QDtls(cookie verifier): make sure a server can re-use 'Client Hello'
And extend an auto-test for this. When a cookie verification mechanism is enabled, and verifier, indeed, verifies that some datagram is a 'Client Hello' message with a proper cookie attached, we start a real DTLS handshake creating a QDtls object and calling 'doHandshake'. In case cookie verification was enabled, we need parameters from the verifier (it's a crypto-strong 'number' and hash algorithm) to 'lock and load' the TLS state machine in a freshly created TLS session object. This code path previously was only tested manually and was found by LCOV as untested. Change-Id: Ieacb8c989997999ea10e15bda6ae106a0338b698 Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io> (cherry picked from commit 6a1d9f6fc1e46f7f0af7ec52dc5d6d415c918bf2) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
This commit is contained in:
parent
94983639fc
commit
7c9cb19282
@ -288,6 +288,20 @@ void tst_QDtlsCookie::verifyClient()
|
||||
clientPort), true);
|
||||
QCOMPARE(anotherListener.verifiedHello(), dgram);
|
||||
QCOMPARE(anotherListener.dtlsError(), QDtlsError::NoError);
|
||||
|
||||
// Now, let's test if a DTLS server is able to create a new TLS session
|
||||
// re-using the client's 'Hello' with a cookie inside:
|
||||
QDtls session(QSslSocket::SslServerMode);
|
||||
auto dtlsConf = QSslConfiguration::defaultDtlsConfiguration();
|
||||
dtlsConf.setDtlsCookieVerificationEnabled(true);
|
||||
session.setDtlsConfiguration(dtlsConf);
|
||||
session.setPeer(clientAddress, clientPort);
|
||||
// Borrow a secret and hash algorithm:
|
||||
session.setCookieGeneratorParameters(listener.cookieGeneratorParameters());
|
||||
// Trigger TLS state machine change to think it accepted a cookie and started
|
||||
// a handshake:
|
||||
QVERIFY(session.doHandshake(&serverSocket, dgram));
|
||||
|
||||
// Now let's use a wrong port:
|
||||
QCOMPARE(listener.verifyClient(&serverSocket, dgram, clientAddress, serverPort), false);
|
||||
// Invalid cookie, no verified hello message:
|
||||
|
Loading…
x
Reference in New Issue
Block a user