Add tests for session ticket lifetime

This commit is contained in:
Manuel Pégourié-Gonnard 2014-02-21 09:18:13 +01:00
parent c55a5b7d6f
commit dbe1ee1988
2 changed files with 44 additions and 3 deletions

View file

@ -69,6 +69,7 @@
#define DFL_AUTH_MODE SSL_VERIFY_OPTIONAL
#define DFL_MFL_CODE SSL_MAX_FRAG_LEN_NONE
#define DFL_TICKETS SSL_SESSION_TICKETS_ENABLED
#define DFL_TICKET_TIMEOUT -1
#define DFL_CACHE_MAX -1
#define DFL_CACHE_TIMEOUT -1
@ -112,6 +113,7 @@ struct options
int auth_mode; /* verify mode for connection */
unsigned char mfl_code; /* code for maximum fragment length */
int tickets; /* enable / disable session tickets */
int ticket_timeout; /* session ticket lifetime */
int cache_max; /* max number of session cache entries */
int cache_timeout; /* expiration delay of session cache entries */
} opt;
@ -161,7 +163,8 @@ static void my_debug( void *ctx, int level, const char *str )
#if defined(POLARSSL_SSL_SESSION_TICKETS)
#define USAGE_TICKETS \
" tickets=%%d default: 1 (enabled)\n"
" tickets=%%d default: 1 (enabled)\n" \
" ticket_timeout=%%d default: ticket default (1d)\n"
#else
#define USAGE_TICKETS ""
#endif /* POLARSSL_SSL_SESSION_TICKETS */
@ -320,6 +323,7 @@ int main( int argc, char *argv[] )
opt.auth_mode = DFL_AUTH_MODE;
opt.mfl_code = DFL_MFL_CODE;
opt.tickets = DFL_TICKETS;
opt.ticket_timeout = DFL_TICKET_TIMEOUT;
opt.cache_max = DFL_CACHE_MAX;
opt.cache_timeout = DFL_CACHE_TIMEOUT;
@ -471,6 +475,12 @@ int main( int argc, char *argv[] )
if( opt.tickets < 0 || opt.tickets > 1 )
goto usage;
}
else if( strcmp( p, "ticket_timeout" ) == 0 )
{
opt.ticket_timeout = atoi( q );
if( opt.ticket_timeout < 0 )
goto usage;
}
else if( strcmp( p, "cache_max" ) == 0 )
{
opt.cache_max = atoi( q );
@ -765,6 +775,9 @@ int main( int argc, char *argv[] )
#if defined(POLARSSL_SSL_SESSION_TICKETS)
ssl_set_session_tickets( &ssl, opt.tickets );
if( opt.ticket_timeout != -1 )
ssl_set_session_ticket_lifetime( &ssl, opt.ticket_timeout );
#endif
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )

View file

@ -104,7 +104,7 @@ run_test "Truncated HMAC #1" \
run_test "Session resume using tickets #1" \
"debug_level=4 tickets=1" \
"debug_level=4 reconnect=1 tickets=1" \
"debug_level=4 tickets=1 reconnect=1" \
0 \
-c "client hello, adding session ticket extension" \
-s "found session ticket extension" \
@ -118,7 +118,35 @@ run_test "Session resume using tickets #1" \
run_test "Session resume using tickets #2" \
"debug_level=4 tickets=1 cache_max=0" \
"debug_level=4 reconnect=1 tickets=1" \
"debug_level=4 tickets=1 reconnect=1" \
0 \
-c "client hello, adding session ticket extension" \
-s "found session ticket extension" \
-s "server hello, adding session ticket extension" \
-c "found session_ticket extension" \
-c "parse new session ticket" \
-S "session successfully restored from cache" \
-s "session successfully restored from ticket" \
-s "a session has been resumed" \
-c "a session has been resumed"
run_test "Session resume using tickets #3" \
"debug_level=4 tickets=1 cache_max=0 ticket_timeout=1" \
"debug_level=4 tickets=1 reconnect=1 reco_delay=2" \
0 \
-c "client hello, adding session ticket extension" \
-s "found session ticket extension" \
-s "server hello, adding session ticket extension" \
-c "found session_ticket extension" \
-c "parse new session ticket" \
-S "session successfully restored from cache" \
-S "session successfully restored from ticket" \
-S "a session has been resumed" \
-C "a session has been resumed"
run_test "Session resume using tickets #4" \
"debug_level=4 tickets=1 cache_max=0 ticket_timeout=2" \
"debug_level=4 tickets=1 reconnect=1 reco_delay=0" \
0 \
-c "client hello, adding session ticket extension" \
-s "found session ticket extension" \