TLSv1.3 draft-23: align tests
* Changes tests so that they pass with draft-23 * BoringSSL interoperability: uses code at most recent commit. It uses "-tls13-variant draft23" flag to indicate compatibility with draft23 * NSS interoperability: Uses release 3.35 * PicoTLS interoperability: blocked. Doesn't seem to implement draft23 * Uses updated bogo from https://github.com/henrydcase/crypto-tls-bogo-shim
Esse commit está contido em:
pai
03138ec18e
commit
6e4abe2d07
@ -23,7 +23,7 @@ INSTALL_RACE:= $(words $(filter $(ARCH)_$(shell go env CGO_ENABLED), amd64_1))
|
|||||||
TARGET_TEST_COMPAT=boring picotls tstclnt
|
TARGET_TEST_COMPAT=boring picotls tstclnt
|
||||||
|
|
||||||
# Some target-specific constants
|
# Some target-specific constants
|
||||||
BORINGSSL_REVISION=1530ef3e
|
BORINGSSL_REVISION=03de6813d8992a649092b4874ef0ebc022e2f58a
|
||||||
BOGO_DOCKER_TRIS_LOCATION=/go/src/github.com/cloudflare/tls-tris
|
BOGO_DOCKER_TRIS_LOCATION=/go/src/github.com/cloudflare/tls-tris
|
||||||
|
|
||||||
###############
|
###############
|
||||||
|
|||||||
@ -10,8 +10,8 @@ RUN apk add --update \
|
|||||||
|
|
||||||
ENV CGO_ENABLED=0
|
ENV CGO_ENABLED=0
|
||||||
|
|
||||||
RUN git clone https://github.com/FiloSottile/crypto-tls-bogo-shim \
|
RUN git clone https://github.com/henrydcase/crypto-tls-bogo-shim \
|
||||||
/go/src/github.com/FiloSottile/crypto-tls-bogo-shim
|
/go/src/github.com/henrydcase/crypto-tls-bogo-shim
|
||||||
|
|
||||||
# Draft 18 with client-tests branch
|
# Draft 18 with client-tests branch
|
||||||
#ARG REVISION=3f5e87d6a1931b6f6930e4eadb7b2d0b2aa7c588
|
#ARG REVISION=3f5e87d6a1931b6f6930e4eadb7b2d0b2aa7c588
|
||||||
@ -20,10 +20,13 @@ RUN git clone https://github.com/FiloSottile/crypto-tls-bogo-shim \
|
|||||||
#ARG REVISION=81cc32b846c9fe2ea32613287e57a6a0db7bbb9a
|
#ARG REVISION=81cc32b846c9fe2ea32613287e57a6a0db7bbb9a
|
||||||
|
|
||||||
# Draft 22 with draft22-client branch (client-tests + draft22)
|
# Draft 22 with draft22-client branch (client-tests + draft22)
|
||||||
ARG REVISION=f9729b5e4eafb1f1d313949388c3c2b167e84734
|
# ARG REVISION=f9729b5e4eafb1f1d313949388c3c2b167e84734
|
||||||
|
|
||||||
RUN cd /go/src/github.com/FiloSottile/crypto-tls-bogo-shim && \
|
# Draft 23
|
||||||
|
ARG REVISION=d07b9e80a87c871c2569ce4aabd06695336c5dc5
|
||||||
|
|
||||||
|
RUN cd /go/src/github.com/henrydcase/crypto-tls-bogo-shim && \
|
||||||
git checkout $REVISION
|
git checkout $REVISION
|
||||||
|
|
||||||
WORKDIR /go/src/github.com/FiloSottile/crypto-tls-bogo-shim
|
WORKDIR /go/src/github.com/henrydcase/crypto-tls-bogo-shim
|
||||||
CMD ["make", "run"]
|
CMD ["make", "run"]
|
||||||
|
|||||||
@ -34,15 +34,24 @@ RUN mkdir boringssl/build
|
|||||||
# ARG REVISION=89917a5
|
# ARG REVISION=89917a5
|
||||||
|
|
||||||
# Draft 18
|
# Draft 18
|
||||||
#ARG REVISION=9b885c5
|
# ARG REVISION=9b885c5
|
||||||
# Draft 18, but with "bssl server -loop -www" support and build fix
|
# Draft 18, but with "bssl server -loop -www" support and build fix
|
||||||
ARG REVISION=40b24c8154
|
# ARG REVISION=40b24c8154
|
||||||
|
|
||||||
# Draft 21
|
# Draft 21
|
||||||
#ARG REVISION=cd8470f
|
# ARG REVISION=cd8470f
|
||||||
|
|
||||||
# Draft 22
|
# Draft 22
|
||||||
ARG REVISION=1530ef3e
|
# ARG REVISION=1530ef3e
|
||||||
|
|
||||||
|
# Draft 23
|
||||||
|
# ARG REVISION=cb15cfda29c0c60d8d74145b17c93b43a7667837
|
||||||
|
|
||||||
|
# Draft 28
|
||||||
|
# ARG REVISION=861f384d7bc59241a9df1634ae938d8e75be2d30
|
||||||
|
|
||||||
|
# Latest
|
||||||
|
ARG REVISION=03de6813d8992a649092b4874ef0ebc022e2f58a
|
||||||
|
|
||||||
RUN cd boringssl && git fetch
|
RUN cd boringssl && git fetch
|
||||||
RUN cd boringssl && git checkout $REVISION
|
RUN cd boringssl && git checkout $REVISION
|
||||||
|
|||||||
@ -2,7 +2,7 @@
|
|||||||
set -e
|
set -e
|
||||||
|
|
||||||
/boringssl/build/tool/bssl client -grease -min-version tls1.3 -max-version tls1.3 \
|
/boringssl/build/tool/bssl client -grease -min-version tls1.3 -max-version tls1.3 \
|
||||||
-tls13-variant draft22 -session-out /session -connect "$@" < /httpreq.txt
|
-tls13-variant draft23 -session-out /session -connect "$@" < /httpreq.txt
|
||||||
exec /boringssl/build/tool/bssl client -grease -min-version tls1.3 -max-version tls1.3 \
|
exec /boringssl/build/tool/bssl client -grease -min-version tls1.3 -max-version tls1.3 \
|
||||||
-tls13-variant draft22 -session-in /session -connect "$@" < /httpreq.txt
|
-tls13-variant draft23 -session-in /session -connect "$@" < /httpreq.txt
|
||||||
|
|
||||||
|
|||||||
@ -6,21 +6,21 @@ set -x
|
|||||||
bssl server \
|
bssl server \
|
||||||
-key rsa.pem \
|
-key rsa.pem \
|
||||||
-min-version tls1.2 -max-version tls1.3 \
|
-min-version tls1.2 -max-version tls1.3 \
|
||||||
-tls13-draft22-variant \
|
-tls13-variant draft23 \
|
||||||
-accept 1443 -loop -www 2>&1 &
|
-accept 1443 -loop -www 2>&1 &
|
||||||
|
|
||||||
# ECDSA
|
# ECDSA
|
||||||
bssl server \
|
bssl server \
|
||||||
-key ecdsa.pem \
|
-key ecdsa.pem \
|
||||||
-min-version tls1.2 -max-version tls1.3 \
|
-min-version tls1.2 -max-version tls1.3 \
|
||||||
-tls13-draft22-variant \
|
-tls13-variant draft23 \
|
||||||
-accept 2443 -loop -www 2>&1 &
|
-accept 2443 -loop -www 2>&1 &
|
||||||
|
|
||||||
# Require client authentication (with ECDSA)
|
# Require client authentication (with ECDSA)
|
||||||
bssl server \
|
bssl server \
|
||||||
-key ecdsa.pem \
|
-key ecdsa.pem \
|
||||||
-min-version tls1.2 -max-version tls1.3 \
|
-min-version tls1.2 -max-version tls1.3 \
|
||||||
-tls13-draft22-variant \
|
-tls13-variant draft23 \
|
||||||
-accept 6443 -loop -www \
|
-accept 6443 -loop -www \
|
||||||
-require-any-client-cert -debug 2>&1 &
|
-require-any-client-cert -debug 2>&1 &
|
||||||
|
|
||||||
|
|||||||
@ -46,13 +46,13 @@ class RegexSelfTest(unittest.TestCase):
|
|||||||
''' Ensures that those regexe's actually work '''
|
''' Ensures that those regexe's actually work '''
|
||||||
|
|
||||||
LINE_HELLO_TLS ="\nsomestuff\nHello TLS 1.3 _o/\nsomestuff"
|
LINE_HELLO_TLS ="\nsomestuff\nHello TLS 1.3 _o/\nsomestuff"
|
||||||
LINE_HELLO_DRAFT_TLS="\nsomestuff\nHello TLS 1.3 (draft 22) _o/\nsomestuff"
|
LINE_HELLO_DRAFT_TLS="\nsomestuff\nHello TLS 1.3 (draft 23) _o/\nsomestuff"
|
||||||
|
|
||||||
LINE_HELLO_RESUMED ="\nsomestuff\nHello TLS 1.3 (draft 22) [resumed] _o/\nsomestuff"
|
LINE_HELLO_RESUMED ="\nsomestuff\nHello TLS 1.3 (draft 23) [resumed] _o/\nsomestuff"
|
||||||
LINE_HELLO_MIXED ="\nsomestuff\nHello TLS 1.3 (draft 22) _o/\nHello TLS 1.3 (draft 22) [resumed] _o/\nsomestuff"
|
LINE_HELLO_MIXED ="\nsomestuff\nHello TLS 1.3 (draft 23) _o/\nHello TLS 1.3 (draft 23) [resumed] _o/\nsomestuff"
|
||||||
LINE_HELLO_TLS_12 ="\nsomestuff\nHello TLS 1.2 (draft 22) [resumed] _o/\nsomestuff"
|
LINE_HELLO_TLS_12 ="\nsomestuff\nHello TLS 1.2 (draft 23) [resumed] _o/\nsomestuff"
|
||||||
LINE_HELLO_TLS_13_0RTT="\nsomestuff\nHello TLS 1.3 (draft 22) [resumed] [0-RTT] _o/\nsomestuff"
|
LINE_HELLO_TLS_13_0RTT="\nsomestuff\nHello TLS 1.3 (draft 23) [resumed] [0-RTT] _o/\nsomestuff"
|
||||||
LINE_HELLO_TLS_13_0RTT_CONFIRMED="\nsomestuff\nHello TLS 1.3 (draft 22) [resumed] [0-RTT confirmed] _o/\nsomestuff"
|
LINE_HELLO_TLS_13_0RTT_CONFIRMED="\nsomestuff\nHello TLS 1.3 (draft 23) [resumed] [0-RTT confirmed] _o/\nsomestuff"
|
||||||
|
|
||||||
def test_regexes(self):
|
def test_regexes(self):
|
||||||
self.assertIsNotNone(
|
self.assertIsNotNone(
|
||||||
@ -212,12 +212,14 @@ class InteropServer_BoringSSL(
|
|||||||
unittest.TestCase
|
unittest.TestCase
|
||||||
): CLIENT_NAME = "tls-tris:boring"
|
): CLIENT_NAME = "tls-tris:boring"
|
||||||
|
|
||||||
class InteropServer_PicoTLS(
|
# PicoTLS doesn't seem to implement draft-23 correctly. It will
|
||||||
InteropServer,
|
# be enabled when draft-28 is implemented.
|
||||||
ServerNominalMixin,
|
# class InteropServer_PicoTLS(
|
||||||
ServerZeroRttMixin,
|
# InteropServer,
|
||||||
unittest.TestCase
|
# ServerNominalMixin,
|
||||||
): CLIENT_NAME = "tls-tris:picotls"
|
# ServerZeroRttMixin,
|
||||||
|
# unittest.TestCase
|
||||||
|
# ): CLIENT_NAME = "tls-tris:picotls"
|
||||||
|
|
||||||
class InteropServer_NSS(
|
class InteropServer_NSS(
|
||||||
InteropServer,
|
InteropServer,
|
||||||
|
|||||||
@ -43,6 +43,7 @@ var tlsVersionToName = map[uint16]string{
|
|||||||
tls.VersionTLS13Draft18: "1.3 (draft 18)",
|
tls.VersionTLS13Draft18: "1.3 (draft 18)",
|
||||||
tls.VersionTLS13Draft21: "1.3 (draft 21)",
|
tls.VersionTLS13Draft21: "1.3 (draft 21)",
|
||||||
tls.VersionTLS13Draft22: "1.3 (draft 22)",
|
tls.VersionTLS13Draft22: "1.3 (draft 22)",
|
||||||
|
tls.VersionTLS13Draft23: "1.3 (draft 23)",
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewServer() *server {
|
func NewServer() *server {
|
||||||
|
|||||||
@ -17,6 +17,7 @@ var tlsVersionToName = map[uint16]string{
|
|||||||
tls.VersionTLS12: "1.2",
|
tls.VersionTLS12: "1.2",
|
||||||
tls.VersionTLS13: "1.3",
|
tls.VersionTLS13: "1.3",
|
||||||
tls.VersionTLS13Draft18: "1.3 (draft 18)",
|
tls.VersionTLS13Draft18: "1.3 (draft 18)",
|
||||||
|
tls.VersionTLS13Draft23: "1.3 (draft 23)",
|
||||||
}
|
}
|
||||||
|
|
||||||
var cipherSuiteIdToName = map[uint16]string{
|
var cipherSuiteIdToName = map[uint16]string{
|
||||||
|
|||||||
@ -21,7 +21,10 @@ ENV USE_64=1 NSS_ENABLE_TLS_1_3=1
|
|||||||
# ARG REVISION=e61c0f657100
|
# ARG REVISION=e61c0f657100
|
||||||
|
|
||||||
# Draft 22
|
# Draft 22
|
||||||
ARG REVISION=88c3f3fa581b
|
#ARG REVISION=88c3f3fa581b
|
||||||
|
|
||||||
|
# Draft 23
|
||||||
|
ARG REVISION=16c622c9e1cc
|
||||||
|
|
||||||
RUN cd nss && hg pull
|
RUN cd nss && hg pull
|
||||||
RUN cd nss && hg checkout -C $REVISION
|
RUN cd nss && hg checkout -C $REVISION
|
||||||
|
|||||||
Carregando…
Referência em uma nova issue
Block a user