use TLSProxy::Record;
use TLSProxy::Message;
use TLSProxy::ClientHello;
+use TLSProxy::HelloRetryRequest;
use TLSProxy::ServerHello;
+use TLSProxy::EncryptedExtensions;
+use TLSProxy::Certificate;
+use TLSProxy::CertificateVerify;
use TLSProxy::ServerKeyExchange;
use TLSProxy::NewSessionTicket;
my $IP_factory;
my $is_tls13 = 0;
+my $ciphersuite = undef;
sub new
{
clientflags => "",
serverconnects => 1,
serverpid => 0,
+ clientpid => 0,
+ reneg => 0,
+ sessionfile => undef,
#Public read
execute => $execute,
$self->{record_list} = [];
$self->{message_list} = [];
$self->{clientflags} = "";
+ $self->{sessionfile} = undef;
+ $self->{clientpid} = 0;
$is_tls13 = 0;
+ $ciphersuite = undef;
TLSProxy::Message->clear();
TLSProxy::Record->clear();
$self->{serverflags} = "";
$self->{serverconnects} = 1;
$self->{serverpid} = 0;
+ $self->{reneg} = 0;
}
sub restart
my $execcmd = $self->execute
." s_server -no_comp -rev -engine ossltest -accept "
.($self->server_port)
- ." -cert ".$self->cert." -naccept ".$self->serverconnects;
+ ." -cert ".$self->cert." -cert2 ".$self->cert
+ ." -naccept ".$self->serverconnects;
if ($self->ciphers ne "") {
$execcmd .= " -cipher ".$self->ciphers;
}
if ($self->serverflags ne "") {
$execcmd .= " ".$self->serverflags;
}
+ if ($self->debug) {
+ print STDERR "Server command: $execcmd\n";
+ }
exec($execcmd);
}
$self->serverpid($pid);
or die "Failed to redirect stdout: $!";
open(STDERR, ">&STDOUT");
}
- my $execcmd = "echo test | ".$self->execute
+ my $echostr;
+ if ($self->reneg()) {
+ $echostr = "R";
+ } else {
+ $echostr = "test";
+ }
+ my $execcmd = "echo ".$echostr." | ".$self->execute
." s_client -engine ossltest -connect "
.($self->proxy_addr).":".($self->proxy_port);
if ($self->cipherc ne "") {
if ($self->clientflags ne "") {
$execcmd .= " ".$self->clientflags;
}
+ if (defined $self->sessionfile) {
+ $execcmd .= " -ign_eof";
+ }
+ if ($self->debug) {
+ print STDERR "Client command: $execcmd\n";
+ }
exec($execcmd);
}
+ $self->clientpid($pid);
}
# Wait for incoming connection from client
#Wait for either the server socket or the client socket to become readable
my @ready;
- while(!(TLSProxy::Message->end) && (@ready = $sel->can_read)) {
+ my $ctr = 0;
+ while( (!(TLSProxy::Message->end)
+ || (defined $self->sessionfile()
+ && (-s $self->sessionfile()) == 0))
+ && $ctr < 10
+ && (@ready = $sel->can_read(1))) {
foreach my $hand (@ready) {
if ($hand == $server_sock) {
$server_sock->sysread($indata, 16384) or goto END;
$indata = $self->process_packet(1, $indata);
$client_sock->syswrite($indata);
+ $ctr = 0;
} elsif ($hand == $client_sock) {
$client_sock->sysread($indata, 16384) or goto END;
$indata = $self->process_packet(0, $indata);
$server_sock->syswrite($indata);
+ $ctr = 0;
} else {
- print "Err\n";
- goto END;
+ $ctr++
}
}
}
+ die "No progress made" if $ctr >= 10;
+
END:
print "Connection closed\n";
if($server_sock) {
print "Waiting for server process to close: "
.$self->serverpid."\n";
waitpid( $self->serverpid, 0);
+ die "exit code $? from server process\n" if $? != 0;
}
+ die "clientpid is zero\n" if $self->clientpid == 0;
+ print "Waiting for client process to close: ".$self->clientpid."\n";
+ waitpid($self->clientpid, 0);
+
return 1;
}
{
my $self = shift;
if (@_) {
- $self->{proxy_addr} = shift;
+ $self->{proxy_addr} = shift;
}
return $self->{proxy_addr};
}
{
my $self = shift;
if (@_) {
- $self->{proxy_port} = shift;
+ $self->{proxy_port} = shift;
}
return $self->{proxy_port};
}
{
my $self = shift;
if (@_) {
- $self->{server_addr} = shift;
+ $self->{server_addr} = shift;
}
return $self->{server_addr};
}
{
my $self = shift;
if (@_) {
- $self->{server_port} = shift;
+ $self->{server_port} = shift;
}
return $self->{server_port};
}
{
my $self = shift;
if (@_) {
- $self->{filter} = shift;
+ $self->{filter} = shift;
}
return $self->{filter};
}
{
my $self = shift;
if (@_) {
- $self->{cipherc} = shift;
+ $self->{cipherc} = shift;
}
return $self->{cipherc};
}
{
my $self = shift;
if (@_) {
- $self->{ciphers} = shift;
+ $self->{ciphers} = shift;
}
return $self->{ciphers};
}
{
my $self = shift;
if (@_) {
- $self->{serverflags} = shift;
+ $self->{serverflags} = shift;
}
return $self->{serverflags};
}
{
my $self = shift;
if (@_) {
- $self->{clientflags} = shift;
+ $self->{clientflags} = shift;
}
return $self->{clientflags};
}
{
my $self = shift;
if (@_) {
- $self->{serverconnects} = shift;
+ $self->{serverconnects} = shift;
}
return $self->{serverconnects};
}
{
my $self = shift;
if (@_) {
- $self->{serverpid} = shift;
+ $self->{serverpid} = shift;
}
return $self->{serverpid};
}
+sub clientpid
+{
+ my $self = shift;
+ if (@_) {
+ $self->{clientpid} = shift;
+ }
+ return $self->{clientpid};
+}
sub fill_known_data
{
}
return $ret;
}
+
sub is_tls13
{
my $class = shift;
if (@_) {
- $is_tls13 = shift;
+ $is_tls13 = shift;
}
return $is_tls13;
}
+
+sub reneg
+{
+ my $self = shift;
+ if (@_) {
+ $self->{reneg} = shift;
+ }
+ return $self->{reneg};
+}
+
+#Setting a sessionfile means that the client will not close until the given
+#file exists. This is useful in TLSv1.3 where otherwise s_client will close
+#immediately at the end of the handshake, but before the session has been
+#received from the server. A side effect of this is that s_client never sends
+#a close_notify, so instead we consider success to be when it sends application
+#data over the connection.
+sub sessionfile
+{
+ my $self = shift;
+ if (@_) {
+ $self->{sessionfile} = shift;
+ TLSProxy::Message->successondata(1);
+ }
+ return $self->{sessionfile};
+}
+
+sub ciphersuite
+{
+ my $class = shift;
+ if (@_) {
+ $ciphersuite = shift;
+ }
+ return $ciphersuite;
+}
+
1;
projects / openssl.git / blobdiff