commit ae710c8b01ddf155ac26c60a7ceb6dfd0cfe2db5
author Gilles Peskine <Gilles.Peskine@arm.com> Wed Sep 04 16:07:56 2024 +0200
committer Gilles Peskine <Gilles.Peskine@arm.com> Wed Sep 25 18:05:17 2024 +0200
tree b2dd59c1305dd299930abdf52717cdd99fd4a729
parent 7985d454c473b1b25d84fb1c30186bdcb3134736

Test dtls_client

Test against both OpenSSL and GnuTLS.

Don't use a proxy. It's not particularly useful here, and would complicate
figuring out port numbers.

Clean up compile-time requirements in dtls_client.c: any certificate-based
key exchange is ok, so don't insist on built-in RSA.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

tests/opt-testcases/sample.sh

diff --git a/tests/opt-testcases/sample.sh b/tests/opt-testcases/sample.sh
index 88bee47..171bb4e 100644
--- a/tests/opt-testcases/sample.sh
+++ b/tests/opt-testcases/sample.sh
@@ -46,3 +46,31 @@
             -c "<TD>Protocol version:</TD><TD>TLS1.3</TD>" \
             -S "Error" \
             -C "error"
+
+requires_protocol_version dtls12
+run_test    "Sample: dtls_client, openssl server, DTLS 1.2" \
+            -P 4433 \
+            "$O_SRV -dtls1_2" \
+            "$PROGRAMS_DIR/dtls_client" \
+            0 \
+            -s "Echo this" \
+            -s "DONE" \
+            -c "Echo this" \
+            -c "[1-9][0-9]* bytes written" \
+            -c "[1-9][0-9]* bytes read" \
+            -S "ERROR" \
+            -C "error"
+
+requires_protocol_version dtls12
+run_test    "Sample: dtls_client, gnutls server, DTLS 1.2" \
+            -P 4433 \
+            "$G_SRV -u --echo --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2" \
+            "$PROGRAMS_DIR/dtls_client" \
+            0 \
+            -s "Server listening" \
+            -s "[1-9][0-9]* bytes command:" \
+            -c "Echo this" \
+            -c "[1-9][0-9]* bytes written" \
+            -c "[1-9][0-9]* bytes read" \
+            -S "Error" \
+            -C "error"

tests/ssl-opt.sh

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index da92fdd..bc74128 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -492,6 +492,7 @@
     esac
 
     case " $CMD_LINE " in
+        *"programs/ssl/dtls_client "*|\
         *"programs/ssl/ssl_client1 "*)
             requires_config_enabled MBEDTLS_CTR_DRBG_C
             requires_config_enabled MBEDTLS_ENTROPY_C
@@ -1382,9 +1383,13 @@
 # Outputs:
 # * $CLI_CMD, $PXY_CMD, $SRV_CMD: may be tweaked.
 analyze_test_commands() {
-    # if the test uses DTLS but no custom proxy, add a simple proxy
-    # as it provides timing info that's useful to debug failures
-    if [ -z "$PXY_CMD" ] && [ "$DTLS" -eq 1 ]; then
+    # If the test uses DTLS, does not force a specific port, and does not
+    # specify a custom proxy, add a simple proxy.
+    # It provides timing info that's useful to debug failures.
+    if [ "$DTLS" -eq 1 ] &&
+       [ "$THIS_SRV_PORT" = "$SRV_PORT" ] &&
+       [ -z "$PXY_CMD" ]
+    then
         PXY_CMD="$P_PXY"
         case " $SRV_CMD " in
             *' server_addr=::1 '*)
@@ -1751,7 +1756,7 @@
         esac
     fi
 
-    # does this test use a proxy?
+    # Does this test specify a proxy?
     if [ "X$1" = "X-p" ]; then
         PXY_CMD="$2"
         shift 2