Kaynağa Gözat
tris: add NSS server to client interop tests
Similar to boringssl, reuse the NSS client image for the NSS server test against the tris client. Bump the NSS version to 3.34.1 gain support for TLS 1.3 keylogging which is useful while debugging. Adjust read check to fix intermittent NSS test failures: https://github.com/cloudflare/tls-tris/issues/58tls13
Peter Wu
6 yıl önce
4 değiştirilmiş dosya ile 25 ekleme ve 4 silme
Birleşik Görünüm
Diff Seçenekleri
-
+1 -1.travis.yml
-
+3 -1_dev/tris-testclient/client.go
-
+10 -2_dev/tstclnt/Dockerfile
-
+11 -0_dev/tstclnt/server.sh
+ 1
- 1
.travis.yml
Dosyayı Görüntüle
| @@ -9,7 +9,7 @@ go: | |||||
| env: | env: | ||||
| - MODE=interop CLIENT=boring SERVER=boring | - MODE=interop CLIENT=boring SERVER=boring | ||||
| - MODE=interop CLIENT=tstclnt | |||||
| - MODE=interop CLIENT=tstclnt SERVER=tstclnt | |||||
| - MODE=interop CLIENT=picotls ZRTT=1 | - MODE=interop CLIENT=picotls ZRTT=1 | ||||
| - MODE=interop CLIENT=mint | - MODE=interop CLIENT=mint | ||||
| - MODE=bogo | - MODE=bogo | ||||
+ 3
- 1
_dev/tris-testclient/client.go
Dosyayı Görüntüle
| @@ -57,7 +57,9 @@ func (c *Client) run(addr string, version, cipherSuite uint16) { | |||||
| buf := make([]byte, 1024) | buf := make([]byte, 1024) | ||||
| n, err := con.Read(buf) | n, err := con.Read(buf) | ||||
| if err != nil { | |||||
| // A non-zero read with EOF is acceptable and occurs when a close_notify | |||||
| // is received right after reading data (observed with NSS selfserv). | |||||
| if !(n > 0 && err == io.EOF) && err != nil { | |||||
| fmt.Printf("Read failed: %v\n\n", err) | fmt.Printf("Read failed: %v\n\n", err) | ||||
| c.failed++ | c.failed++ | ||||
| return | return | ||||
+ 10
- 2
_dev/tstclnt/Dockerfile
Dosyayı Görüntüle
| @@ -17,8 +17,8 @@ ENV USE_64=1 NSS_ENABLE_TLS_1_3=1 | |||||
| # Draft 18 | # Draft 18 | ||||
| # ARG REVISION=b6dfef6d0ff0 | # ARG REVISION=b6dfef6d0ff0 | ||||
| # tstclnt resumption | |||||
| ARG REVISION=2ed8aef0b360 | |||||
| # Draft 18, NSS_3_34_1_RTM (with TLS 1.3 keylogging support) | |||||
| ARG REVISION=e61c0f657100 | |||||
| RUN cd nss && hg pull | RUN cd nss && hg pull | ||||
| RUN cd nss && hg checkout -C $REVISION | RUN cd nss && hg checkout -C $REVISION | ||||
| @@ -39,6 +39,14 @@ ENV LD_LIBRARY_PATH=/dist/OBJ-PATH/lib | |||||
| ENV SSLTRACE=100 SSLDEBUG=100 | ENV SSLTRACE=100 SSLDEBUG=100 | ||||
| # Init test key using an empty noise (seed) file (-z /dev/null). | |||||
| # Use different subjects, otherwise NSS seems to merge keys under the same nickname. | |||||
| RUN mkdir /certdb && \ | |||||
| /dist/OBJ-PATH/bin/certutil -d /certdb -N --empty-password && \ | |||||
| /dist/OBJ-PATH/bin/certutil -d /certdb -S -n rsa-server -t u -x -s CN=localhost -k rsa -z /dev/null && \ | |||||
| /dist/OBJ-PATH/bin/certutil -d /certdb -S -n ecdsa-server -t u -x -s CN=localhost,O=EC -k ec -z /dev/null -q nistp256 | |||||
| ADD httpreq.txt /httpreq.txt | ADD httpreq.txt /httpreq.txt | ||||
| ADD run.sh /run.sh | ADD run.sh /run.sh | ||||
| ADD server.sh /server.sh | |||||
| ENTRYPOINT ["/run.sh"] | ENTRYPOINT ["/run.sh"] | ||||
+ 11
- 0
_dev/tstclnt/server.sh
Dosyayı Görüntüle
| @@ -0,0 +1,11 @@ | |||||
| #!/bin/sh | |||||
| PATH=/dist/OBJ-PATH/bin:$PATH | |||||
| set -x | |||||
| # RSA | |||||
| selfserv -n rsa-server -p 1443 -d /certdb -V tls1.2:tls1.3 -v -Z & | |||||
| # ECDSA | |||||
| selfserv -n ecdsa-server -p 2443 -d /certdb -V tls1.2:tls1.3 -v -Z & | |||||
| wait | |||||