use TLSProxy::Message;
use TLSProxy::ClientHello;
use TLSProxy::ServerHello;
+use TLSProxy::EncryptedExtensions;
use TLSProxy::ServerKeyExchange;
use TLSProxy::NewSessionTicket;
my $have_IPv6 = 0;
my $IP_factory;
+my $is_tls13 = 0;
+my $ciphersuite = undef;
+
sub new
{
my $class = shift;
clientflags => "",
serverconnects => 1,
serverpid => 0,
+ reneg => 0,
#Public read
execute => $execute,
cert => $cert,
debug => $debug,
cipherc => "",
- ciphers => "AES128-SHA",
+ ciphers => "AES128-SHA:TLS13-AES-128-GCM-SHA256",
flight => 0,
record_list => [],
message_list => [],
$self->{record_list} = [];
$self->{message_list} = [];
$self->{clientflags} = "";
+ $is_tls13 = 0;
+ $ciphersuite = undef;
TLSProxy::Message->clear();
TLSProxy::Record->clear();
my $self = shift;
$self->clearClient;
- $self->{ciphers} = "AES128-SHA";
+ $self->{ciphers} = "AES128-SHA:TLS13-AES-128-GCM-SHA256";
$self->{serverflags} = "";
$self->{serverconnects} = 1;
$self->{serverpid} = 0;
+ $self->{reneg} = 0;
}
sub restart
my $execcmd = $self->execute
." s_server -no_comp -rev -engine ossltest -accept "
.($self->server_port)
- ." -cert ".$self->cert." -naccept ".$self->serverconnects;
+ ." -cert ".$self->cert." -cert2 ".$self->cert
+ ." -naccept ".$self->serverconnects;
if ($self->ciphers ne "") {
$execcmd .= " -cipher ".$self->ciphers;
}
}
$self->serverpid($pid);
- $self->clientstart;
+ return $self->clientstart;
}
sub clientstart
if ($proxy_sock) {
print "Proxy started on port ".$self->proxy_port."\n";
} else {
- die "Failed creating proxy socket (".$proxaddr.",".$self->proxy_port."): $!\n";
+ warn "Failed creating proxy socket (".$proxaddr.",".$self->proxy_port."): $!\n";
+ return 0;
}
if ($self->execute) {
or die "Failed to redirect stdout: $!";
open(STDERR, ">&STDOUT");
}
- my $execcmd = "echo test | ".$self->execute
+ my $echostr;
+ if ($self->reneg()) {
+ $echostr = "R";
+ } else {
+ $echostr = "test";
+ }
+ my $execcmd = "echo ".$echostr." | ".$self->execute
." s_client -engine ossltest -connect "
.($self->proxy_addr).":".($self->proxy_port);
if ($self->cipherc ne "") {
}
# Wait for incoming connection from client
- my $client_sock = $proxy_sock->accept()
- or die "Failed accepting incoming connection: $!\n";
+ my $client_sock;
+ if(!($client_sock = $proxy_sock->accept())) {
+ warn "Failed accepting incoming connection: $!\n";
+ return 0;
+ }
print "Connection opened\n";
};
$retry--;
- if ($@ || !defined($server_sock)) {
+ #Some buggy IP factories can return a defined server_sock that hasn't
+ #actually connected, so we check peerport too
+ if ($@ || !defined($server_sock) || !defined($server_sock->peerport)) {
$server_sock->close() if defined($server_sock);
undef $server_sock;
if ($retry) {
#Sleep for a short while
select(undef, undef, undef, 0.1);
} else {
- die "Failed to start up server (".$servaddr.",".$self->server_port."): $!\n";
+ warn "Failed to start up server (".$servaddr.",".$self->server_port."): $!\n";
+ return 0;
}
}
} while (!$server_sock);
.$self->serverpid."\n";
waitpid( $self->serverpid, 0);
}
+ return 1;
}
sub process_packet
if ($record->flight != $self->flight) {
next;
}
- $packet .= $record->reconstruct_record();
+ $packet .= $record->reconstruct_record($server);
}
$self->{flight} = $self->{flight} + 1;
{
my $self = shift;
if (@_) {
- $self->{proxy_addr} = shift;
+ $self->{proxy_addr} = shift;
}
return $self->{proxy_addr};
}
{
my $self = shift;
if (@_) {
- $self->{proxy_port} = shift;
+ $self->{proxy_port} = shift;
}
return $self->{proxy_port};
}
{
my $self = shift;
if (@_) {
- $self->{server_addr} = shift;
+ $self->{server_addr} = shift;
}
return $self->{server_addr};
}
{
my $self = shift;
if (@_) {
- $self->{server_port} = shift;
+ $self->{server_port} = shift;
}
return $self->{server_port};
}
{
my $self = shift;
if (@_) {
- $self->{filter} = shift;
+ $self->{filter} = shift;
}
return $self->{filter};
}
{
my $self = shift;
if (@_) {
- $self->{cipherc} = shift;
+ $self->{cipherc} = shift;
}
return $self->{cipherc};
}
{
my $self = shift;
if (@_) {
- $self->{ciphers} = shift;
+ $self->{ciphers} = shift;
}
return $self->{ciphers};
}
{
my $self = shift;
if (@_) {
- $self->{serverflags} = shift;
+ $self->{serverflags} = shift;
}
return $self->{serverflags};
}
{
my $self = shift;
if (@_) {
- $self->{clientflags} = shift;
+ $self->{clientflags} = shift;
}
return $self->{clientflags};
}
{
my $self = shift;
if (@_) {
- $self->{serverconnects} = shift;
+ $self->{serverconnects} = shift;
}
return $self->{serverconnects};
}
{
my $self = shift;
if (@_) {
- $self->{serverpid} = shift;
+ $self->{serverpid} = shift;
}
return $self->{serverpid};
}
+
+sub fill_known_data
+{
+ my $length = shift;
+ my $ret = "";
+ for (my $i = 0; $i < $length; $i++) {
+ $ret .= chr($i);
+ }
+ return $ret;
+}
+
+sub is_tls13
+{
+ my $class = shift;
+ if (@_) {
+ $is_tls13 = shift;
+ }
+ return $is_tls13;
+}
+
+sub reneg
+{
+ my $self = shift;
+ if (@_) {
+ $self->{reneg} = shift;
+ }
+ return $self->{reneg};
+}
+
+sub ciphersuite
+{
+ my $class = shift;
+ if (@_) {
+ $ciphersuite = shift;
+ }
+ return $ciphersuite;
+}
+
1;