From 9b80e7939047df53d913cec76350cb3a3cd09513 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Wed, 23 Jan 2019 08:42:54 +0100 Subject: tests: added tests for multiple ticket reception This introduces tests for the reception (parsing) of multiple tickets by a gnutls client. It uses the tlslite-ng server because unlike a gnutls server, tlslite-ng does send multiple tickets in a single record. That way we test that we can parse both ways of sending tickets. Resolves: #511 Signed-off-by: Nikos Mavrogiannopoulos --- tests/suite/Makefile.am | 3 +- tests/suite/multi-ticket-reception.sh | 99 +++++++++++++++++++++++++++++++++++ tests/suite/tls-fuzzer/tlslite-ng | 2 +- 3 files changed, 102 insertions(+), 2 deletions(-) create mode 100755 tests/suite/multi-ticket-reception.sh (limited to 'tests/suite') diff --git a/tests/suite/Makefile.am b/tests/suite/Makefile.am index f6e413ee56..8dccbc5726 100644 --- a/tests/suite/Makefile.am +++ b/tests/suite/Makefile.am @@ -92,7 +92,8 @@ scripts_to_test = chain.sh \ testrng.sh testcompat-polarssl.sh testcompat-openssl.sh \ testrandom.sh tls-fuzzer/tls-fuzzer-nocert.sh \ tls-fuzzer/tls-fuzzer-cert.sh tls-fuzzer/tls-fuzzer-alpn.sh \ - tls-fuzzer/tls-fuzzer-nocert-tls13.sh tls-fuzzer/tls-fuzzer-psk.sh + tls-fuzzer/tls-fuzzer-nocert-tls13.sh tls-fuzzer/tls-fuzzer-psk.sh \ + multi-ticket-reception.sh TESTS_ENVIRONMENT = EXEEXT=$(EXEEXT) \ LC_ALL="C" \ diff --git a/tests/suite/multi-ticket-reception.sh b/tests/suite/multi-ticket-reception.sh new file mode 100755 index 0000000000..63de24e904 --- /dev/null +++ b/tests/suite/multi-ticket-reception.sh @@ -0,0 +1,99 @@ +#!/bin/sh + +# Copyright (C) 2019 Red Hat, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +srcdir="${srcdir:-.}" +TLSPY_SERV="${srcdir}/tls-fuzzer/tlslite-ng/scripts/tls.py" +PYPATH="${srcdir}/tls-fuzzer/tlsfuzzer/" +CLI="${CLI:-../../src/gnutls-cli${EXEEXT}}" +unset RETCODE + +if ! test -x "${TLSPY_SERV}"; then + exit 77 +fi + +if ! test -x "${CLI}"; then + exit 77 +fi + +if test "${WINDIR}" != ""; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi + +. "${srcdir}/../scripts/common.sh" + +KEY1=${srcdir}/tls-fuzzer/tlslite-ng/tests/serverX509Key.pem +CERT1=${srcdir}/tls-fuzzer/tlsfuzzer/tests/serverX509Cert.pem + +#create links necessary for tlslite to function +pushd "${srcdir}/tls-fuzzer/tlsfuzzer" +test -L ecdsa || ln -s ../python-ecdsa/src/ecdsa ecdsa +test -L tlslite || ln -s ../tlslite-ng/tlslite tlslite 2>/dev/null +popd + +echo "Checking whether receiving 1 ticket succeeds (sanity)" + +eval "${GETPORT}" +PYTHONPATH="${PYPATH}" ${TLSPY_SERV} server --tickets 1 -k ${KEY1} -c ${CERT1} 127.0.0.1:${PORT} & +PID=$! +wait_server ${PID} + +${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-VERS-ALL:+VERS-TLS1.3 --insecure