X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=util%2Fperl%2FTLSProxy%2FProxy.pm;h=7b4ad052de273ea3fd703a5f2b4b0c8da0aefdc2;hp=cc21bd6ac94ad551a100ffb528b88a953b97e327;hb=2e2faa8c4802f2fcecea699ddda246929b2ca329;hpb=438e57a43f096d37bf316869b98780e24596a5e8 diff --git a/util/perl/TLSProxy/Proxy.pm b/util/perl/TLSProxy/Proxy.pm index cc21bd6ac9..7b4ad052de 100644 --- a/util/perl/TLSProxy/Proxy.pm +++ b/util/perl/TLSProxy/Proxy.pm @@ -1,4 +1,4 @@ -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -58,7 +58,9 @@ sub new cert => $cert, debug => $debug, cipherc => "", - ciphers => "AES128-SHA:TLS13-AES-128-GCM-SHA256", + ciphersuitesc => "", + ciphers => "AES128-SHA", + ciphersuitess => "TLS_AES_128_GCM_SHA256", flight => 0, record_list => [], message_list => [], @@ -101,14 +103,41 @@ sub new } } + # Create the Proxy socket + my $proxaddr = $self->{proxy_addr}; + $proxaddr =~ s/[\[\]]//g; # Remove [ and ] + my @proxyargs = ( + LocalHost => $proxaddr, + LocalPort => $self->{proxy_port}, + Proto => "tcp", + Listen => SOMAXCONN, + ); + push @proxyargs, ReuseAddr => 1 + unless $^O eq "MSWin32"; + $self->{proxy_sock} = $IP_factory->(@proxyargs); + + if ($self->{proxy_sock}) { + print "Proxy started on port ".$self->{proxy_port}."\n"; + } else { + warn "Failed creating proxy socket (".$proxaddr.",".$self->{proxy_port}."): $!\n"; + } + return bless $self, $class; } +sub DESTROY +{ + my $self = shift; + + $self->{proxy_sock}->close() if $self->{proxy_sock}; +} + sub clearClient { my $self = shift; $self->{cipherc} = ""; + $self->{ciphersuitec} = ""; $self->{flight} = 0; $self->{record_list} = []; $self->{message_list} = []; @@ -127,7 +156,8 @@ sub clear my $self = shift; $self->clearClient; - $self->{ciphers} = "AES128-SHA:TLS13-AES-128-GCM-SHA256"; + $self->{ciphers} = "AES128-SHA"; + $self->{ciphersuitess} = "TLS_AES_128_GCM_SHA256"; $self->{serverflags} = ""; $self->{serverconnects} = 1; $self->{serverpid} = 0; @@ -155,21 +185,26 @@ sub start my ($self) = shift; my $pid; + if ($self->{proxy_sock} == 0) { + return 0; + } + $pid = fork(); if ($pid == 0) { - if (!$self->debug) { - open(STDOUT, ">", File::Spec->devnull()) - or die "Failed to redirect stdout: $!"; - open(STDERR, ">&STDOUT"); - } my $execcmd = $self->execute - ." s_server -no_comp -rev -engine ossltest -accept " + ." s_server -max_protocol TLSv1.3 -no_comp -rev -engine ossltest -accept " .($self->server_port) ." -cert ".$self->cert." -cert2 ".$self->cert ." -naccept ".$self->serverconnects; + unless ($self->supports_IPv6) { + $execcmd .= " -4"; + } if ($self->ciphers ne "") { $execcmd .= " -cipher ".$self->ciphers; } + if ($self->ciphersuitess ne "") { + $execcmd .= " -ciphersuites ".$self->ciphersuitess; + } if ($self->serverflags ne "") { $execcmd .= " ".$self->serverflags; } @@ -188,37 +223,9 @@ sub clientstart my ($self) = shift; my $oldstdout; - if(!$self->debug) { - open DEVNULL, ">", File::Spec->devnull(); - $oldstdout = select(DEVNULL); - } - - # Create the Proxy socket - my $proxaddr = $self->proxy_addr; - $proxaddr =~ s/[\[\]]//g; # Remove [ and ] - my $proxy_sock = $IP_factory->( - LocalHost => $proxaddr, - LocalPort => $self->proxy_port, - Proto => "tcp", - Listen => SOMAXCONN, - ReuseAddr => 1 - ); - - if ($proxy_sock) { - print "Proxy started on port ".$self->proxy_port."\n"; - } else { - warn "Failed creating proxy socket (".$proxaddr.",".$self->proxy_port."): $!\n"; - return 0; - } - if ($self->execute) { my $pid = fork(); if ($pid == 0) { - if (!$self->debug) { - open(STDOUT, ">", File::Spec->devnull()) - or die "Failed to redirect stdout: $!"; - open(STDERR, ">&STDOUT"); - } my $echostr; if ($self->reneg()) { $echostr = "R"; @@ -226,11 +233,17 @@ sub clientstart $echostr = "test"; } my $execcmd = "echo ".$echostr." | ".$self->execute - ." s_client -engine ossltest -connect " + ." s_client -max_protocol TLSv1.3 -engine ossltest -connect " .($self->proxy_addr).":".($self->proxy_port); + unless ($self->supports_IPv6) { + $execcmd .= " -4"; + } if ($self->cipherc ne "") { $execcmd .= " -cipher ".$self->cipherc; } + if ($self->ciphersuitesc ne "") { + $execcmd .= " -ciphersuites ".$self->ciphersuitesc; + } if ($self->clientflags ne "") { $execcmd .= " ".$self->clientflags; } @@ -247,7 +260,7 @@ sub clientstart # Wait for incoming connection from client my $client_sock; - if(!($client_sock = $proxy_sock->accept())) { + if(!($client_sock = $self->{proxy_sock}->accept())) { warn "Failed accepting incoming connection: $!\n"; return 0; } @@ -255,7 +268,7 @@ sub clientstart print "Connection opened\n"; # Now connect to the server - my $retry = 10; + my $retry = 50; my $server_sock; #We loop over this a few times because sometimes s_server can take a while #to start up @@ -331,9 +344,6 @@ sub clientstart #Closing this also kills the child process $client_sock->close(); } - if($proxy_sock) { - $proxy_sock->close(); - } if(!$self->debug) { select($oldstdout); } @@ -443,24 +453,18 @@ sub supports_IPv6 my $self = shift; return $have_IPv6; } - -#Read/write accessors sub proxy_addr { my $self = shift; - if (@_) { - $self->{proxy_addr} = shift; - } return $self->{proxy_addr}; } sub proxy_port { my $self = shift; - if (@_) { - $self->{proxy_port} = shift; - } return $self->{proxy_port}; } + +#Read/write accessors sub server_addr { my $self = shift; @@ -493,6 +497,14 @@ sub cipherc } return $self->{cipherc}; } +sub ciphersuitesc +{ + my $self = shift; + if (@_) { + $self->{ciphersuitesc} = shift; + } + return $self->{ciphersuitesc}; +} sub ciphers { my $self = shift; @@ -501,6 +513,14 @@ sub ciphers } return $self->{ciphers}; } +sub ciphersuitess +{ + my $self = shift; + if (@_) { + $self->{ciphersuitess} = shift; + } + return $self->{ciphersuitess}; +} sub serverflags { my $self = shift;