tris: add NSS server to client interop tests

Similar to boringssl, reuse the NSS client image for the NSS server test against the tris client. Bump the NSS version to 3.34.1 gain support for TLS 1.3 keylogging which is useful while debugging. Adjust read check to fix intermittent NSS test failures: https://github.com/cloudflare/tls-tris/issues/58
6年前 · ac01048c5e
--- a/.travis.yml
+++ b/.travis.yml
@@ -9,7 +9,7 @@ go:

 env:
  - MODE=interop CLIENT=boring SERVER=boring
  - MODE=interop CLIENT=tstclnt
  - MODE=interop CLIENT=tstclnt SERVER=tstclnt
  - MODE=interop CLIENT=picotls ZRTT=1
  - MODE=interop CLIENT=mint
  - MODE=bogo
--- a/_dev/tris-testclient/client.go
+++ b/_dev/tris-testclient/client.go
@@ -57,7 +57,9 @@ func (c *Client) run(addr string, version, cipherSuite uint16) {

 	buf := make([]byte, 1024)
 	n, err := con.Read(buf)
 	if err != nil {
 	// A non-zero read with EOF is acceptable and occurs when a close_notify
 	// is received right after reading data (observed with NSS selfserv).
 	if !(n > 0 && err == io.EOF) && err != nil {
 		fmt.Printf("Read failed: %v\n\n", err)
 		c.failed++
 		return
--- a/_dev/tstclnt/Dockerfile
+++ b/_dev/tstclnt/Dockerfile
@@ -17,8 +17,8 @@ ENV USE_64=1 NSS_ENABLE_TLS_1_3=1
 # Draft 18
 # ARG REVISION=b6dfef6d0ff0

 # tstclnt resumption
 ARG REVISION=2ed8aef0b360
 # Draft 18, NSS_3_34_1_RTM (with TLS 1.3 keylogging support)
 ARG REVISION=e61c0f657100

 RUN cd nss && hg pull
 RUN cd nss && hg checkout -C $REVISION
@@ -39,6 +39,14 @@ ENV LD_LIBRARY_PATH=/dist/OBJ-PATH/lib

 ENV SSLTRACE=100 SSLDEBUG=100

 # Init test key using an empty noise (seed) file (-z /dev/null).
 # Use different subjects, otherwise NSS seems to merge keys under the same nickname.
 RUN mkdir /certdb && \
    /dist/OBJ-PATH/bin/certutil -d /certdb -N --empty-password && \
    /dist/OBJ-PATH/bin/certutil -d /certdb -S -n rsa-server -t u -x -s CN=localhost -k rsa -z /dev/null && \
    /dist/OBJ-PATH/bin/certutil -d /certdb -S -n ecdsa-server -t u -x -s CN=localhost,O=EC -k ec -z /dev/null -q nistp256

 ADD httpreq.txt /httpreq.txt
 ADD run.sh /run.sh
 ADD server.sh /server.sh
 ENTRYPOINT ["/run.sh"]
--- a/_dev/tstclnt/server.sh
+++ b/_dev/tstclnt/server.sh
@@ -0,0 +1,11 @@
 #!/bin/sh
 PATH=/dist/OBJ-PATH/bin:$PATH
 set -x

 # RSA
 selfserv -n rsa-server   -p 1443 -d /certdb -V tls1.2:tls1.3 -v -Z &

 # ECDSA
 selfserv -n ecdsa-server -p 2443 -d /certdb -V tls1.2:tls1.3 -v -Z &

 wait