Cosmetics in ssl_server2 & complete tests for HVR

programs/ssl/ssl_server2.c

@@ -1683,17 +1683,26 @@ reset:
     printf( "  . Performing the SSL/TLS handshake..." );
     fflush( stdout );
 
-    while( ( ret = ssl_handshake( &ssl ) ) != 0 )
+    do ret = ssl_handshake( &ssl );
+    while( ret == POLARSSL_ERR_NET_WANT_READ ||
+           ret == POLARSSL_ERR_NET_WANT_WRITE );
+
+    if( ret == POLARSSL_ERR_SSL_HELLO_VERIFY_REQUIRED )
     {
-        if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
+        printf( " hello verification requested\n" );
+        ret = 0;
+        goto reset;
+    }
+    else if( ret != 0 )
     {
         printf( " failed\n  ! ssl_handshake returned -0x%x\n\n", -ret );
         goto reset;
     }
-    }
+    else /* ret == 0 */
-
+    {
         printf( " ok\n    [ Protocol is %s ]\n    [ Ciphersuite is %s ]\n",
                 ssl_get_version( &ssl ), ssl_get_ciphersuite( &ssl ) );
+    }
 
 #if defined(POLARSSL_SSL_ALPN)
     if( opt.alpn_string != NULL )

tests/ssl-opt.sh

@@ -2046,6 +2046,7 @@ run_test    "DTLS cookie: enabled" \
             -s "cookie verification passed" \
             -S "cookie verification skipped" \
             -c "received hello verify request" \
+            -s "hello verification requested" \
             -S "SSL - The requested feature is not available"
 
 run_test    "DTLS cookie: disabled" \
@@ -2056,18 +2057,19 @@ run_test    "DTLS cookie: disabled" \
             -S "cookie verification passed" \
             -s "cookie verification skipped" \
             -C "received hello verify request" \
+            -S "hello verification requested" \
             -S "SSL - The requested feature is not available"
 
-# wait for client having a timeout, or server sending an alert
+run_test    "DTLS cookie: default (failing)" \
-#run_test    "DTLS cookie: default (failing)" \
+            "$P_SRV dtls=1 debug_level=2 cookies=-1" \
-#            "$P_SRV dtls=1 debug_level=2 cookies=-1" \
+            "$P_CLI dtls=1 debug_level=2 hs_timeout=100-400" \
-#            "$P_CLI dtls=1 debug_level=2" \
+            1 \
-#            0 \
+            -s "cookie verification failed" \
-#            -S "cookie verification failed" \
+            -S "cookie verification passed" \
-#            -S "cookie verification passed" \
+            -S "cookie verification skipped" \
-#            -S "cookie verification skipped" \
+            -C "received hello verify request" \
-#            -C "received hello verify request" \
+            -S "hello verification requested" \
-#            -s "SSL - The requested feature is not available"
+            -s "SSL - The requested feature is not available"
 
 requires_ipv6
 run_test    "DTLS cookie: enabled, IPv6" \
@@ -2078,6 +2080,7 @@ run_test    "DTLS cookie: enabled, IPv6" \
             -s "cookie verification passed" \
             -S "cookie verification skipped" \
             -c "received hello verify request" \
+            -s "hello verification requested" \
             -S "SSL - The requested feature is not available"
 
 run_test    "DTLS cookie: enabled, nbio" \
@@ -2088,6 +2091,7 @@ run_test    "DTLS cookie: enabled, nbio" \
             -s "cookie verification passed" \
             -S "cookie verification skipped" \
             -c "received hello verify request" \
+            -s "hello verification requested" \
             -S "SSL - The requested feature is not available"
 
 # Tests for various cases of client authentication with DTLS