forked from wolfSSL/wolfssl
Merge pull request #5128 from rizlik/dtls_bidrectional_shutdown
Support DTLS bidirectional shutdown in the examples
This commit is contained in:
John Safranek
GitHub
@ -4034,17 +4034,22 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (dtlsUDP == 0) { /* don't send alert after "break" command */
|
ret = wolfSSL_shutdown(ssl);
|
||||||
ret = wolfSSL_shutdown(ssl);
|
if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) {
|
||||||
if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) {
|
while (tcp_select(wolfSSL_get_fd(ssl), DEFAULT_TIMEOUT_SEC) ==
|
||||||
if (tcp_select(sockfd, DEFAULT_TIMEOUT_SEC) == TEST_RECV_READY) {
|
TEST_RECV_READY) {
|
||||||
ret = wolfSSL_shutdown(ssl); /* bidirectional shutdown */
|
ret = wolfSSL_shutdown(ssl); /* bidirectional shutdown */
|
||||||
if (ret == WOLFSSL_SUCCESS)
|
if (ret == WOLFSSL_SUCCESS) {
|
||||||
printf("Bidirectional shutdown complete\n");
|
printf("Bidirectional shutdown complete\n");
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
if (ret != WOLFSSL_SUCCESS)
|
else if (ret != WOLFSSL_SHUTDOWN_NOT_DONE) {
|
||||||
printf("Bidirectional shutdown failed\n");
|
printf("Bidirectional shutdown failed\n");
|
||||||
|
break;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
if (ret != WOLFSSL_SUCCESS)
|
||||||
|
printf("Bidirectional shutdown failed\n");
|
||||||
}
|
}
|
||||||
#if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY)
|
#if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY)
|
||||||
if (atomicUser)
|
if (atomicUser)
|
||||||
|
|||||||
@ -2908,16 +2908,44 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
|||||||
if (doDTLS && dtlsUDP) {
|
if (doDTLS && dtlsUDP) {
|
||||||
byte b[1500];
|
byte b[1500];
|
||||||
int n;
|
int n;
|
||||||
|
int isClientHello = 0;
|
||||||
|
|
||||||
client_len = sizeof client_addr;
|
while (!isClientHello) {
|
||||||
|
client_len = sizeof client_addr;
|
||||||
|
|
||||||
/* For DTLS, peek at the next datagram so we can get the client's
|
/* For DTLS, peek at the next datagram so we can get the
|
||||||
* address and set it into the ssl object later to generate the
|
* client's address and set it into the ssl object later to
|
||||||
* cookie. */
|
* generate the cookie. */
|
||||||
n = (int)recvfrom(clientfd, (char*)b, sizeof(b), MSG_PEEK,
|
n = (int)recvfrom(clientfd, (char*)b, sizeof(b), MSG_PEEK,
|
||||||
(struct sockaddr*)&client_addr, &client_len);
|
(struct sockaddr*)&client_addr, &client_len);
|
||||||
if (n <= 0)
|
|
||||||
err_sys_ex(runWithErrors, "recvfrom failed");
|
if (n <= 0)
|
||||||
|
err_sys_ex(runWithErrors, "recvfrom failed");
|
||||||
|
|
||||||
|
/* when doing resumption, it may happen that we receive the
|
||||||
|
alert used to shutdown the first connection as the first
|
||||||
|
packet of the second accept:
|
||||||
|
|
||||||
|
Client | Server
|
||||||
|
| WolfSSL_Shutdown()
|
||||||
|
| <- Alert
|
||||||
|
| recvfrom(peek)
|
||||||
|
WolfSSL_Shutdown() |
|
||||||
|
Alert-> |
|
||||||
|
| wolfSSL_set_dtls_peer()
|
||||||
|
|
||||||
|
but this will set the wrong src port, making the test fail.
|
||||||
|
Discard not-handshake message to avoid this.
|
||||||
|
*/
|
||||||
|
if (b[0] != 0x16) {
|
||||||
|
/* discard the packet */
|
||||||
|
n = (int)recvfrom(clientfd, (char *)b, sizeof(b), 0,
|
||||||
|
(struct sockaddr *)&client_addr, &client_len);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
isClientHello = 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (doBlockSeq) {
|
if (doBlockSeq) {
|
||||||
XMEMCPY(&dtlsCtx.peer.sa, &client_addr, client_len);
|
XMEMCPY(&dtlsCtx.peer.sa, &client_addr, client_len);
|
||||||
@ -3303,9 +3331,20 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
|||||||
|
|
||||||
ret = SSL_shutdown(ssl);
|
ret = SSL_shutdown(ssl);
|
||||||
if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) {
|
if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) {
|
||||||
ret = SSL_shutdown(ssl); /* bidirectional shutdown */
|
while (tcp_select(wolfSSL_get_fd(ssl), DEFAULT_TIMEOUT_SEC) ==
|
||||||
if (ret == WOLFSSL_SUCCESS)
|
TEST_RECV_READY) {
|
||||||
printf("Bidirectional shutdown complete\n");
|
ret = wolfSSL_shutdown(ssl); /* bidirectional shutdown */
|
||||||
|
if (ret == WOLFSSL_SUCCESS) {
|
||||||
|
printf("Bidirectional shutdown complete\n");
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
else if (ret != WOLFSSL_SHUTDOWN_NOT_DONE) {
|
||||||
|
printf("Bidirectional shutdown failed\n");
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (ret != WOLFSSL_SUCCESS)
|
||||||
|
printf("Bidirectional shutdown failed\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
/* display collected statistics */
|
/* display collected statistics */
|
||||||
|
|||||||
@ -1061,3 +1061,17 @@
|
|||||||
-a
|
-a
|
||||||
-v 2
|
-v 2
|
||||||
-l ADH-AES128-SHA
|
-l ADH-AES128-SHA
|
||||||
|
|
||||||
|
# server DTLSv1.2 DHE-RSA-CHACHA20-POLY1305 bidirectional shutdown
|
||||||
|
-u
|
||||||
|
-r
|
||||||
|
-v 3
|
||||||
|
-l DHE-RSA-CHACHA20-POLY1305
|
||||||
|
-w
|
||||||
|
|
||||||
|
# client DTLSv1.2 DHE-RSA-CHACHA20-POLY1305 bidirectional shutdown
|
||||||
|
-u
|
||||||
|
-r
|
||||||
|
-v 3
|
||||||
|
-l DHE-RSA-CHACHA20-POLY1305
|
||||||
|
-w
|
||||||
|
|||||||
@ -907,3 +907,11 @@
|
|||||||
-a
|
-a
|
||||||
-v 2
|
-v 2
|
||||||
-l ADH-AES128-SHA
|
-l ADH-AES128-SHA
|
||||||
|
|
||||||
|
# server with bidirectional shutdown
|
||||||
|
-l ECDHE-RSA-AES128-SHA256
|
||||||
|
-w
|
||||||
|
|
||||||
|
# client with bidirectional shutdown
|
||||||
|
-l ECDHE-RSA-AES128-SHA256
|
||||||
|
-w
|
||||||
|
|||||||
Reference in New Issue
Block a user