From 87a9c86d87e70f43c34d26b95c553b17d2869dab Mon Sep 17 00:00:00 2001 From: Zhangsen Wang Date: Tue, 28 Jun 2022 06:10:35 +0000 Subject: [PATCH 1/5] Re-enable five tests disabled because of an old OpenSSL bug Signed-off-by: Zhangsen Wang --- tests/ssl-opt.sh | 34 +++++++++++++++------------------- 1 file changed, 15 insertions(+), 19 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 9e533362a..1d5a97d7f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9170,12 +9170,10 @@ run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \ 0 \ -s "fragmenting handshake message" -## Interop test with OpenSSL might trigger a bug in recent versions (including -## all versions installed on the CI machines), reported here: -## Bug report: https://github.com/openssl/openssl/issues/6902 -## They should be re-enabled once a fixed version of OpenSSL is available -## (this should happen in some 1.1.1_ release according to the ticket). -skip_next_test +## The two tests below require 1.1.1a or higher version of openssl, otherwise +## it might trigger a bug due to openssl (https://github.com/openssl/openssl/issues/6902) + +requires_openssl_next requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C @@ -9183,7 +9181,7 @@ client_needs_more_time 4 requires_max_content_len 2048 run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \ -p "$P_PXY drop=8 delay=8 duplicate=8" \ - "$O_SRV -dtls1_2 -verify 10" \ + "$O_NEXT_SRV -dtls1_2 -verify 10" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ @@ -9192,7 +9190,7 @@ run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \ -c "fragmenting handshake message" \ -C "error" -skip_next_test +requires_openssl_next requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C @@ -10269,40 +10267,38 @@ run_test "DTLS proxy: 3d, min handshake, server-initiated renego, nbio" \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" -## Interop tests with OpenSSL might trigger a bug in recent versions (including -## all versions installed on the CI machines), reported here: -## Bug report: https://github.com/openssl/openssl/issues/6902 -## They should be re-enabled once a fixed version of OpenSSL is available -## (this should happen in some 1.1.1_ release according to the ticket). -skip_next_test +## The three tests below require 1.1.1a or higher version of openssl, otherwise +## it might trigger a bug due to openssl (https://github.com/openssl/openssl/issues/6902) +## Besides, openssl should use dtls1_2 or dtls, otherwise it will cause "SSL alert number 70" error +requires_openssl_next client_needs_more_time 6 not_with_valgrind # risk of non-mbedtls peer timing out requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, openssl server" \ -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ - "$O_SRV -dtls1 -mtu 2048" \ + "$O_NEXT_SRV -dtls1_2 -mtu 2048" \ "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 tickets=0" \ 0 \ -c "HTTP/1.0 200 OK" -skip_next_test # see above +requires_openssl_next client_needs_more_time 8 not_with_valgrind # risk of non-mbedtls peer timing out requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, openssl server, fragmentation" \ -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ - "$O_SRV -dtls1 -mtu 768" \ + "$O_NEXT_SRV -dtls1_2 -mtu 768" \ "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 tickets=0" \ 0 \ -c "HTTP/1.0 200 OK" -skip_next_test # see above +requires_openssl_next client_needs_more_time 8 not_with_valgrind # risk of non-mbedtls peer timing out requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ - "$O_SRV -dtls1 -mtu 768" \ + "$O_NEXT_SRV -dtls1_2 -mtu 768" \ "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2 tickets=0" \ 0 \ -c "HTTP/1.0 200 OK" From 9b64546eb292790336c8767af324566976c5e1e3 Mon Sep 17 00:00:00 2001 From: Zhangsen Wang <107828024+zhangsenWang@users.noreply.github.com> Date: Thu, 30 Jun 2022 10:27:08 +0800 Subject: [PATCH 2/5] Update tests/ssl-opt.sh, delete 1 blank line. Co-authored-by: Xiaokang Qian <53458466+xkqian@users.noreply.github.com> Signed-off-by: Zhangsen Wang --- tests/ssl-opt.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 1d5a97d7f..18aad8744 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9172,7 +9172,6 @@ run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \ ## The two tests below require 1.1.1a or higher version of openssl, otherwise ## it might trigger a bug due to openssl (https://github.com/openssl/openssl/issues/6902) - requires_openssl_next requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C From 91385121b915856200eec725277146227f35ebb8 Mon Sep 17 00:00:00 2001 From: Zhangsen Wang Date: Tue, 12 Jul 2022 01:48:17 +0000 Subject: [PATCH 3/5] delete openssl version requirement for openssl client, because the bug only occurs on openssl server Signed-off-by: Zhangsen Wang --- tests/ssl-opt.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 18aad8744..230f23250 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9170,8 +9170,8 @@ run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \ 0 \ -s "fragmenting handshake message" -## The two tests below require 1.1.1a or higher version of openssl, otherwise -## it might trigger a bug due to openssl (https://github.com/openssl/openssl/issues/6902) +## The test below requires 1.1.1a or higher version of openssl, otherwise +## it might trigger a bug due to openssl server (https://github.com/openssl/openssl/issues/6902) requires_openssl_next requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C @@ -9189,7 +9189,6 @@ run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \ -c "fragmenting handshake message" \ -C "error" -requires_openssl_next requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C From baeffbbdd25db78edda39ca5191aa57e82889474 Mon Sep 17 00:00:00 2001 From: Zhangsen Wang Date: Fri, 29 Jul 2022 06:34:47 +0000 Subject: [PATCH 4/5] skip test with openssl client because it will timeout with certain seed due to an openssl bug Signed-off-by: Zhangsen Wang --- tests/ssl-opt.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 230f23250..bb013833b 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9189,6 +9189,9 @@ run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \ -c "fragmenting handshake message" \ -C "error" +## the test below will time out with certain seed. +## The cause is an openssl bug (https://github.com/openssl/openssl/issues/18887) +skip_next_test requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C From d5e8a482f9f6a4fdfb10ad06da9d65ac00790dd9 Mon Sep 17 00:00:00 2001 From: Zhangsen Wang Date: Fri, 29 Jul 2022 07:53:36 +0000 Subject: [PATCH 5/5] delete whitespace in comment Signed-off-by: Zhangsen Wang --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index bb013833b..ac29a5c40 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9189,7 +9189,7 @@ run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \ -c "fragmenting handshake message" \ -C "error" -## the test below will time out with certain seed. +## the test below will time out with certain seed. ## The cause is an openssl bug (https://github.com/openssl/openssl/issues/18887) skip_next_test requires_config_enabled MBEDTLS_SSL_PROTO_DTLS