On Thu, Jul 23, 2015 at 11:09:40PM +0000, Viktor Dukhovni wrote: > Any chance you have a standalone test program that works with > TLSv1_client_method(), but not with SSLv23_client_method() (and > SSLv2 disabled). Such code if added to "make test" might ensure > the problem does not come back after is is fixed. > > What would be excellent is a program that is both the client and > the server (talking to itself over a socketpair perhaps, though > that might not be portable to Windows, but perhaps it suffices > for the test to run on Unix-like systems...).
While I do have a fully automated test setup (http://buildbot.w1.fi/hwsim/) that runs on a single server and can be used with OpenSSL 0.9.8 through 1.0.2, it would be quite a stretch to claim that to be standalone in this context.. :-) I do have an example program that comes much closer, though. eap_example in hostap.git is a single process that runs EAP server and peer and runs through one authentication round. By default, it is not built with OpenSSL or for EAP-FAST, but it is straightforward to modify that to do so. Here's a step-by-step example of running this test: git clone git://w1.fi/hostap.git cd hostap/ wget http://w1.fi/p/eap-example-openssl-eap-fast.patch patch -p1 < eap-example-openssl-eap-fast.patch cd eap_example/ make ./eap_example > run1 ls -l eap-fast.pac ./eap_example > run2 grep SessionTicket run2 The eap-example-openssl-eap-fast.patch comments out the EAP-FAST workaround where I force TLSv1_method() to be used. In other words, with this patch, SSLv23_method() is used instead. The workaround can be re-enabled by reverting the change in src/crypto/tls_openssl.c (#if 0 --> #if 1). The first execution of eap_example goes through the EAP-FAST provisioning step. This works with SSLv23_method() since no SessionTicket is used here. As a result of that provisioning round, eap-fast.pac file is created with the information that the peer can use to establishing connections afterwards. On the second run (and all following runs with the PAC file present for that matter), we'll hit the issue with SSLv23_method(). That grep for SessionTicket in run2 shows this type of output in the failed case: OpenSSL: ClientHello SessionTicket extension - hexdump(len=0): EAP-FAST: SessionTicket callback EAP-FAST: SessionTicket (PAC-Opaque) - hexdump(len=0): EAP-FAST: Ignore invalid SessionTicket EAP-FAST: SessionTicket callback EAP-FAST: SessionTicket - hexdump(len=0): [NULL] OpenSSL: ClientHello SessionTicket extension - hexdump(len=0): While the workaround with TLSv1_method() shows this: OpenSSL: ClientHello SessionTicket extension - hexdump(len=60): 00 02 00 38 93 ac a7 0f 32 75 a3 88 dc b1 e4 b0 83 84 04 bd 63 ed 55 a5 37 0d 69 c9 05 a2 b4 1c f0 43 b4 d5 9b e2 2c 67 74 cf c9 3d bc 82 56 97 79 1d 03 59 5e 86 d3 e3 bd d7 a4 ca EAP-FAST: SessionTicket callback EAP-FAST: SessionTicket (PAC-Opaque) - hexdump(len=60): 00 02 00 38 93 ac a7 0f 32 75 a3 88 dc b1 e4 b0 83 84 04 bd 63 ed 55 a5 37 0d 69 c9 05 a2 b4 1c f0 43 b4 d5 9b e2 2c 67 74 cf c9 3d bc 82 56 97 79 1d 03 59 5e 86 d3 e3 bd d7 a4 ca EAP-FAST: SessionTicket callback EAP-FAST: SessionTicket - hexdump(len=0): [NULL] This may still be quite a bit too much for OpenSSL "make test" purposes, i.e., something without the full EAP-FAST implementation is likely to be sufficient there. I don't have such an example available, though. Anyway, I hope this eap_example code is useful for anyone who might be able to make SSLv23_method() case in OpenSSL support this use case. I'm trying to run the full hostapd/wpa_supplicant test suite with all OpenSSL releases, so I should at least notice regressions in the relevant areas pretty quickly. In theory, I could also do this on snapshot builds (or repository snapshots in general). -- Jouni Malinen PGP id EFC895FA _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
