[openssl-commits] [openssl] master update
Andy Polyakov
appro at openssl.org
Sat Apr 14 18:00:24 UTC 2018
The branch master has been updated
via 4442061532fb1a98c22609bf37303b77716df624 (commit)
via de5b3a8645a3b2dd22fa8866e64488eb2b69777d (commit)
from d47eb76cd5fef2495c23705733d7034370063556 (commit)
- Log -----------------------------------------------------------------
commit 4442061532fb1a98c22609bf37303b77716df624
Author: Andy Polyakov <appro at openssl.org>
Date: Thu Apr 12 10:05:22 2018 +0200
TLSProxy/Proxy.pm: straighten inner loop termination logic.
Original condition was susceptible to race condition...
Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5933)
commit de5b3a8645a3b2dd22fa8866e64488eb2b69777d
Author: Andy Polyakov <appro at openssl.org>
Date: Wed Apr 11 23:16:52 2018 +0200
TLSProxy/Proxy.pm: bind s_server to loopback interface.
Bind even test/ssltest_old.c to loopback interface. This allows to avoid
unnecessary alerts from Windows and Mac OS X firewalls.
Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5933)
-----------------------------------------------------------------------
Summary of changes:
test/ssltest_old.c | 3 +-
util/perl/TLSProxy/Proxy.pm | 126 +++++++++++++++++++++++---------------------
2 files changed, 69 insertions(+), 60 deletions(-)
diff --git a/test/ssltest_old.c b/test/ssltest_old.c
index 9469485..34705c3 100644
--- a/test/ssltest_old.c
+++ b/test/ssltest_old.c
@@ -1836,7 +1836,8 @@ int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count,
int err_in_client = 0;
int err_in_server = 0;
- acpt = BIO_new_accept("0");
+ acpt = BIO_new_accept(family == BIO_FAMILY_IPV4 ? "127.0.0.1:0"
+ : "[::1]:0");
if (acpt == NULL)
goto err;
BIO_set_accept_ip_family(acpt, family);
diff --git a/util/perl/TLSProxy/Proxy.pm b/util/perl/TLSProxy/Proxy.pm
index 752b572..9e9764d 100644
--- a/util/perl/TLSProxy/Proxy.pm
+++ b/util/perl/TLSProxy/Proxy.pm
@@ -23,9 +23,50 @@ use TLSProxy::CertificateVerify;
use TLSProxy::ServerKeyExchange;
use TLSProxy::NewSessionTicket;
-my $have_IPv6 = 0;
+my $have_IPv6;
my $IP_factory;
+BEGIN
+{
+ # IO::Socket::IP is on the core module list, IO::Socket::INET6 isn't.
+ # However, IO::Socket::INET6 is older and is said to be more widely
+ # deployed for the moment, and may have less bugs, so we try the latter
+ # first, then fall back on the core modules. Worst case scenario, we
+ # fall back to IO::Socket::INET, only supports IPv4.
+ eval {
+ require IO::Socket::INET6;
+ my $s = IO::Socket::INET6->new(
+ LocalAddr => "::1",
+ LocalPort => 0,
+ Listen=>1,
+ );
+ $s or die "\n";
+ $s->close();
+ };
+ if ($@ eq "") {
+ $IP_factory = sub { IO::Socket::INET6->new(@_); };
+ $have_IPv6 = 1;
+ } else {
+ eval {
+ require IO::Socket::IP;
+ my $s = IO::Socket::IP->new(
+ LocalAddr => "::1",
+ LocalPort => 0,
+ Listen=>1,
+ );
+ $s or die "\n";
+ $s->close();
+ };
+ if ($@ eq "") {
+ $IP_factory = sub { IO::Socket::IP->new(@_); };
+ $have_IPv6 = 1;
+ } else {
+ $IP_factory = sub { IO::Socket::INET->new(@_); };
+ $have_IPv6 = 0;
+ }
+ }
+}
+
my $is_tls13 = 0;
my $ciphersuite = undef;
@@ -39,8 +80,7 @@ sub new
my $self = {
#Public read/write
- proxy_addr => "localhost",
- server_addr => "localhost",
+ proxy_addr => $have_IPv6 ? "[::1]" : "127.0.0.1",
filter => $filter,
serverflags => "",
clientflags => "",
@@ -67,43 +107,6 @@ sub new
message_list => [],
};
- # IO::Socket::IP is on the core module list, IO::Socket::INET6 isn't.
- # However, IO::Socket::INET6 is older and is said to be more widely
- # deployed for the moment, and may have less bugs, so we try the latter
- # first, then fall back on the code modules. Worst case scenario, we
- # fall back to IO::Socket::INET, only supports IPv4.
- eval {
- require IO::Socket::INET6;
- my $s = IO::Socket::INET6->new(
- LocalAddr => "::1",
- LocalPort => 0,
- Listen=>1,
- );
- $s or die "\n";
- $s->close();
- };
- if ($@ eq "") {
- $IP_factory = sub { IO::Socket::INET6->new(@_); };
- $have_IPv6 = 1;
- } else {
- eval {
- require IO::Socket::IP;
- my $s = IO::Socket::IP->new(
- LocalAddr => "::1",
- LocalPort => 0,
- Listen=>1,
- );
- $s or die "\n";
- $s->close();
- };
- if ($@ eq "") {
- $IP_factory = sub { IO::Socket::IP->new(@_); };
- $have_IPv6 = 1;
- } else {
- $IP_factory = sub { IO::Socket::INET->new(@_); };
- }
- }
-
# Create the Proxy socket
my $proxaddr = $self->{proxy_addr};
$proxaddr =~ s/[\[\]]//g; # Remove [ and ]
@@ -113,11 +116,16 @@ sub new
Proto => "tcp",
Listen => SOMAXCONN,
);
- $self->{proxy_sock} = $IP_factory->(@proxyargs);
- if ($self->{proxy_sock}) {
- $self->{proxy_port} = $self->{proxy_sock}->sockport();
- print "Proxy started on port ".$self->{proxy_port}."\n";
+ if (my $sock = $IP_factory->(@proxyargs)) {
+ $self->{proxy_sock} = $sock;
+ $self->{proxy_port} = $sock->sockport();
+ $self->{proxy_addr} = $sock->sockhost();
+ $self->{proxy_addr} =~ s/(.*:.*)/[$1]/;
+ print "Proxy started on port ",
+ "$self->{proxy_addr}:$self->{proxy_port}\n";
+ # use same address for s_server
+ $self->{server_addr} = $self->{proxy_addr};
} else {
warn "Failed creating proxy socket (".$proxaddr.",0): $!\n";
}
@@ -212,11 +220,9 @@ sub start
my $execcmd = $self->execute
." s_server -max_protocol TLSv1.3 -no_comp -rev -engine ossltest"
- ." -accept 0 -cert ".$self->cert." -cert2 ".$self->cert
+ ." -accept $self->{server_addr}:0"
+ ." -cert ".$self->cert." -cert2 ".$self->cert
." -naccept ".$self->serverconnects;
- unless ($self->supports_IPv6) {
- $execcmd .= " -4";
- }
if ($self->ciphers ne "") {
$execcmd .= " -cipher ".$self->ciphers;
}
@@ -286,7 +292,7 @@ sub start
$self->{serverpid} = $pid;
print STDERR "Server responds on ",
- $self->{server_addr}, ":", $self->{server_port}, "\n";
+ "$self->{server_addr}:$self->{server_port}\n";
# Connect right away...
$self->connect_to_server();
@@ -301,11 +307,8 @@ sub clientstart
if ($self->execute) {
my $pid;
my $execcmd = $self->execute
- ." s_client -max_protocol TLSv1.3 -engine ossltest -connect "
- .($self->proxy_addr).":".($self->proxy_port);
- unless ($self->supports_IPv6) {
- $execcmd .= " -4";
- }
+ ." s_client -max_protocol TLSv1.3 -engine ossltest"
+ ." -connect $self->{proxy_addr}:$self->{proxy_port}";
if ($self->cipherc ne "") {
$execcmd .= " -cipher ".$self->cipherc;
}
@@ -315,6 +318,9 @@ sub clientstart
if ($self->clientflags ne "") {
$execcmd .= " ".$self->clientflags;
}
+ if ($self->clientflags !~ m/-(no)?servername/) {
+ $execcmd .= " -servername localhost";
+ }
if (defined $self->sessionfile) {
$execcmd .= " -ign_eof";
}
@@ -363,12 +369,14 @@ sub clientstart
$fdset = IO::Select->new($server_sock, $client_sock);
my @ready;
my $ctr = 0;
+ my $sessionfile = $self->{sessionfile};
local $SIG{PIPE} = "IGNORE";
- while($fdset->count
- && (!(TLSProxy::Message->end)
- || (defined $self->sessionfile()
- && (-s $self->sessionfile()) == 0))
- && $ctr < 10) {
+ while($fdset->count && $ctr < 10) {
+ if (defined($sessionfile)) {
+ # s_client got -ign_eof and won't be exiting voluntarily, so we
+ # look for data *and* check on session file...
+ last if TLSProxy::Message->success() && -s $sessionfile;
+ }
if (!(@ready = $fdset->can_read(1))) {
$ctr++;
next;
More information about the openssl-commits
mailing list