && $alertdesc == AL_DESC_CLOSE_NOTIFY) {
+            $success = 1;
+        }
    }

    return @messages;

--- a/util/TLSProxy/Proxy.pm
+++ b/util/TLSProxy/Proxy.pm
@@ -130,7 +130,7 @@ sub start
        open(STDOUT, ">", File::Spec->devnull())
            or die "Failed to redirect stdout";
        open(STDERR, ">&STDOUT");
-        my $execcmd = $self->execute." s_server -engine ossltest -accept "
+        my $execcmd = $self->execute." s_server -rev -engine ossltest -accept "
            .($self->server_port)
            ." -cert ".$self->cert." -naccept 1";
        if ($self->ciphers ne "") {
@@ -167,7 +167,7 @@ sub start
            open(STDOUT, ">", File::Spec->devnull())
                or die "Failed to redirect stdout";
            open(STDERR, ">&STDOUT");
-            my $execcmd = $self->execute
+            my $execcmd = "echo test | ".$self->execute
                 ." s_client -engine ossltest -connect "
                 .($self->proxy_addr).":".($self->proxy_port);
            if ($self->cipherc ne "") {