generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix TLSProxy end of test detection

Browse Source 
Previously TLSProxy would detect a successful handshake once it saw the
server Finished message. This causes problems with abbreviated handshakes,
or if the client fails to process a message from the last server flight.

This change additionally sends some application data and finishes when the
client sends a CloseNotify.

Reviewed-by: Tim Hudson <tjh@openssl.org>
This commit is contained in:
Matt Caswell 2015-08-13 16:58:20 +01:00
parent ee4ffd6fcc
commit 8af538e5c5
2 changed files with 22 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
util/TLSProxy/Message.pm
View File

@ -73,6 +73,18 @@ use constant {
MT_CERTIFICATE_STATUS => 22, MT_CERTIFICATE_STATUS => 22,
MT_NEXT_PROTO => 67 MT_NEXT_PROTO => 67
}; };
#Alert levels
use constant {
AL_LEVEL_WARN => 1,
AL_LEVEL_FATAL => 2
};
#Alert descriptions
use constant {
AL_DESC_CLOSE_NOTIFY => 0
};
my %message_type = ( my %message_type = (
MT_HELLO_REQUEST, "HelloRequest", MT_HELLO_REQUEST, "HelloRequest",
MT_CLIENT_HELLO, "ClientHello", MT_CLIENT_HELLO, "ClientHello",
@ -164,11 +176,6 @@ sub get_messages
$startoffset); $startoffset);
push @messages, $message; push @messages, $message;
#Check if we have finished the handshake
if ($mt == MT_FINISHED && $server) {
$success = 1;
$end = 1;
}
$payload = ""; $payload = "";
} else { } else {
#This is just part of the total message #This is just part of the total message
@ -210,11 +217,6 @@ sub get_messages
$startoffset); $startoffset);
push @messages, $message; push @messages, $message;
#Check if we have finished the handshake
if ($mt == MT_FINISHED && $server) {
$success = 1;
$end = 1;
}
$payload = ""; $payload = "";
} else { } else {
#This is just part of the total message #This is just part of the total message
@ -230,8 +232,15 @@ sub get_messages
print " [ENCRYPTED APPLICATION DATA]\n"; print " [ENCRYPTED APPLICATION DATA]\n";
print " [".$record->decrypt_data."]\n"; print " [".$record->decrypt_data."]\n";
} elsif ($record->content_type == TLSProxy::Record::RT_ALERT) { } elsif ($record->content_type == TLSProxy::Record::RT_ALERT) {
#For now assume all alerts are fatal my ($alertlev, $alertdesc) = unpack('CC', $record->decrypt_data);
#All alerts end the test
$end = 1; $end = 1;
#A CloseNotify from the client indicates we have finished successfully
#(we assume)
if (!$server && $alertlev == AL_LEVEL_WARN
&& $alertdesc == AL_DESC_CLOSE_NOTIFY) {
$success = 1;
}
} }
return @messages; return @messages;

4
util/TLSProxy/Proxy.pm
View File

@ -130,7 +130,7 @@ sub start
open(STDOUT, ">", File::Spec->devnull()) open(STDOUT, ">", File::Spec->devnull())
or die "Failed to redirect stdout"; or die "Failed to redirect stdout";
open(STDERR, ">&STDOUT"); open(STDERR, ">&STDOUT");
my $execcmd = $self->execute." s_server -engine ossltest -accept " my $execcmd = $self->execute." s_server -rev -engine ossltest -accept "
.($self->server_port) .($self->server_port)
." -cert ".$self->cert." -naccept 1"; ." -cert ".$self->cert." -naccept 1";
if ($self->ciphers ne "") { if ($self->ciphers ne "") {
@ -167,7 +167,7 @@ sub start
open(STDOUT, ">", File::Spec->devnull()) open(STDOUT, ">", File::Spec->devnull())
or die "Failed to redirect stdout"; or die "Failed to redirect stdout";
open(STDERR, ">&STDOUT"); open(STDERR, ">&STDOUT");
my $execcmd = $self->execute my $execcmd = "echo test | ".$self->execute
." s_client -engine ossltest -connect " ." s_client -engine ossltest -connect "
.($self->proxy_addr).":".($self->proxy_port); .($self->proxy_addr).":".($self->proxy_port);
if ($self->cipherc ne "") { if ($self->cipherc ne "") {