kris/th5
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

tris: add NSS server to client interop tests

Browse Source 
Similar to boringssl, reuse the NSS client image for the NSS server test
against the tris client. Bump the NSS version to 3.34.1 gain support
for TLS 1.3 keylogging which is useful while debugging.

Adjust read check to fix intermittent NSS test failures:
https://github.com/cloudflare/tls-tris/issues/58
This commit is contained in:
Peter Wu 2017-12-05 16:21:28 +00:00
parent c89a0a5f3a
commit ac01048c5e
4 changed files with 25 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.travis.yml
View File

@ -9,7 +9,7 @@ go:
env: env:
- MODE=interop CLIENT=boring SERVER=boring - MODE=interop CLIENT=boring SERVER=boring
- MODE=interop CLIENT=tstclnt - MODE=interop CLIENT=tstclnt SERVER=tstclnt
- MODE=interop CLIENT=picotls ZRTT=1 - MODE=interop CLIENT=picotls ZRTT=1
- MODE=interop CLIENT=mint - MODE=interop CLIENT=mint
- MODE=bogo - MODE=bogo

4
_dev/tris-testclient/client.go
View File

@ -57,7 +57,9 @@ func (c *Client) run(addr string, version, cipherSuite uint16) {
buf := make([]byte, 1024) buf := make([]byte, 1024)
n, err := con.Read(buf) n, err := con.Read(buf)
if err != nil { // A non-zero read with EOF is acceptable and occurs when a close_notify
// is received right after reading data (observed with NSS selfserv).
if !(n > 0 && err == io.EOF) && err != nil {
fmt.Printf("Read failed: %v\n\n", err) fmt.Printf("Read failed: %v\n\n", err)
c.failed++ c.failed++
return return

12
_dev/tstclnt/Dockerfile
View File

@ -17,8 +17,8 @@ ENV USE_64=1 NSS_ENABLE_TLS_1_3=1
# Draft 18 # Draft 18
# ARG REVISION=b6dfef6d0ff0 # ARG REVISION=b6dfef6d0ff0
# tstclnt resumption # Draft 18, NSS_3_34_1_RTM (with TLS 1.3 keylogging support)
ARG REVISION=2ed8aef0b360 ARG REVISION=e61c0f657100
RUN cd nss && hg pull RUN cd nss && hg pull
RUN cd nss && hg checkout -C $REVISION RUN cd nss && hg checkout -C $REVISION
@ -39,6 +39,14 @@ ENV LD_LIBRARY_PATH=/dist/OBJ-PATH/lib
ENV SSLTRACE=100 SSLDEBUG=100 ENV SSLTRACE=100 SSLDEBUG=100
# Init test key using an empty noise (seed) file (-z /dev/null).
# Use different subjects, otherwise NSS seems to merge keys under the same nickname.
RUN mkdir /certdb && \
/dist/OBJ-PATH/bin/certutil -d /certdb -N --empty-password && \
/dist/OBJ-PATH/bin/certutil -d /certdb -S -n rsa-server -t u -x -s CN=localhost -k rsa -z /dev/null && \
/dist/OBJ-PATH/bin/certutil -d /certdb -S -n ecdsa-server -t u -x -s CN=localhost,O=EC -k ec -z /dev/null -q nistp256
ADD httpreq.txt /httpreq.txt ADD httpreq.txt /httpreq.txt
ADD run.sh /run.sh ADD run.sh /run.sh
ADD server.sh /server.sh
ENTRYPOINT ["/run.sh"] ENTRYPOINT ["/run.sh"]

11
_dev/tstclnt/server.sh Executable file
View File

@ -0,0 +1,11 @@
#!/bin/sh
PATH=/dist/OBJ-PATH/bin:$PATH
set -x
# RSA
selfserv -n rsa-server -p 1443 -d /certdb -V tls1.2:tls1.3 -v -Z &
# ECDSA
selfserv -n ecdsa-server -p 2443 -d /certdb -V tls1.2:tls1.3 -v -Z &
wait