From f814cf851be11c5c07bd83034c7bfd9e4cf814a0 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Sun, 9 Aug 2020 11:54:04 +0200 Subject: [PATCH] tests: added session resumption test Signed-off-by: Nikos Mavrogiannopoulos --- tests/Makefile.am | 2 +- tests/common.sh | 44 ++++++++++++++++++++++++++++++++++ tests/resumption | 61 +++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 106 insertions(+), 1 deletion(-) create mode 100755 tests/resumption diff --git a/tests/Makefile.am b/tests/Makefile.am index 60e78fe9..e5400879 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -95,7 +95,7 @@ dist_check_SCRIPTS += test-pass test-pass-cert test-cert test-group-pass \ test-pass-group-cert test-pass-group-cert-no-pass test-sighup \ test-enc-key test-sighup-key-change test-get-cert test-san-cert \ test-gssapi test-pass-opt-cert test-cert-opt-pass test-gssapi-opt-pass \ - test-gssapi-opt-cert haproxy-auth test-maintenance \ + test-gssapi-opt-cert haproxy-auth test-maintenance resumption \ test-group-name flowcontrol banner invalid-configs if HAVE_CWRAP_PAM diff --git a/tests/common.sh b/tests/common.sh index 477d568c..c97f540d 100644 --- a/tests/common.sh +++ b/tests/common.sh @@ -215,4 +215,48 @@ cleanup() { return $ret } +# Check for a utility to list ports. Both ss and netstat will list +# ports for normal users, and have similar semantics, so put the +# command in the caller's PFCMD, or exit, indicating an unsupported +# test. Prefer ss from iproute2 over the older netstat. +have_port_finder() { + for file in $(which ss 2> /dev/null) /*bin/ss /usr/*bin/ss /usr/local/*bin/ss;do + if test -x "$file";then + PFCMD="$file";return 0 + fi + done + + if test -z "$PFCMD";then + for file in $(which netstat 2> /dev/null) /bin/netstat /usr/bin/netstat /usr/local/bin/netstat;do + if test -x "$file";then + PFCMD="$file";return 0 + fi + done + fi + + if test -z "$PFCMD";then + echo "neither ss nor netstat found" + exit 1 + fi +} + +check_if_port_in_use() { + local PORT="$1" + local PFCMD; have_port_finder + $PFCMD -an|grep "[\:\.]$PORT" >/dev/null 2>&1 +} + +# Find a port number not currently in use. +GETPORT=' + rc=0 + unset myrandom + while test $rc = 0; do + if test -n "$RANDOM"; then myrandom=$(($RANDOM + $RANDOM)); fi + if test -z "$myrandom"; then myrandom=$(date +%N | sed s/^0*//); fi + if test -z "$myrandom"; then myrandom=0; fi + PORT="$(((($$<<15)|$myrandom) % 63001 + 2000))" + check_if_port_in_use $PORT;rc=$? + done +' + trap "fail \"Failed to launch the server, aborting test... \"" 10 diff --git a/tests/resumption b/tests/resumption new file mode 100755 index 00000000..64a312aa --- /dev/null +++ b/tests/resumption @@ -0,0 +1,61 @@ +#!/bin/bash +# +# Copyright (C) 2020 Nikos Mavrogiannopoulos +# +# This file is part of ocserv. +# +# ocserv is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2 of the License, or (at +# your option) any later version. +# +# ocserv is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +SERV="${SERV:-../src/ocserv}" +srcdir=${srcdir:-.} +NO_NEED_ROOT=1 + +TMPFILE=resume.$$.tmp + +. `dirname $0`/common.sh + +eval "${GETPORT}" + +echo "Testing ocserv session resumption... " + +function finish { + echo " * Cleaning up..." + test -n "${PID}" && kill ${PID} >/dev/null 2>&1 + rm -f ${TMPFILE} + rm -f ${CONFIG} +} +trap finish EXIT + +update_config test1.config +launch_simple_sr_server -d 1 -f -c ${CONFIG} +PID=$! + +wait_server $PID + +echo -n "Connecting to resume... " +( LD_PRELOAD=libsocket_wrapper.so gnutls-cli -r --priority NORMAL:-VERS-ALL:+VERS-TLS1.2 $ADDRESS --port $PORT --insecure > $TMPFILE 2>/dev/null