Skip to content

Initial TLS 1.2 handshake test #103

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 26 commits into from
Jul 31, 2019
Merged

Initial TLS 1.2 handshake test #103

merged 26 commits into from
Jul 31, 2019

Conversation

krizhanovsky
Copy link
Contributor

@krizhanovsky krizhanovsky commented Jun 12, 2019
edited
Loading

The issue tempesta-tech/tempesta#737 is fully done (yahoo!!). Some tests may not work because of unfixed issues - I'll disable them before the merge.

@krizhanovsky krizhanovsky requested review from i-rinat and vankoven June 12, 2019 19:01
@krizhanovsky krizhanovsky mentioned this pull request Jun 12, 2019
Closed
@krizhanovsky
Make pylint happier
1734ecf
@krizhanovsky
that the connections are correctly terminated.
c49388f 
We use OpenSSL for the tests and modern OpenSSL versions don't
support SSLv{1,2,3}.0, so use TLSv1.{0,1} just to test that we
correctly drop wrong TLS connections. We do not support SSL as well
and any SSL record is treated as a broken TLS record, so fuzzing of
normal TLS fields should be used to test TLS fields processing.
@krizhanovsky
Preliminary deproxy ssl support. The code doesn't work, but
38708b9 
nicely reproduce tempesta-tech/tempesta#1277
@krizhanovsky
Use the new framework for tls_stress test
351a4e2
@krizhanovsky
Also introduces TLS mode for Deproxy.
519f4d8
@krizhanovsky krizhanovsky mentioned this pull request Jun 29, 2019
Closed
vankoven
vankoven reviewed Jul 2, 2019
View reviewed changes
vankoven
vankoven approved these changes Jul 2, 2019
View reviewed changes
Copy link
Contributor

@vankoven vankoven left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, the only real issue I've seen - attempts to directly use of the TLS certificate while it's not available if the framework and the Tempesta are started on different VMs.

krizhanovsky added 11 commits July 3, 2019 18:16
@krizhanovsky
The x509 certificate generator is placed in /framework and
fb2d97c 
transparrently generates certificates for HTTPS Tempesta
configurations.

Fix pure local Tempesta configuration - copy configuration and
certificate files to remote node.
@krizhanovsky
Tests for per-vhost certificates and SNI handling:
621cbd5 
TlsDuplicateCerts.test_duplicate - vhost successfully loads 2 similar cerificates,
but must not successfully communicate with a client.

TlsDuplicateCerts.test_2_diff_certs - vhost successfully loads 2 different cerificates
and must successfully communicate with a client.

TlsVhostHandshakeTest - Tempesta routes requests according to SNI and send correct
certficiates for each vhost.

TlsCertReconfig - Tempesta reloads certificate without douwntime.

Many cleanups and small infrastucture extensions.
@krizhanovsky
Test extensions from RFC 6066, invalid extensions and too long extens…
c16b8eb 
…ions.
@krizhanovsky
Fixes for tests for #715 by @ikoveshnikov
43ad7cc
@krizhanovsky
Fix bugs in TLS handle_read() and config parsing.
3356b75 
Add tests for empty SNI, bad sinature algorithms and elliptic curves.
@krizhanovsky
Add tests for default SNI handling versus tls_fallback_default.
840ac46 
Test many ciphersuites.
@krizhanovsky
Replace example.com by tempesta-tech.com
58786e1
@krizhanovsky
Basic TLS test for wrong HTTP request
14754d2
@krizhanovsky
Test for bad renegotiation info (RFC 5746 3.6)
2424aab
@krizhanovsky
Fuzzing test and test for alerts
4dd72f6
@krizhanovsky
Chunked TLS transfers. Fix small bug.
0758f01
@krizhanovsky krizhanovsky mentioned this pull request Jul 25, 2019
Open
i-rinat
i-rinat approved these changes Jul 28, 2019
View reviewed changes
Copy link
Contributor

@i-rinat i-rinat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good.
There are some comments, mostly spelling, below.

@krizhanovsky krizhanovsky mentioned this pull request Jul 29, 2019
Closed
vankoven
vankoven reviewed Jul 30, 2019
View reviewed changes
@krizhanovsky krizhanovsky merged commit 42fcd09 into master Jul 31, 2019
@krizhanovsky krizhanovsky mentioned this pull request Jul 31, 2019
Closed
17 tasks
@krizhanovsky krizhanovsky deleted the ak-737 branch July 31, 2019 22:47
@krizhanovsky krizhanovsky mentioned this pull request Jul 31, 2019
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@i-rinat i-rinat i-rinat approved these changes

@vankoven vankoven vankoven approved these changes

Assignees

@i-rinat i-rinat

@vankoven vankoven

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@krizhanovsky @i-rinat @vankoven