Google Git
Sign in
pigweed / third_party / github / ARMmbed / mbedtls / c55a5b7d6f15c175ad0ec6bd982a1c005a1b4543^! / .
commitc55a5b7d6f15c175ad0ec6bd982a1c005a1b4543[log] [tgz]
authorManuel Pégourié-Gonnard <mpg@elzevir.fr>Thu Feb 20 22:50:56 2014 +0100
committerManuel Pégourié-Gonnard <mpg@elzevir.fr>Fri Mar 14 08:41:00 2014 +0100
treee9ad6681a19d751bfd1bffdf3083e6cbe2c2b5d4
parentdfbf9c711d07a82463110ea618d7ffa0c85b8cc7 [diff]
Add tests for cache timeout

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 8ecaf4b..e266ca3 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c

@@ -37,6 +37,10 @@
 #include "polarssl/x509.h"
 #include "polarssl/error.h"
 
+#if defined(POLARSSL_TIMING_C)
+#include "polarssl/timing.h"
+#endif
+
 #define DFL_SERVER_NAME         "localhost"
 #define DFL_SERVER_PORT         4433
 #define DFL_REQUEST_PAGE        "/"
@@ -57,6 +61,7 @@
 #define DFL_MFL_CODE            SSL_MAX_FRAG_LEN_NONE
 #define DFL_TRUNC_HMAC          0
 #define DFL_RECONNECT           0
+#define DFL_RECO_DELAY          0
 #define DFL_TICKETS             SSL_SESSION_TICKETS_ENABLED
 
 #define LONG_HEADER "User-agent: blah-blah-blah-blah-blah-blah-blah-blah-"   \
@@ -97,6 +102,7 @@
     unsigned char mfl_code;     /* code for maximum fragment length         */
     int trunc_hmac;             /* negotiate truncated hmac or not          */
     int reconnect;              /* attempt to resume session                */
+    int reco_delay;             /* delay in seconds before resuming session */
     int tickets;                /* enable / disable session tickets         */
 } opt;
 
@@ -198,6 +204,13 @@
 #define USAGE_MAX_FRAG_LEN ""
 #endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
 
+#if defined(POLARSSL_TIMING_C)
+#define USAGE_TIME \
+    "    reco_delay=%%d      default: 0 seconds\n"
+#else
+#define USAGE_TIME ""
+#endif /* POLARSSL_TIMING_C */
+
 #define USAGE \
     "\n usage: ssl_client2 param=<>...\n"                   \
     "\n acceptable parameters:\n"                           \
@@ -216,6 +229,7 @@
     "    allow_legacy=%%d     default: 0 (disabled)\n"      \
     "    renegotiate=%%d      default: 0 (disabled)\n"      \
     "    reconnect=%%d        default: 0 (disabled)\n"      \
+    USAGE_TIME                                              \
     USAGE_TICKETS                                           \
     USAGE_MAX_FRAG_LEN                                      \
     USAGE_TRUNC_HMAC                                        \
@@ -320,6 +334,7 @@
     opt.mfl_code            = DFL_MFL_CODE;
     opt.trunc_hmac          = DFL_TRUNC_HMAC;
     opt.reconnect           = DFL_RECONNECT;
+    opt.reco_delay          = DFL_RECO_DELAY;
     opt.tickets             = DFL_TICKETS;
 
     for( i = 1; i < argc; i++ )
@@ -393,6 +408,12 @@
             if( opt.reconnect < 0 || opt.reconnect > 2 )
                 goto usage;
         }
+        else if( strcmp( p, "reco_delay" ) == 0 )
+        {
+            opt.reco_delay = atoi( q );
+            if( opt.reco_delay < 0 )
+                goto usage;
+        }
         else if( strcmp( p, "tickets" ) == 0 )
         {
             opt.tickets = atoi( q );
@@ -892,8 +913,10 @@
     {
         --opt.reconnect;
 
-        // printf( "  ! Press a key to reconnect\n" );
-        // (void) getchar();
+#if defined(POLARSSL_TIMING_C)
+        if( opt.reco_delay > 0 )
+            m_sleep( 1000 * opt.reco_delay );
+#endif
 
         printf( "  . Reconnecting with saved session..." );
         fflush( stdout );

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 54ba769..a95bcad 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c

@@ -70,6 +70,7 @@
 #define DFL_MFL_CODE            SSL_MAX_FRAG_LEN_NONE
 #define DFL_TICKETS             SSL_SESSION_TICKETS_ENABLED
 #define DFL_CACHE_MAX           -1
+#define DFL_CACHE_TIMEOUT       -1
 
 #define LONG_RESPONSE "<p>01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
     "02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n"  \
@@ -112,6 +113,7 @@
     unsigned char mfl_code;     /* code for maximum fragment length         */
     int tickets;                /* enable / disable session tickets         */
     int cache_max;              /* max number of session cache entries      */
+    int cache_timeout;          /* expiration delay of session cache entries */
 } opt;
 
 static void my_debug( void *ctx, int level, const char *str )
@@ -166,7 +168,8 @@
 
 #if defined(POLARSSL_SSL_CACHE_C)
 #define USAGE_CACHE                                             \
-    "   cache_max=%%d         default: cache default (50)\n"
+    "    cache_max=%%d        default: cache default (50)\n"    \
+    "    cache_timeout=%%d    default: cache default (1d)\n"
 #else
 #define USAGE_CACHE ""
 #endif /* POLARSSL_SSL_CACHE_C */
@@ -196,6 +199,7 @@
     "    allow_legacy=%%d     default: 0 (disabled)\n"      \
     "    renegotiate=%%d      default: 0 (disabled)\n"      \
     USAGE_TICKETS                                           \
+    USAGE_CACHE                                             \
     USAGE_MAX_FRAG_LEN                                      \
     "\n"                                                    \
     "    min_version=%%s      default: \"ssl3\"\n"          \
@@ -317,6 +321,7 @@
     opt.mfl_code            = DFL_MFL_CODE;
     opt.tickets             = DFL_TICKETS;
     opt.cache_max           = DFL_CACHE_MAX;
+    opt.cache_timeout       = DFL_CACHE_TIMEOUT;
 
     for( i = 1; i < argc; i++ )
     {
@@ -472,6 +477,12 @@
             if( opt.cache_max < 0 )
                 goto usage;
         }
+        else if( strcmp( p, "cache_timeout" ) == 0 )
+        {
+            opt.cache_timeout = atoi( q );
+            if( opt.cache_timeout < 0 )
+                goto usage;
+        }
         else
             goto usage;
     }
@@ -745,6 +756,9 @@
     if( opt.cache_max != -1 )
         ssl_cache_set_max_entries( &cache, opt.cache_max );
 
+    if( opt.cache_timeout != -1 )
+        ssl_cache_set_timeout( &cache, opt.cache_timeout );
+
     ssl_set_session_cache( &ssl, ssl_cache_get, &cache,
                                  ssl_cache_set, &cache );
 #endif

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index a60248d..ac38f04 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh

@@ -27,7 +27,7 @@
     sleep 1
     $CLI_CMD $2 > cli_out
     CLI_EXIT=$?
-    echo SERVERQUIT | openssl s_client >/dev/null 2>&1
+    echo SERVERQUIT | openssl s_client -no_ticket >/dev/null 2>&1
     wait $SRV_PID
     shift 2
 
@@ -106,6 +106,11 @@
             "debug_level=4 tickets=1" \
             "debug_level=4 reconnect=1 tickets=1" \
             0 \
+            -c "client hello, adding session ticket extension" \
+            -s "found session ticket extension" \
+            -s "server hello, adding session ticket extension" \
+            -c "found session_ticket extension" \
+            -c "parse new session ticket" \
             -S "session successfully restored from cache" \
             -s "session successfully restored from ticket" \
             -s "a session has been resumed" \
@@ -115,43 +120,85 @@
             "debug_level=4 tickets=1 cache_max=0" \
             "debug_level=4 reconnect=1 tickets=1" \
             0 \
+            -c "client hello, adding session ticket extension" \
+            -s "found session ticket extension" \
+            -s "server hello, adding session ticket extension" \
+            -c "found session_ticket extension" \
+            -c "parse new session ticket" \
             -S "session successfully restored from cache" \
             -s "session successfully restored from ticket" \
             -s "a session has been resumed" \
             -c "a session has been resumed"
 
-# Test for Session Resume based on session-ID and cache
+# Tests for Session Resume based on session-ID and cache
 
-run_test    "Session resume using cache #1" \
+run_test    "Session resume using cache #1 (tickets enabled on client)" \
             "debug_level=4 tickets=0" \
-            "debug_level=4 reconnect=1 tickets=1" \
+            "debug_level=4 tickets=1 reconnect=1" \
             0 \
+            -c "client hello, adding session ticket extension" \
+            -s "found session ticket extension" \
+            -S "server hello, adding session ticket extension" \
+            -C "found session_ticket extension" \
+            -C "parse new session ticket" \
             -s "session successfully restored from cache" \
             -S "session successfully restored from ticket" \
             -s "a session has been resumed" \
             -c "a session has been resumed"
 
-run_test    "Session resume using cache #2" \
+run_test    "Session resume using cache #2 (tickets enabled on server)" \
             "debug_level=4 tickets=1" \
-            "debug_level=4 reconnect=1 tickets=0" \
+            "debug_level=4 tickets=0 reconnect=1" \
             0 \
+            -C "client hello, adding session ticket extension" \
+            -S "found session ticket extension" \
+            -S "server hello, adding session ticket extension" \
+            -C "found session_ticket extension" \
+            -C "parse new session ticket" \
             -s "session successfully restored from cache" \
             -S "session successfully restored from ticket" \
             -s "a session has been resumed" \
             -c "a session has been resumed"
 
-run_test    "Session resume using cache #3" \
+run_test    "Session resume using cache #3 (cache_max=0)" \
             "debug_level=4 tickets=0 cache_max=0" \
-            "debug_level=4 reconnect=1 tickets=0" \
+            "debug_level=4 tickets=0 reconnect=1" \
             0 \
             -S "session successfully restored from cache" \
             -S "session successfully restored from ticket" \
-            -s "no session has been resumed" \
-            -c "no session has been resumed"
+            -S "a session has been resumed" \
+            -C "a session has been resumed"
 
-run_test    "Session resume using cache #4" \
-            "debug_level=4 tickets=1 cache_max=1" \
-            "debug_level=4 reconnect=1 tickets=0" \
+run_test    "Session resume using cache #4 (cache_max=1)" \
+            "debug_level=4 tickets=0 cache_max=1" \
+            "debug_level=4 tickets=0 reconnect=1" \
+            0 \
+            -s "session successfully restored from cache" \
+            -S "session successfully restored from ticket" \
+            -s "a session has been resumed" \
+            -c "a session has been resumed"
+
+run_test    "Session resume using cache #5 (timemout > delay)" \
+            "debug_level=4 tickets=0 cache_timeout=1" \
+            "debug_level=4 tickets=0 reconnect=1 reco_delay=0" \
+            0 \
+            -s "session successfully restored from cache" \
+            -S "session successfully restored from ticket" \
+            -s "a session has been resumed" \
+            -c "a session has been resumed"
+
+run_test    "Session resume using cache #6 (timeout < delay)" \
+            "debug_level=4 tickets=0 cache_timeout=1" \
+            "debug_level=4 tickets=0 reconnect=1 reco_delay=2" \
+            0 \
+            -S "session successfully restored from cache" \
+            -S "session successfully restored from ticket" \
+            -S "a session has been resumed" \
+            -C "a session has been resumed"
+
+run_test    "Session resume using cache #7 (no timeout)" \
+            "debug_level=4 tickets=0 cache_timeout=0" \
+            "debug_level=4 tickets=0 reconnect=1 reco_delay=2" \
             0 \
             -s "session successfully restored from cache" \
             -S "session successfully restored from ticket" \