Merged renegotiation refactoring

2025-12-23 15:55:10 +01:00 · 2013-10-31 14:32:38 +01:00 · 2013-10-31 14:32:38 +01:00 · 993e386a73
commit 993e386a73
parent 31ff1d2e4f 37ce0ff185
4 changed files with 172 additions and 17 deletions
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@ -71,6 +71,9 @@
 * longer paquets (for fragmentation purposes) */
 #define GET_REQUEST "GET %s HTTP/1.0\r\n" /* LONG_HEADER */ "\r\n"

+/* Uncomment to test client-initiated renegotiation */
+// #define TEST_RENEGO
+
 /*
 * global options
 */
@ -792,6 +795,24 @@ int main( int argc, char *argv[] )
    }
 #endif /* POLARSSL_X509_CRT_PARSE_C */

+#ifdef TEST_RENEGO
+    /*
+     * Perform renegotiation (this must be done when the server is waiting
+     * for input from our side).
+     */
+    printf( "  . Performing renegotiation..." );
+    fflush( stdout );
+    while( ( ret = ssl_renegotiate( &ssl ) ) != 0 )
+    {
+        if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
+        {
+            printf( " failed\n  ! ssl_renegotiate returned %d\n\n", ret );
+            goto exit;
+        }
+    }
+    printf( " ok\n" );
+#endif
+
    /*
     * 6. Write the GET request
     */
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@ -50,7 +50,6 @@
 #endif

 #define DFL_SERVER_PORT         4433
-#define DFL_REQUEST_PAGE        "/"
 #define DFL_DEBUG_LEVEL         0
 #define DFL_CA_FILE             ""
 #define DFL_CA_PATH             ""
@ -84,6 +83,9 @@
    "<h2>PolarSSL Test Server</h2>\r\n" \
    "<p>Successful connection using: %s</p>\r\n" // LONG_RESPONSE

+/* Uncomment to test server-initiated renegotiation */
+// #define TEST_RENEGO
+
 /*
 * global options
 */
@ -939,6 +941,44 @@ reset:
    buf[written] = '\0';
    printf( " %d bytes written in %d fragments\n\n%s\n", written, frags, (char *) buf );

+#ifdef TEST_RENEGO
+    /*
+     * Request renegotiation (this must be done when the client is still
+     * waiting for input from our side).
+     */
+    printf( "  . Requestion renegotiation..." );
+    fflush( stdout );
+    while( ( ret = ssl_renegotiate( &ssl ) ) != 0 )
+    {
+        if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
+        {
+            printf( " failed\n  ! ssl_renegotiate returned %d\n\n", ret );
+            goto exit;
+        }
+    }
+
+    /*
+     * Should be a while loop, not an if, but here we're not actually
+     * expecting data from the client, and since we're running tests locally,
+     * we can just hope the handshake will finish the during the first call.
+     */
+    if( ( ret = ssl_read( &ssl, buf, 0 ) ) != 0 )
+    {
+        if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
+        {
+            printf( " failed\n  ! ssl_read returned %d\n\n", ret );
+
+            /* Unexpected message probably means client didn't renegotiate */
+            if( ret == POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE )
+                goto reset;
+            else
+                goto exit;
+        }
+    }
+
+    printf( " ok\n" );
+#endif
+
    ret = 0;
    goto reset;