diff options
| author | bluhm <> | 2018-11-10 08:33:45 +0000 |
|---|---|---|
| committer | bluhm <> | 2018-11-10 08:33:45 +0000 |
| commit | f6c1bae7160768251b3f75b8e4b475600098fe55 (patch) | |
| tree | 989ac6a5d0d9b125ad4f94e2dc90e1ea12b574f1 | |
| parent | 05d5adbea9d6b108d29674b9d938c3648b8f5522 (diff) | |
| download | openbsd-f6c1bae7160768251b3f75b8e4b475600098fe55.tar.gz openbsd-f6c1bae7160768251b3f75b8e4b475600098fe55.tar.bz2 openbsd-f6c1bae7160768251b3f75b8e4b475600098fe55.zip | |
Regress client and server can do session reuse now. Test this with
all combinations of LibreSSL, OpenSSL 1.0.2, and OpenSSL 1.1. It
is currently disabled for TLS 1.3 as this needs more setup.
| -rw-r--r-- | src/regress/lib/libssl/interop/Makefile | 7 | ||||
| -rw-r--r-- | src/regress/lib/libssl/interop/client.c | 146 | ||||
| -rw-r--r-- | src/regress/lib/libssl/interop/openssl/Makefile | 4 | ||||
| -rw-r--r-- | src/regress/lib/libssl/interop/openssl11/Makefile | 4 | ||||
| -rw-r--r-- | src/regress/lib/libssl/interop/server.c | 151 | ||||
| -rw-r--r-- | src/regress/lib/libssl/interop/session/Makefile | 37 |
6 files changed, 220 insertions, 129 deletions
diff --git a/src/regress/lib/libssl/interop/Makefile b/src/regress/lib/libssl/interop/Makefile index 0226cae4ab..f538f87366 100644 --- a/src/regress/lib/libssl/interop/Makefile +++ b/src/regress/lib/libssl/interop/Makefile | |||
| @@ -1,5 +1,8 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.3 2018/11/09 06:30:41 bluhm Exp $ | 1 | # $OpenBSD: Makefile,v 1.4 2018/11/10 08:33:45 bluhm Exp $ |
| 2 | 2 | ||
| 3 | SUBDIR = libressl openssl openssl11 cert | 3 | SUBDIR = libressl openssl openssl11 |
| 4 | # the above binaries must have been built before we can continue | ||
| 5 | SUBDIR += session | ||
| 6 | SUBDIR += cert | ||
| 4 | 7 | ||
| 5 | .include <bsd.subdir.mk> | 8 | .include <bsd.subdir.mk> |
diff --git a/src/regress/lib/libssl/interop/client.c b/src/regress/lib/libssl/interop/client.c index c312d7ae8a..0b5827c447 100644 --- a/src/regress/lib/libssl/interop/client.c +++ b/src/regress/lib/libssl/interop/client.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: client.c,v 1.4 2018/11/09 06:30:41 bluhm Exp $ */ | 1 | /* $OpenBSD: client.c,v 1.5 2018/11/10 08:33:45 bluhm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018 Alexander Bluhm <bluhm@openbsd.org> | 3 | * Copyright (c) 2018 Alexander Bluhm <bluhm@openbsd.org> |
| 4 | * | 4 | * |
| @@ -35,7 +35,7 @@ void __dead | |||
| 35 | usage(void) | 35 | usage(void) |
| 36 | { | 36 | { |
| 37 | fprintf(stderr, | 37 | fprintf(stderr, |
| 38 | "usage: client [-c] [-C CA] [-c crt -k key] host port"); | 38 | "usage: client [-sv] [-C CA] [-c crt -k key] host port"); |
| 39 | exit(2); | 39 | exit(2); |
| 40 | } | 40 | } |
| 41 | 41 | ||
| @@ -46,13 +46,13 @@ main(int argc, char *argv[]) | |||
| 46 | SSL_CTX *ctx; | 46 | SSL_CTX *ctx; |
| 47 | SSL *ssl; | 47 | SSL *ssl; |
| 48 | BIO *bio; | 48 | BIO *bio; |
| 49 | SSL_SESSION *session; | 49 | SSL_SESSION *session = NULL; |
| 50 | int error, verify = 0; | 50 | int error, sessionreuse = 0, verify = 0; |
| 51 | char buf[256], ch; | 51 | char buf[256], ch; |
| 52 | char *ca = NULL, *crt = NULL, *key = NULL; | 52 | char *ca = NULL, *crt = NULL, *key = NULL; |
| 53 | char *host_port, *host, *port; | 53 | char *host_port, *host, *port; |
| 54 | 54 | ||
| 55 | while ((ch = getopt(argc, argv, "C:c:k:v")) != -1) { | 55 | while ((ch = getopt(argc, argv, "C:c:k:sv")) != -1) { |
| 56 | switch (ch) { | 56 | switch (ch) { |
| 57 | case 'C': | 57 | case 'C': |
| 58 | ca = optarg; | 58 | ca = optarg; |
| @@ -63,6 +63,10 @@ main(int argc, char *argv[]) | |||
| 63 | case 'k': | 63 | case 'k': |
| 64 | key = optarg; | 64 | key = optarg; |
| 65 | break; | 65 | break; |
| 66 | case 's': | ||
| 67 | /* multiple reueses are possible */ | ||
| 68 | sessionreuse++; | ||
| 69 | break; | ||
| 66 | case 'v': | 70 | case 'v': |
| 67 | verify = 1; | 71 | verify = 1; |
| 68 | break; | 72 | break; |
| @@ -122,63 +126,85 @@ main(int argc, char *argv[]) | |||
| 122 | SSL_CTX_set_verify(ctx, verify ? SSL_VERIFY_PEER : SSL_VERIFY_NONE, | 126 | SSL_CTX_set_verify(ctx, verify ? SSL_VERIFY_PEER : SSL_VERIFY_NONE, |
| 123 | verify_callback); | 127 | verify_callback); |
| 124 | 128 | ||
| 125 | /* setup ssl and bio for socket operations */ | 129 | if (sessionreuse) { |
| 126 | ssl = SSL_new(ctx); | 130 | SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_CLIENT); |
| 127 | if (ssl == NULL) | ||
| 128 | err_ssl(1, "SSL_new"); | ||
| 129 | bio = BIO_new_connect(host_port); | ||
| 130 | if (bio == NULL) | ||
| 131 | err_ssl(1, "BIO_new_connect"); | ||
| 132 | print_ciphers(SSL_get_ciphers(ssl)); | ||
| 133 | |||
| 134 | /* connect */ | ||
| 135 | if (BIO_do_connect(bio) <= 0) | ||
| 136 | err_ssl(1, "BIO_do_connect"); | ||
| 137 | printf("connect "); | ||
| 138 | print_sockname(bio); | ||
| 139 | printf("connect "); | ||
| 140 | print_peername(bio); | ||
| 141 | |||
| 142 | /* do ssl client handshake */ | ||
| 143 | SSL_set_bio(ssl, bio, bio); | ||
| 144 | if ((error = SSL_connect(ssl)) <= 0) | ||
| 145 | err_ssl(1, "SSL_connect %d", error); | ||
| 146 | |||
| 147 | /* print session statistics */ | ||
| 148 | session = SSL_get_session(ssl); | ||
| 149 | if (session == NULL) | ||
| 150 | err_ssl(1, "SSL_get_session"); | ||
| 151 | if (SSL_SESSION_print_fp(stdout, session) <= 0) | ||
| 152 | err_ssl(1, "SSL_SESSION_print_fp"); | ||
| 153 | |||
| 154 | /* read server greeting and write client hello over TLS connection */ | ||
| 155 | if ((error = SSL_read(ssl, buf, 9)) <= 0) | ||
| 156 | err_ssl(1, "SSL_read %d", error); | ||
| 157 | if (error != 9) | ||
| 158 | errx(1, "read not 9 bytes greeting: %d", error); | ||
| 159 | buf[9] = '\0'; | ||
| 160 | printf("<<< %s", buf); | ||
| 161 | if (fflush(stdout) != 0) | ||
| 162 | err(1, "fflush stdout"); | ||
| 163 | strlcpy(buf, "hello\n", sizeof(buf)); | ||
| 164 | printf(">>> %s", buf); | ||
| 165 | if (fflush(stdout) != 0) | ||
| 166 | err(1, "fflush stdout"); | ||
| 167 | if ((error = SSL_write(ssl, buf, 6)) <= 0) | ||
| 168 | err_ssl(1, "SSL_write %d", error); | ||
| 169 | if (error != 6) | ||
| 170 | errx(1, "write not 6 bytes hello: %d", error); | ||
| 171 | |||
| 172 | /* shutdown connection */ | ||
| 173 | if ((error = SSL_shutdown(ssl)) < 0) | ||
| 174 | err_ssl(1, "SSL_shutdown unidirectional %d", error); | ||
| 175 | if (error <= 0) { | ||
| 176 | if ((error = SSL_shutdown(ssl)) <= 0) | ||
| 177 | err_ssl(1, "SSL_shutdown bidirectional %d", error); | ||
| 178 | } | 131 | } |
| 179 | 132 | ||
| 180 | /* cleanup and free resources */ | 133 | do { |
| 181 | SSL_free(ssl); | 134 | /* setup bio for socket operations */ |
| 135 | bio = BIO_new_connect(host_port); | ||
| 136 | if (bio == NULL) | ||
| 137 | err_ssl(1, "BIO_new_connect"); | ||
| 138 | |||
| 139 | /* connect */ | ||
| 140 | if (BIO_do_connect(bio) <= 0) | ||
| 141 | err_ssl(1, "BIO_do_connect"); | ||
| 142 | printf("connect "); | ||
| 143 | print_sockname(bio); | ||
| 144 | printf("connect "); | ||
| 145 | print_peername(bio); | ||
| 146 | |||
| 147 | /* do ssl client handshake */ | ||
| 148 | ssl = SSL_new(ctx); | ||
| 149 | if (ssl == NULL) | ||
| 150 | err_ssl(1, "SSL_new"); | ||
| 151 | print_ciphers(SSL_get_ciphers(ssl)); | ||
| 152 | SSL_set_bio(ssl, bio, bio); | ||
| 153 | /* resuse session if possible */ | ||
| 154 | if (session != NULL) { | ||
| 155 | if (SSL_set_session(ssl, session) <= 0) | ||
| 156 | err_ssl(1, "SSL_set_session"); | ||
| 157 | } | ||
| 158 | if ((error = SSL_connect(ssl)) <= 0) | ||
| 159 | err_ssl(1, "SSL_connect %d", error); | ||
| 160 | printf("session %d: %s\n", sessionreuse, | ||
| 161 | SSL_session_reused(ssl) ? "reuse" : "new"); | ||
| 162 | if (fflush(stdout) != 0) | ||
| 163 | err(1, "fflush stdout"); | ||
| 164 | |||
| 165 | /* print session statistics */ | ||
| 166 | if (sessionreuse) { | ||
| 167 | session = SSL_get1_session(ssl); | ||
| 168 | if (session == NULL) | ||
| 169 | err_ssl(1, "SSL1_get_session"); | ||
| 170 | } else { | ||
| 171 | session = SSL_get_session(ssl); | ||
| 172 | if (session == NULL) | ||
| 173 | err_ssl(1, "SSL_get_session"); | ||
| 174 | } | ||
| 175 | if (SSL_SESSION_print_fp(stdout, session) <= 0) | ||
| 176 | err_ssl(1, "SSL_SESSION_print_fp"); | ||
| 177 | |||
| 178 | /* read server greeting and write client hello over TLS */ | ||
| 179 | if ((error = SSL_read(ssl, buf, 9)) <= 0) | ||
| 180 | err_ssl(1, "SSL_read %d", error); | ||
| 181 | if (error != 9) | ||
| 182 | errx(1, "read not 9 bytes greeting: %d", error); | ||
| 183 | buf[9] = '\0'; | ||
| 184 | printf("<<< %s", buf); | ||
| 185 | if (fflush(stdout) != 0) | ||
| 186 | err(1, "fflush stdout"); | ||
| 187 | strlcpy(buf, "hello\n", sizeof(buf)); | ||
| 188 | printf(">>> %s", buf); | ||
| 189 | if (fflush(stdout) != 0) | ||
| 190 | err(1, "fflush stdout"); | ||
| 191 | if ((error = SSL_write(ssl, buf, 6)) <= 0) | ||
| 192 | err_ssl(1, "SSL_write %d", error); | ||
| 193 | if (error != 6) | ||
| 194 | errx(1, "write not 6 bytes hello: %d", error); | ||
| 195 | |||
| 196 | /* shutdown connection */ | ||
| 197 | if ((error = SSL_shutdown(ssl)) < 0) | ||
| 198 | err_ssl(1, "SSL_shutdown unidirectional %d", error); | ||
| 199 | if (error <= 0) { | ||
| 200 | if ((error = SSL_shutdown(ssl)) <= 0) | ||
| 201 | err_ssl(1, "SSL_shutdown bidirectional %d", | ||
| 202 | error); | ||
| 203 | } | ||
| 204 | |||
| 205 | SSL_free(ssl); | ||
| 206 | } while (sessionreuse--); | ||
| 207 | |||
| 182 | SSL_CTX_free(ctx); | 208 | SSL_CTX_free(ctx); |
| 183 | 209 | ||
| 184 | printf("success\n"); | 210 | printf("success\n"); |
diff --git a/src/regress/lib/libssl/interop/openssl/Makefile b/src/regress/lib/libssl/interop/openssl/Makefile index 5c51c029ce..80f313da3e 100644 --- a/src/regress/lib/libssl/interop/openssl/Makefile +++ b/src/regress/lib/libssl/interop/openssl/Makefile | |||
| @@ -1,8 +1,8 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.4 2018/11/09 06:30:41 bluhm Exp $ | 1 | # $OpenBSD: Makefile,v 1.5 2018/11/10 08:33:45 bluhm Exp $ |
| 2 | 2 | ||
| 3 | .if ! exists(/usr/local/bin/eopenssl) | 3 | .if ! exists(/usr/local/bin/eopenssl) |
| 4 | regress: | 4 | regress: |
| 5 | # install openssl-1.0.2p from ports for interop tests | 5 | # install openssl-1.0.2 from ports for interop tests |
| 6 | @echo SKIPPED | 6 | @echo SKIPPED |
| 7 | .endif | 7 | .endif |
| 8 | 8 | ||
diff --git a/src/regress/lib/libssl/interop/openssl11/Makefile b/src/regress/lib/libssl/interop/openssl11/Makefile index ec6f6db7ec..ef625dffb8 100644 --- a/src/regress/lib/libssl/interop/openssl11/Makefile +++ b/src/regress/lib/libssl/interop/openssl11/Makefile | |||
| @@ -1,8 +1,8 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.3 2018/11/09 06:30:41 bluhm Exp $ | 1 | # $OpenBSD: Makefile,v 1.4 2018/11/10 08:33:45 bluhm Exp $ |
| 2 | 2 | ||
| 3 | .if ! exists(/usr/local/bin/eopenssl11) | 3 | .if ! exists(/usr/local/bin/eopenssl11) |
| 4 | regress: | 4 | regress: |
| 5 | # install openssl-1.1.1 from ports for interop tests | 5 | # install openssl-1.1 from ports for interop tests |
| 6 | @echo SKIPPED | 6 | @echo SKIPPED |
| 7 | .endif | 7 | .endif |
| 8 | 8 | ||
diff --git a/src/regress/lib/libssl/interop/server.c b/src/regress/lib/libssl/interop/server.c index 6c0c720dfe..f50f368bb1 100644 --- a/src/regress/lib/libssl/interop/server.c +++ b/src/regress/lib/libssl/interop/server.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: server.c,v 1.4 2018/11/09 06:30:41 bluhm Exp $ */ | 1 | /* $OpenBSD: server.c,v 1.5 2018/11/10 08:33:45 bluhm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018 Alexander Bluhm <bluhm@openbsd.org> | 3 | * Copyright (c) 2018 Alexander Bluhm <bluhm@openbsd.org> |
| 4 | * | 4 | * |
| @@ -21,6 +21,7 @@ | |||
| 21 | #include <err.h> | 21 | #include <err.h> |
| 22 | #include <netdb.h> | 22 | #include <netdb.h> |
| 23 | #include <stdio.h> | 23 | #include <stdio.h> |
| 24 | #include <stdlib.h> | ||
| 24 | #include <string.h> | 25 | #include <string.h> |
| 25 | #include <unistd.h> | 26 | #include <unistd.h> |
| 26 | 27 | ||
| @@ -35,7 +36,7 @@ void __dead | |||
| 35 | usage(void) | 36 | usage(void) |
| 36 | { | 37 | { |
| 37 | fprintf(stderr, | 38 | fprintf(stderr, |
| 38 | "usage: server [-vv] [-C CA] [-c crt -k key] [host port]"); | 39 | "usage: server [-svv] [-C CA] [-c crt -k key] [host port]"); |
| 39 | exit(2); | 40 | exit(2); |
| 40 | } | 41 | } |
| 41 | 42 | ||
| @@ -45,14 +46,14 @@ main(int argc, char *argv[]) | |||
| 45 | const SSL_METHOD *method; | 46 | const SSL_METHOD *method; |
| 46 | SSL_CTX *ctx; | 47 | SSL_CTX *ctx; |
| 47 | SSL *ssl; | 48 | SSL *ssl; |
| 48 | BIO *bio; | 49 | BIO *abio, *cbio; |
| 49 | SSL_SESSION *session; | 50 | SSL_SESSION *session; |
| 50 | int error, verify = 0; | 51 | int error, sessionreuse = 0, verify = 0; |
| 51 | char buf[256], ch; | 52 | char buf[256], ch; |
| 52 | char *ca = NULL, *crt = NULL, *key = NULL; | 53 | char *ca = NULL, *crt = NULL, *key = NULL; |
| 53 | char *host_port, *host = "127.0.0.1", *port = "0"; | 54 | char *host_port, *host = "127.0.0.1", *port = "0"; |
| 54 | 55 | ||
| 55 | while ((ch = getopt(argc, argv, "C:c:k:v")) != -1) { | 56 | while ((ch = getopt(argc, argv, "C:c:k:sv")) != -1) { |
| 56 | switch (ch) { | 57 | switch (ch) { |
| 57 | case 'C': | 58 | case 'C': |
| 58 | ca = optarg; | 59 | ca = optarg; |
| @@ -63,6 +64,10 @@ main(int argc, char *argv[]) | |||
| 63 | case 'k': | 64 | case 'k': |
| 64 | key = optarg; | 65 | key = optarg; |
| 65 | break; | 66 | break; |
| 67 | case 's': | ||
| 68 | /* multiple reueses are possible */ | ||
| 69 | sessionreuse++; | ||
| 70 | break; | ||
| 66 | case 'v': | 71 | case 'v': |
| 67 | /* use twice to force client cert */ | 72 | /* use twice to force client cert */ |
| 68 | verify++; | 73 | verify++; |
| @@ -136,74 +141,94 @@ main(int argc, char *argv[]) | |||
| 136 | SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, | 141 | SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, |
| 137 | verify_callback); | 142 | verify_callback); |
| 138 | 143 | ||
| 139 | /* setup ssl and bio for socket operations */ | 144 | if (sessionreuse) { |
| 140 | ssl = SSL_new(ctx); | 145 | uint32_t context; |
| 141 | if (ssl == NULL) | 146 | |
| 142 | err_ssl(1, "SSL_new"); | 147 | SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER); |
| 143 | bio = BIO_new_accept(host_port); | 148 | context = arc4random(); |
| 144 | if (bio == NULL) | 149 | if (SSL_CTX_set_session_id_context(ctx, |
| 150 | (unsigned char *)&context, sizeof(context)) <= 0) | ||
| 151 | err_ssl(1, "SSL_CTX_set_session_id_context"); | ||
| 152 | } | ||
| 153 | |||
| 154 | /* setup bio for socket operations */ | ||
| 155 | abio = BIO_new_accept(host_port); | ||
| 156 | if (abio == NULL) | ||
| 145 | err_ssl(1, "BIO_new_accept"); | 157 | err_ssl(1, "BIO_new_accept"); |
| 146 | print_ciphers(SSL_get_ciphers(ssl)); | ||
| 147 | 158 | ||
| 148 | /* bind, listen */ | 159 | /* bind, listen */ |
| 149 | if (BIO_do_accept(bio) <= 0) | 160 | if (BIO_do_accept(abio) <= 0) |
| 150 | err_ssl(1, "BIO_do_accept setup"); | 161 | err_ssl(1, "BIO_do_accept setup"); |
| 151 | printf("listen "); | 162 | printf("listen "); |
| 152 | print_sockname(bio); | 163 | print_sockname(abio); |
| 153 | 164 | ||
| 154 | /* fork to background, set timeout, and accept */ | 165 | /* fork to background and set timeout */ |
| 155 | if (daemon(1, 1) == -1) | 166 | if (daemon(1, 1) == -1) |
| 156 | err(1, "daemon"); | 167 | err(1, "daemon"); |
| 157 | if ((int)alarm(60) == -1) | 168 | if ((int)alarm(10) == -1) |
| 158 | err(1, "alarm"); | 169 | err(1, "alarm"); |
| 159 | if (BIO_do_accept(bio) <= 0) | ||
| 160 | err_ssl(1, "BIO_do_accept wait"); | ||
| 161 | bio = BIO_pop(bio); | ||
| 162 | printf("accept "); | ||
| 163 | print_sockname(bio); | ||
| 164 | printf("accept "); | ||
| 165 | print_peername(bio); | ||
| 166 | |||
| 167 | /* do ssl server handshake */ | ||
| 168 | SSL_set_bio(ssl, bio, bio); | ||
| 169 | if ((error = SSL_accept(ssl)) <= 0) | ||
| 170 | err_ssl(1, "SSL_accept %d", error); | ||
| 171 | |||
| 172 | /* print session statistics */ | ||
| 173 | session = SSL_get_session(ssl); | ||
| 174 | if (session == NULL) | ||
| 175 | err_ssl(1, "SSL_get_session"); | ||
| 176 | if (SSL_SESSION_print_fp(stdout, session) <= 0) | ||
| 177 | err_ssl(1, "SSL_SESSION_print_fp"); | ||
| 178 | |||
| 179 | /* write server greeting and read client hello over TLS connection */ | ||
| 180 | strlcpy(buf, "greeting\n", sizeof(buf)); | ||
| 181 | printf(">>> %s", buf); | ||
| 182 | if (fflush(stdout) != 0) | ||
| 183 | err(1, "fflush stdout"); | ||
| 184 | if ((error = SSL_write(ssl, buf, 9)) <= 0) | ||
| 185 | err_ssl(1, "SSL_write %d", error); | ||
| 186 | if (error != 9) | ||
| 187 | errx(1, "write not 9 bytes greeting: %d", error); | ||
| 188 | if ((error = SSL_read(ssl, buf, 6)) <= 0) | ||
| 189 | err_ssl(1, "SSL_read %d", error); | ||
| 190 | if (error != 6) | ||
| 191 | errx(1, "read not 6 bytes hello: %d", error); | ||
| 192 | buf[6] = '\0'; | ||
| 193 | printf("<<< %s", buf); | ||
| 194 | if (fflush(stdout) != 0) | ||
| 195 | err(1, "fflush stdout"); | ||
| 196 | |||
| 197 | /* shutdown connection */ | ||
| 198 | if ((error = SSL_shutdown(ssl)) < 0) | ||
| 199 | err_ssl(1, "SSL_shutdown unidirectional %d", error); | ||
| 200 | if (error <= 0) { | ||
| 201 | if ((error = SSL_shutdown(ssl)) <= 0) | ||
| 202 | err_ssl(1, "SSL_shutdown bidirectional %d", error); | ||
| 203 | } | ||
| 204 | 170 | ||
| 205 | /* cleanup and free resources */ | 171 | do { |
| 206 | SSL_free(ssl); | 172 | /* accept connection */ |
| 173 | if (BIO_do_accept(abio) <= 0) | ||
| 174 | err_ssl(1, "BIO_do_accept wait"); | ||
| 175 | cbio = BIO_pop(abio); | ||
| 176 | printf("accept "); | ||
| 177 | print_sockname(cbio); | ||
| 178 | printf("accept "); | ||
| 179 | print_peername(cbio); | ||
| 180 | |||
| 181 | /* do ssl server handshake */ | ||
| 182 | ssl = SSL_new(ctx); | ||
| 183 | if (ssl == NULL) | ||
| 184 | err_ssl(1, "SSL_new"); | ||
| 185 | print_ciphers(SSL_get_ciphers(ssl)); | ||
| 186 | SSL_set_bio(ssl, cbio, cbio); | ||
| 187 | if ((error = SSL_accept(ssl)) <= 0) | ||
| 188 | err_ssl(1, "SSL_accept %d", error); | ||
| 189 | printf("session %d: %s\n", sessionreuse, | ||
| 190 | SSL_session_reused(ssl) ? "reuse" : "new"); | ||
| 191 | if (fflush(stdout) != 0) | ||
| 192 | err(1, "fflush stdout"); | ||
| 193 | |||
| 194 | |||
| 195 | /* print session statistics */ | ||
| 196 | session = SSL_get_session(ssl); | ||
| 197 | if (session == NULL) | ||
| 198 | err_ssl(1, "SSL_get_session"); | ||
| 199 | if (SSL_SESSION_print_fp(stdout, session) <= 0) | ||
| 200 | err_ssl(1, "SSL_SESSION_print_fp"); | ||
| 201 | |||
| 202 | /* write server greeting and read client hello over TLS */ | ||
| 203 | strlcpy(buf, "greeting\n", sizeof(buf)); | ||
| 204 | printf(">>> %s", buf); | ||
| 205 | if (fflush(stdout) != 0) | ||
| 206 | err(1, "fflush stdout"); | ||
| 207 | if ((error = SSL_write(ssl, buf, 9)) <= 0) | ||
| 208 | err_ssl(1, "SSL_write %d", error); | ||
| 209 | if (error != 9) | ||
| 210 | errx(1, "write not 9 bytes greeting: %d", error); | ||
| 211 | if ((error = SSL_read(ssl, buf, 6)) <= 0) | ||
| 212 | err_ssl(1, "SSL_read %d", error); | ||
| 213 | if (error != 6) | ||
| 214 | errx(1, "read not 6 bytes hello: %d", error); | ||
| 215 | buf[6] = '\0'; | ||
| 216 | printf("<<< %s", buf); | ||
| 217 | if (fflush(stdout) != 0) | ||
| 218 | err(1, "fflush stdout"); | ||
| 219 | |||
| 220 | /* shutdown connection */ | ||
| 221 | if ((error = SSL_shutdown(ssl)) < 0) | ||
| 222 | err_ssl(1, "SSL_shutdown unidirectional %d", error); | ||
| 223 | if (error <= 0) { | ||
| 224 | if ((error = SSL_shutdown(ssl)) <= 0) | ||
| 225 | err_ssl(1, "SSL_shutdown bidirectional %d", | ||
| 226 | error); | ||
| 227 | } | ||
| 228 | |||
| 229 | SSL_free(ssl); | ||
| 230 | } while (sessionreuse--); | ||
| 231 | |||
| 207 | SSL_CTX_free(ctx); | 232 | SSL_CTX_free(ctx); |
| 208 | 233 | ||
| 209 | printf("success\n"); | 234 | printf("success\n"); |
diff --git a/src/regress/lib/libssl/interop/session/Makefile b/src/regress/lib/libssl/interop/session/Makefile new file mode 100644 index 0000000000..a555f133fb --- /dev/null +++ b/src/regress/lib/libssl/interop/session/Makefile | |||
| @@ -0,0 +1,37 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.1 2018/11/10 08:33:45 bluhm Exp $ | ||
| 2 | |||
| 3 | run-client-openssl11-reuse-server-openssl11-reuse: | ||
| 4 | @echo '\n======== $@ ========' | ||
| 5 | # TLS 1.3 needs some extra setup for session reuse | ||
| 6 | @echo DISABLED | ||
| 7 | |||
| 8 | CLEANFILES += *.out | ||
| 9 | |||
| 10 | .for clib in libressl openssl openssl11 | ||
| 11 | .for slib in libressl openssl openssl11 | ||
| 12 | |||
| 13 | REGRESS_TARGETS += run-client-${clib}-reuse-server-${slib}-reuse | ||
| 14 | |||
| 15 | run-client-${clib}-reuse-server-${slib}-reuse: 127.0.0.1.crt | ||
| 16 | @echo '\n======== $@ ========' | ||
| 17 | LD_LIBRARY_PATH=/usr/local/lib/e${slib} \ | ||
| 18 | ../${slib}/server >server-${slib}-reuse.out \ | ||
| 19 | -ss \ | ||
| 20 | 127.0.0.1 0 | ||
| 21 | LD_LIBRARY_PATH=/usr/local/lib/e${clib} \ | ||
| 22 | ../${clib}/client >client-${clib}-reuse.out \ | ||
| 23 | -ss \ | ||
| 24 | `sed -n 's/listen sock: //p' server-${slib}-reuse.out` | ||
| 25 | grep '^success$$' server-${slib}-reuse.out | ||
| 26 | grep '^success$$' client-${clib}-reuse.out | ||
| 27 | grep '^session 2: new$$' server-${slib}-reuse.out | ||
| 28 | grep '^session 2: new$$' client-${clib}-reuse.out | ||
| 29 | grep '^session 1: reuse$$' server-${slib}-reuse.out | ||
| 30 | grep '^session 1: reuse$$' client-${clib}-reuse.out | ||
| 31 | grep '^session 0: reuse$$' server-${slib}-reuse.out | ||
| 32 | grep '^session 0: reuse$$' client-${clib}-reuse.out | ||
| 33 | |||
| 34 | .endfor | ||
| 35 | .endfor | ||
| 36 | |||
| 37 | .include <bsd.regress.mk> | ||