X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=util%2FTLSProxy%2FProxy.pm;h=5c363e76eda5398f2f8d6d79ad6f6070ec0694a7;hp=067e9beb86a8d4475d69d53fc993fdacdf0fda1d;hb=b72668a0d3586ee2560f0536c43e18991a4cfc6f;hpb=e96e0f8e420c42f28b0e86c9cf757f152f696321 diff --git a/util/TLSProxy/Proxy.pm b/util/TLSProxy/Proxy.pm index 067e9beb86..5c363e76ed 100644 --- a/util/TLSProxy/Proxy.pm +++ b/util/TLSProxy/Proxy.pm @@ -16,9 +16,11 @@ use IO::Select; use TLSProxy::Record; use TLSProxy::Message; use TLSProxy::ClientHello; +use TLSProxy::HelloRetryRequest; use TLSProxy::ServerHello; use TLSProxy::EncryptedExtensions; use TLSProxy::Certificate; +use TLSProxy::CertificateVerify; use TLSProxy::ServerKeyExchange; use TLSProxy::NewSessionTicket; @@ -47,7 +49,9 @@ sub new clientflags => "", serverconnects => 1, serverpid => 0, + clientpid => 0, reneg => 0, + sessionfile => undef, #Public read execute => $execute, @@ -109,6 +113,8 @@ sub clearClient $self->{record_list} = []; $self->{message_list} = []; $self->{clientflags} = ""; + $self->{sessionfile} = undef; + $self->{clientpid} = 0; $is_tls13 = 0; $ciphersuite = undef; @@ -167,6 +173,9 @@ sub start if ($self->serverflags ne "") { $execcmd .= " ".$self->serverflags; } + if ($self->debug) { + print STDERR "Server command: $execcmd\n"; + } exec($execcmd); } $self->serverpid($pid); @@ -225,8 +234,15 @@ sub clientstart if ($self->clientflags ne "") { $execcmd .= " ".$self->clientflags; } + if (defined $self->sessionfile) { + $execcmd .= " -ign_eof"; + } + if ($self->debug) { + print STDERR "Client command: $execcmd\n"; + } exec($execcmd); } + $self->clientpid($pid); } # Wait for incoming connection from client @@ -277,23 +293,31 @@ sub clientstart #Wait for either the server socket or the client socket to become readable my @ready; - while(!(TLSProxy::Message->end) && (@ready = $sel->can_read)) { + my $ctr = 0; + while( (!(TLSProxy::Message->end) + || (defined $self->sessionfile() + && (-s $self->sessionfile()) == 0)) + && $ctr < 10 + && (@ready = $sel->can_read(1))) { foreach my $hand (@ready) { if ($hand == $server_sock) { $server_sock->sysread($indata, 16384) or goto END; $indata = $self->process_packet(1, $indata); $client_sock->syswrite($indata); + $ctr = 0; } elsif ($hand == $client_sock) { $client_sock->sysread($indata, 16384) or goto END; $indata = $self->process_packet(0, $indata); $server_sock->syswrite($indata); + $ctr = 0; } else { - print "Err\n"; - goto END; + $ctr++ } } } + die "No progress made" if $ctr >= 10; + END: print "Connection closed\n"; if($server_sock) { @@ -315,7 +339,12 @@ sub clientstart print "Waiting for server process to close: " .$self->serverpid."\n"; waitpid( $self->serverpid, 0); + die "exit code $? from server process\n" if $? != 0; } + die "clientpid is zero\n" if $self->clientpid == 0; + print "Waiting for client process to close: ".$self->clientpid."\n"; + waitpid($self->clientpid, 0); + return 1; } @@ -509,6 +538,14 @@ sub serverpid } return $self->{serverpid}; } +sub clientpid +{ + my $self = shift; + if (@_) { + $self->{clientpid} = shift; + } + return $self->{clientpid}; +} sub fill_known_data { @@ -538,6 +575,22 @@ sub reneg return $self->{reneg}; } +#Setting a sessionfile means that the client will not close until the given +#file exists. This is useful in TLSv1.3 where otherwise s_client will close +#immediately at the end of the handshake, but before the session has been +#received from the server. A side effect of this is that s_client never sends +#a close_notify, so instead we consider success to be when it sends application +#data over the connection. +sub sessionfile +{ + my $self = shift; + if (@_) { + $self->{sessionfile} = shift; + TLSProxy::Message->successondata(1); + } + return $self->{sessionfile}; +} + sub ciphersuite { my $class = shift;