Cosmetics in ssl_server2 & complete tests for HVR
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 7fac0ab..92c99fb 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1683,17 +1683,26 @@
printf( " . Performing the SSL/TLS handshake..." );
fflush( stdout );
- while( ( ret = ssl_handshake( &ssl ) ) != 0 )
- {
- if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
- {
- printf( " failed\n ! ssl_handshake returned -0x%x\n\n", -ret );
- goto reset;
- }
- }
+ do ret = ssl_handshake( &ssl );
+ while( ret == POLARSSL_ERR_NET_WANT_READ ||
+ ret == POLARSSL_ERR_NET_WANT_WRITE );
- printf( " ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n",
- ssl_get_version( &ssl ), ssl_get_ciphersuite( &ssl ) );
+ if( ret == POLARSSL_ERR_SSL_HELLO_VERIFY_REQUIRED )
+ {
+ printf( " hello verification requested\n" );
+ ret = 0;
+ goto reset;
+ }
+ else if( ret != 0 )
+ {
+ printf( " failed\n ! ssl_handshake returned -0x%x\n\n", -ret );
+ goto reset;
+ }
+ else /* ret == 0 */
+ {
+ printf( " ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n",
+ ssl_get_version( &ssl ), ssl_get_ciphersuite( &ssl ) );
+ }
#if defined(POLARSSL_SSL_ALPN)
if( opt.alpn_string != NULL )
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index e9a0971..c6f170a 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -2046,6 +2046,7 @@
-s "cookie verification passed" \
-S "cookie verification skipped" \
-c "received hello verify request" \
+ -s "hello verification requested" \
-S "SSL - The requested feature is not available"
run_test "DTLS cookie: disabled" \
@@ -2056,18 +2057,19 @@
-S "cookie verification passed" \
-s "cookie verification skipped" \
-C "received hello verify request" \
+ -S "hello verification requested" \
-S "SSL - The requested feature is not available"
-# wait for client having a timeout, or server sending an alert
-#run_test "DTLS cookie: default (failing)" \
-# "$P_SRV dtls=1 debug_level=2 cookies=-1" \
-# "$P_CLI dtls=1 debug_level=2" \
-# 0 \
-# -S "cookie verification failed" \
-# -S "cookie verification passed" \
-# -S "cookie verification skipped" \
-# -C "received hello verify request" \
-# -s "SSL - The requested feature is not available"
+run_test "DTLS cookie: default (failing)" \
+ "$P_SRV dtls=1 debug_level=2 cookies=-1" \
+ "$P_CLI dtls=1 debug_level=2 hs_timeout=100-400" \
+ 1 \
+ -s "cookie verification failed" \
+ -S "cookie verification passed" \
+ -S "cookie verification skipped" \
+ -C "received hello verify request" \
+ -S "hello verification requested" \
+ -s "SSL - The requested feature is not available"
requires_ipv6
run_test "DTLS cookie: enabled, IPv6" \
@@ -2078,6 +2080,7 @@
-s "cookie verification passed" \
-S "cookie verification skipped" \
-c "received hello verify request" \
+ -s "hello verification requested" \
-S "SSL - The requested feature is not available"
run_test "DTLS cookie: enabled, nbio" \
@@ -2088,6 +2091,7 @@
-s "cookie verification passed" \
-S "cookie verification skipped" \
-c "received hello verify request" \
+ -s "hello verification requested" \
-S "SSL - The requested feature is not available"
# Tests for various cases of client authentication with DTLS