TclTLS: Diff

Differences From Artifact [1df3d39a1f]:

Executable file tests/tlsIO.test — part of check-in [8863101cbe] at 2016-12-14 16:08:40 on branch feature-0d4541b86d-autoservername — Updated test suite with new error message results (user: rkeene, size: 57901) [annotate] [blame] [check-ins using] [more...]

To Artifact [08483551ff]:

Executable file tests/tlsIO.test — part of check-in [913359443b] at 2024-02-22 07:52:22 on branch nijtmans — TlsIO.test Hostname Fix. Patch by Sergei Golovan (Debian) to make the client socket connect to localhost instead of [info hostname] to prevent intermittent test failures inside mock(1). Also, account for a change in error message "unsupported protocol" instead of "wrong version number". -- Sergei Golovan <email address hidden> Thu, 18 Jul 2019 15:00:18 +0300 Source: https://sources.debian.org/src/tcltls/1.7.22-3/debian/patches/hostname-tests.patch (user: jan.nijtmans, size: 57852) [annotate] [blame] [check-ins using]

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63	- + - + - + - + - + - + - + - + - + - + - + - + - + - + - +	# Commands tested in this file: socket. -- tcl -- # # This file contains a collection of tests for one or more of the Tcl # built-in commands. Sourcing this file into Tcl runs the tests and # generates output for errors. No output means no errors were found. # # Copyright (c) 1994-1996 Sun Microsystems, Inc. ~~# Copyright (c) 1998-2000 Ajuba Solutions.~~ # Copyright (c) 1998-2000 Ajuba Solutions. # # See the file "license.terms" for information on usage and redistribution # of this file, and for a DISCLAIMER OF ALL WARRANTIES. # # RCS: @(#) $Id: tlsIO.test,v 1.24 2015/06/06 09:07:08 apnadkarni Exp $ # Running socket tests with a remote server: # ------------------------------------------ # # # Some tests in socket.test depend on the existence of a remote server to # which they connect. The remote server must be an instance of tcltest and it # must run the script found in the file "remote.tcl" in this directory. You # can start the remote server on any machine reachable from the machine on # which you want to run the socket tests, by issuing: # # # tcltest remote.tcl -port 8048 # Or choose another port number. # # # If the machine you are running the remote server on has several IP # interfaces, you can choose which interface the server listens on for # connections by specifying the -address command line flag, so: # # # tcltest remote.tcl -address your.machine.com # # # These options can also be set by environment variables. On Unix, you can # type these commands to the shell from which the remote server is started: # # # shell% setenv serverPort 8048 # shell% setenv serverAddress your.machine.com # # # and subsequently you can start the remote server with: # # # tcltest remote.tcl # # # to have it listen on port 8048 on the interface your.machine.com. # # # When the server starts, it prints out a detailed message containing its # configuration information, and it will block until killed with a Ctrl-C. # Once the remote server exists, you can run the tests in socket.test with # the server by setting two Tcl variables: # # # % set remoteServerIP <name or address of machine on which server runs> # % set remoteServerPort 8048 # # # These variables are also settable from the environment. On Unix, you can: # # # shell% setenv remoteServerIP machine.where.server.runs # shell% setenv remoteServerPort 8048 # # # The preamble of the socket.test file checks to see if the variables are set # either in Tcl or in the environment; if they are, it attempts to connect to # the server. If the connection is successful, the tests using the remote # server will be performed; otherwise, it will attempt to start the remote # server (via exec) on platforms that support this, on the local host, # listening at port 8048. If all fails, a message is printed and the tests # using the remote server are not performed.
︙
424 425 426 427 428 429 430 ~~431~~ 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 ~~448~~ 449 450 451 452 453 454 455	424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455	- + - +	removeFile script set f [open script w] puts $f [list set auto_path $auto_path] puts $f { package require tls set timer [after 2000 "set x done"] } ~~puts $f "set f \[tls::socket -server accept -certfile $serverCert -cafile $caCert -keyfile $serverKey -myaddr ~~[info~~ host~~name]~~ 8831 \]"~~ puts $f "set f \[tls::socket -server accept -certfile $serverCert -cafile $caCert -keyfile $serverKey -myaddr localhost 8831 \]" puts $f { proc accept {sock addr port} { global x puts "[gets $sock]" close $sock set x done } puts ready vwait x after cancel $timer close $f } close $f set f [open "\|[list $::tcltest::tcltest script] 2> /dev/null" r] gets $f x if {[catch {tls::socket -certfile $clientCert -cafile $caCert \ ~~-keyfile $clientKey ~~[info~~ host~~name]~~ 8831} sock]} {~~ -keyfile $clientKey localhost 8831} sock]} { set x $sock } else { puts $sock hello flush $sock lappend x [gets $f] close $sock }
︙
564 565 566 567 568 569 570 ~~571~~ 572 573 574 575 576 577 578	564 565 566 567 568 569 570 571 572 573 574 575 576 577 578	- +	proc echo {s} { global i set l [gets $s] if {[eof $s]} { global x close $s set x done ~~} else {~~ } else { incr i puts $s $l } } set i 0 puts ready set timer [after 20000 "set x done"]
︙
631 632 633 634 635 636 637 ~~638~~ 639 640 641 642 643 644 645	631 632 633 634 635 636 637 638 639 640 641 642 643 644 645	- +	proc readit {s} { global done gets $s close $s set done 1 } set cs [tls::socket -certfile $clientCert -cafile $caCert \ ~~-keyfile $clientKey ~~[info~~ host~~name]~~ 8830]~~ -keyfile $clientKey localhost 8830] close $cs vwait done after cancel $timer set done } 1
︙
1038 1039 1040 1041 1042 1043 1044 ~~1045~~ 1046 1047 1048 1049 1050 1051 1052	1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052	- +	proc accept {s a p} { global x set x [fconfigure $s -sockname] close $s } set s1 [tls::socket \ -certfile $clientCert -cafile $caCert -keyfile $clientKey \ ~~~~[info~~ host~~name]~~ 8823]~~ localhost 8823] set timer [after 10000 "set x timed_out"] vwait x after cancel $timer close $s close $s1 set l "" lappend l [lindex $x 2] [llength $x]
︙
1091 1092 1093 1094 1095 1096 1097 ~~1098~~ 1099 1100 1101 1102 1103 1104 1105	1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105	- +	# Only OpenSSL 0.9.5a on Windows seems to need the after (delayed) # close, but it works just the same for all others. -hobbs after 500 close $s set x done } set s1 [tls::socket \ -certfile $clientCert -cafile $caCert -keyfile $clientKey \ ~~-async ~~[info~~ host~~name]~~ 8830]~~ -async localhost 8830] # when doing an in-process client/server test, both sides need # to be non-blocking for the TLS handshake Also make sure to # return the channel to line buffering mode (TLS sets it to 'none'). fconfigure $s1 -blocking 0 -buffering line vwait x # TLS handshaking needs one byte from the client... puts $s1 a
︙
1135 1136 1137 1138 1139 1140 1141 ~~1142~~ 1143 1144 1145 1146 1147 1148 1149	1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149	- +	-buffering none] } set s [tls::socket \ -certfile $serverCert -cafile $caCert -keyfile $serverKey \ -server accept 8831] set c [tls::socket \ -certfile $clientCert -cafile $caCert -keyfile $clientKey \ ~~~~[info~~ host~~name]~~ 8831]~~ localhost 8831] # This differs from socket-9.1 in that both sides need to be # non-blocking because of TLS' required handshake fconfigure $c -blocking 0 puts -nonewline $c 01234567890123456789012345678901234567890123456789 close $c set timer [after 10000 "set done timed_out"] vwait done
︙
1182 1183 1184 1185 1186 1187 1188 ~~1189~~ 1190 1191 1192 1193 1194 1195 1196	1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196	- +	close $s } set s [tls::socket \ -certfile $serverCert -cafile $caCert -keyfile $serverKey \ -server accept 8832] set c [tls::socket \ -certfile $clientCert -cafile $caCert -keyfile $clientKey \ ~~~~[info~~ host~~name]~~ 8832]~~ localhost 8832] fconfigure $c -blocking 0 -trans lf -buffering line set count 0 puts $c hello proc readit {s} { global count done set data [read $s] dputs "read \"[string replace $data 10 end-3 ...]\" \
︙
1226 1227 1228 1229 1230 1231 1232 ~~1233~~ 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 ~~1250~~ 1251 1252 1253 1254 1255 1256 1257	1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257	- + - +	} } proc timerproc {} { global done count c set done true set count {timer went off, eof is not sticky} close $c } } set count 0 set done false proc write_then_close {s} { puts $s bye close $s } proc accept {s a p} { fconfigure $s -blocking 0 -buffering line -translation lf fileevent $s writable [list do_handshake $s writable write_then_close \ -buffering line -translation lf] } set s [tls::socket \ -certfile $serverCert -cafile $caCert -keyfile $serverKey \ -server accept 8833] set c [tls::socket \ -certfile $clientCert -cafile $caCert -keyfile $clientKey \ ~~~~[info~~ host~~name]~~ 8833]~~ localhost 8833] fconfigure $c -blocking 0 -buffering line -translation lf fileevent $c readable "count_to_eof $c" set timer [after 2000 timerproc] vwait done close $s set count } {eof is sticky}
︙
1461 1462 1463 1464 1465 1466 1467 ~~1468~~ 1469 1470 1471 1472 1473 1474 1475	1461 1462 1463 1464 1465 1466 1467 1468 1469 1470 1471 1472 1473 1474 1475	- +	gets $s3 } close $s1 close $s2 close $s3 sendCommand {close $socket10_9_test_server} set i ~~} 100~~ } 100 test tlsIO-11.8 {client with several servers} {socket doTestsWithRemoteServer} { sendCertValues sendCommand { tls::init -certfile $serverCert -cafile $caCert -keyfile $serverKey set s1 [tls::socket -server "accept 4003" 4003] set s2 [tls::socket -server "accept 4004" 4004]
︙
1938 1939 1940 1941 1942 1943 1944 ~~1945~~ 1946 1947 1948 1949 1950 1951 1952 1953 1954 1955 1956 ~~1957~~ 1958 1959 1960 ~~1961~~ 1962 1963 1964 1965 1966 1967 1968 1969 1970 1971 1972 1973 1974 ~~1975~~ 1976 1977 1978 1979 1980 1981 1982	1938 1939 1940 1941 1942 1943 1944 1945 1946 1947 1948 1949 1950 1951 1952 1953 1954 1955 1956 1957 1958 1959 1960 1961 1962 1963 1964 1965 1966 1967 1968 1969 1970 1971 1972 1973 1974 1975 1976 1977 1978 1979 1980 1981 1982	- + - + - + - +	proc echo {s} { global i set l [gets $s] if {[eof $s]} { global x close $s set x done ~~} else {~~ } else { incr i puts $s $l } } set i 0 vwait x close $f # thread cleans itself up. testthread exit } script # create a thread set serverthread [testthread create { source script } ] update after 1000 set s [tls::socket 127.0.0.1 8828] fconfigure $s -buffering line catch { puts $s "hello" gets $s result } close $s update after 2000 lappend result [threadReap] set result } {hello 1} test tlsIO-14.1 {test tls::unimport} {socket} { list [catch {tls::unimport} msg] $msg } {1 {wrong # args: should be "tls::unimport channel"}}
︙
2015 2016 2017 2018 2019 2020 2021 ~~2022~~ 2023 2024 2025 2026 2027 2028 2029 2030 2031 2032 2033 2034 ~~2035~~ 2036 2037 2038 2039 ~~2040~~ 2041 2042 2043 2044 2045 2046 2047 2048 2049 2050 2051 2052 ~~2053~~ 2054 2055 2056 2057 2058 ~~2059~~ 2060 2061 2062 2063 2064 2065 2066	2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026 2027 2028 2029 2030 2031 2032 2033 2034 2035 2036 2037 2038 2039 2040 2041 2042 2043 2044 2045 2046 2047 2048 2049 2050 2051 2052 2053 2054 2055 2056 2057 2058 2059 2060 2061 2062 2063 2064 2065 2066 2067	- + - + - + - + - + +	-buffering none] } set s [tls::socket \ -certfile $serverCert -cafile $caCert -keyfile $serverKey \ -server accept 8831] set c [tls::socket \ -certfile $clientCert -cafile $caCert -keyfile $clientKey \ ~~~~[info~~ host~~name]~~ 8831]~~ localhost 8831] # only the client gets tls::import set res [tls::unimport $c] list $res [catch {close $c} err] $err \ [catch {close $s} err] $err } {{} 0 {} 0 {}} test tls-bug58-1.0 {test protocol negotiation failure} {socket} { # Following code is based on what was reported in bug #58. Prior # to fix the program would crash with a segfault. proc Accept {sock args} { fconfigure $sock -blocking 0; fileevent $sock readable [list Handshake $sock] } } proc Handshake {sock} { set ::done HAND catch {tls::handshake $sock} msg set ::done $msg } } # NOTE: when doing an in-process client/server test, both sides need # to be non-blocking for the TLS handshake # Server - Only accept TLS 1.2 set s [tls::socket \ -certfile $serverCert -cafile $caCert -keyfile $serverKey \ -request 0 -require 0 -ssl2 0 -ssl3 0 -tls1 0 -tls1.1 0 -tls1.2 1 \ -server Accept 8831] # Client - Only propose TLS1.0 set c [tls::socket -async \ -cafile $caCert \ -request 0 -require 0 -ssl2 0 -ssl3 0 -tls1 1 -tls1.1 0 -tls1.2 0 \ ~~~~[info~~ host~~name]~~ 8831]~~ localhost 8831] fconfigure $c -blocking 0 puts $c a ; flush $c after 5000 [list set ::done timeout] vwait ::done switch -exact -- $::done { ~~"handshake failed: wrong ssl version" {~~ "handshake failed: wrong ssl version" - "handshake failed: unsupported protocol" { set ::done "handshake failed: wrong version number" } } set ::done } {handshake failed: wrong version number} # cleanup
︙