提交 8af538e5 编写于 作者: M Matt Caswell

Fix TLSProxy end of test detection

Previously TLSProxy would detect a successful handshake once it saw the
server Finished message. This causes problems with abbreviated handshakes,
or if the client fails to process a message from the last server flight.

This change additionally sends some application data and finishes when the
client sends a CloseNotify.
Reviewed-by: NTim Hudson <tjh@openssl.org>
上级 ee4ffd6f
......@@ -73,6 +73,18 @@ use constant {
MT_CERTIFICATE_STATUS => 22,
MT_NEXT_PROTO => 67
};
#Alert levels
use constant {
AL_LEVEL_WARN => 1,
AL_LEVEL_FATAL => 2
};
#Alert descriptions
use constant {
AL_DESC_CLOSE_NOTIFY => 0
};
my %message_type = (
MT_HELLO_REQUEST, "HelloRequest",
MT_CLIENT_HELLO, "ClientHello",
......@@ -164,11 +176,6 @@ sub get_messages
$startoffset);
push @messages, $message;
#Check if we have finished the handshake
if ($mt == MT_FINISHED && $server) {
$success = 1;
$end = 1;
}
$payload = "";
} else {
#This is just part of the total message
......@@ -210,11 +217,6 @@ sub get_messages
$startoffset);
push @messages, $message;
#Check if we have finished the handshake
if ($mt == MT_FINISHED && $server) {
$success = 1;
$end = 1;
}
$payload = "";
} else {
#This is just part of the total message
......@@ -230,8 +232,15 @@ sub get_messages
print " [ENCRYPTED APPLICATION DATA]\n";
print " [".$record->decrypt_data."]\n";
} elsif ($record->content_type == TLSProxy::Record::RT_ALERT) {
#For now assume all alerts are fatal
my ($alertlev, $alertdesc) = unpack('CC', $record->decrypt_data);
#All alerts end the test
$end = 1;
#A CloseNotify from the client indicates we have finished successfully
#(we assume)
if (!$server && $alertlev == AL_LEVEL_WARN
&& $alertdesc == AL_DESC_CLOSE_NOTIFY) {
$success = 1;
}
}
return @messages;
......
......@@ -130,7 +130,7 @@ sub start
open(STDOUT, ">", File::Spec->devnull())
or die "Failed to redirect stdout";
open(STDERR, ">&STDOUT");
my $execcmd = $self->execute." s_server -engine ossltest -accept "
my $execcmd = $self->execute." s_server -rev -engine ossltest -accept "
.($self->server_port)
." -cert ".$self->cert." -naccept 1";
if ($self->ciphers ne "") {
......@@ -167,7 +167,7 @@ sub start
open(STDOUT, ">", File::Spec->devnull())
or die "Failed to redirect stdout";
open(STDERR, ">&STDOUT");
my $execcmd = $self->execute
my $execcmd = "echo test | ".$self->execute
." s_client -engine ossltest -connect "
.($self->proxy_addr).":".($self->proxy_port);
if ($self->cipherc ne "") {
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册