This is an automated email from the ASF dual-hosted git repository. cmcfarlen pushed a commit to branch 10.0.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit 8365a4442c903159a5667d16968c33a89c0d82a8 Author: Fei Deng <[email protected]> AuthorDate: Thu Apr 4 17:30:32 2024 -0400 check the appropriate functions and set variables correctly (#11215) (cherry picked from commit 3ef72485dd1cb89faa8627a348d5360ee160b101) --- CMakeLists.txt | 14 ++++++++++++-- src/iocore/net/SSLNetVConnection.cc | 2 +- tests/gold_tests/tls/tls_0rtt_server.test.py | 22 +++++++++++----------- 3 files changed, 24 insertions(+), 14 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index ba33bc652e..6e621f760c 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -461,8 +461,10 @@ check_symbol_exists(DH_get_2048_256 "openssl/dh.h" TS_USE_GET_DH_2048_256) check_symbol_exists(OPENSSL_NO_TLS_3 "openssl/ssl.h" TS_NO_USE_TLS12) check_symbol_exists(SSL_CTX_set_client_hello_cb "openssl/ssl.h" TS_USE_HELLO_CB) check_symbol_exists(SSL_set1_verify_cert_store "openssl/ssl.h" TS_HAS_VERIFY_CERT_STORE) -check_symbol_exists(SSL_read_early_data "openssl/ssl.h" TS_HAS_TLS_EARLY_DATA) check_symbol_exists(SSL_set_max_early_data "openssl/ssl.h" HAVE_SSL_SET_MAX_EARLY_DATA) +check_symbol_exists(SSL_read_early_data "openssl/ssl.h" HAVE_SSL_READ_EARLY_DATA) +check_symbol_exists(SSL_write_early_data "openssl/ssl.h" HAVE_SSL_WRITE_EARLY_DATA) +check_symbol_exists(SSL_in_early_data "openssl/ssl.h" HAVE_SSL_IN_EARLY_DATA) check_symbol_exists(SSL_CTX_set_ciphersuites "openssl/ssl.h" TS_USE_TLS_SET_CIPHERSUITES) check_symbol_exists(SSL_CTX_set_keylog_callback "openssl/ssl.h" TS_HAS_TLS_KEYLOGGING) check_symbol_exists(SSL_CTX_set_tlsext_ticket_key_cb "openssl/ssl.h" HAVE_SSL_CTX_SET_TLSEXT_TICKET_KEY_CB) @@ -479,7 +481,15 @@ endif() unset(CMAKE_REQUIRED_FLAGS) -set(HAVE_SSL_READ_EARLY_DATA ${TS_HAS_TLS_EARLY_DATA}) +set(TS_HAS_TLS_EARLY_DATA + ${HAVE_SSL_SET_MAX_EARLY_DATA} + | + ${HAVE_SSL_READ_EARLY_DATA} + | + ${HAVE_SSL_WRITE_EARLY_DATA} + | + ${HAVE_SSL_IN_EARLY_DATA} +) set(CMAKE_REQUIRED_INCLUDES netinet/in.h netinet/tcp.h) check_type_size("struct tcp_info" STRUCT_TCP_INFO) diff --git a/src/iocore/net/SSLNetVConnection.cc b/src/iocore/net/SSLNetVConnection.cc index 4304a2d994..3cad1ba2eb 100644 --- a/src/iocore/net/SSLNetVConnection.cc +++ b/src/iocore/net/SSLNetVConnection.cc @@ -2584,7 +2584,7 @@ SSLNetVConnection::_ssl_read_buffer(void *buf, int64_t nbytes, int64_t &nread) ssize_t read_bytes = 0; #endif -#ifdef HAVE_SSL_READ_EARLY_DATA +#if HAVE_SSL_READ_EARLY_DATA ret = SSL_read_early_data(ssl, buf, static_cast<size_t>(nbytes), &read_bytes); if (ret == SSL_READ_EARLY_DATA_ERROR) { had_error_on_reading_early_data = true; diff --git a/tests/gold_tests/tls/tls_0rtt_server.test.py b/tests/gold_tests/tls/tls_0rtt_server.test.py index fbcfac641a..a23230f04a 100644 --- a/tests/gold_tests/tls/tls_0rtt_server.test.py +++ b/tests/gold_tests/tls/tls_0rtt_server.test.py @@ -165,7 +165,7 @@ tr.StillRunningAfter = server tr.StillRunningAfter += ts1 tr = Test.AddTestRun('TLSv1.3 0-RTT Support (HTTP/1.1 GET)') -tr.Processes.Default.Command = f'{sys.executable} test-0rtt-s_client.py -p {ts1.Variables.ssl_port} -v h1 -t get -r {Test.RunDirectory}' +tr.Processes.Default.Command = f'{sys.executable} {Test.RunDirectory}/test-0rtt-s_client.py -p {ts1.Variables.ssl_port} -v h1 -t get -r {Test.RunDirectory}' tr.Processes.Default.ReturnCode = 0 tr.Processes.Default.Streams.All = Testers.ContainsExpression('early data accepted', '') tr.Processes.Default.Streams.All += Testers.ExcludesExpression('curl test', '') @@ -173,7 +173,7 @@ tr.StillRunningAfter = server tr.StillRunningAfter += ts1 tr = Test.AddTestRun('TLSv1.3 0-RTT Support (HTTP/1.1 POST)') -tr.Processes.Default.Command = f'{sys.executable} test-0rtt-s_client.py -p {ts1.Variables.ssl_port} -v h1 -t post -r {Test.RunDirectory}' +tr.Processes.Default.Command = f'{sys.executable} {Test.RunDirectory}/test-0rtt-s_client.py -p {ts1.Variables.ssl_port} -v h1 -t post -r {Test.RunDirectory}' tr.Processes.Default.ReturnCode = 0 tr.Processes.Default.Streams.All = Testers.ContainsExpression('HTTP/1.1 425 Too Early', '') tr.Processes.Default.Streams.All += Testers.ExcludesExpression('curl test', '') @@ -182,7 +182,7 @@ tr.StillRunningAfter = server tr.StillRunningAfter += ts1 tr = Test.AddTestRun('TLSv1.3 0-RTT Support (HTTP/2 GET)') -tr.Processes.Default.Command = f'{sys.executable} test-0rtt-s_client.py -p {ts1.Variables.ssl_port} -v h2 -t get -r {Test.RunDirectory}' +tr.Processes.Default.Command = f'{sys.executable} {Test.RunDirectory}/test-0rtt-s_client.py -p {ts1.Variables.ssl_port} -v h2 -t get -r {Test.RunDirectory}' tr.Processes.Default.ReturnCode = 0 tr.Processes.Default.Streams.All = Testers.ContainsExpression('early data accepted', '') tr.Processes.Default.Streams.All += Testers.ExcludesExpression('curl test', '') @@ -190,7 +190,7 @@ tr.StillRunningAfter = server tr.StillRunningAfter += ts1 tr = Test.AddTestRun('TLSv1.3 0-RTT Support (HTTP/2 POST)') -tr.Processes.Default.Command = f'{sys.executable} test-0rtt-s_client.py -p {ts1.Variables.ssl_port} -v h2 -t post -r {Test.RunDirectory}' +tr.Processes.Default.Command = f'{sys.executable} {Test.RunDirectory}/test-0rtt-s_client.py -p {ts1.Variables.ssl_port} -v h2 -t post -r {Test.RunDirectory}' tr.Processes.Default.ReturnCode = 0 tr.Processes.Default.Streams.All = Testers.ContainsExpression(':status 425', 'Only safe methods are allowed') tr.Processes.Default.Streams.All += Testers.ExcludesExpression('curl test', '') @@ -199,7 +199,7 @@ tr.StillRunningAfter = server tr.StillRunningAfter += ts1 tr = Test.AddTestRun('TLSv1.3 0-RTT Support (HTTP/2 Multiplex)') -tr.Processes.Default.Command = f'{sys.executable} test-0rtt-s_client.py -p {ts1.Variables.ssl_port} -v h2 -t multi1 -r {Test.RunDirectory}' +tr.Processes.Default.Command = f'{sys.executable} {Test.RunDirectory}/test-0rtt-s_client.py -p {ts1.Variables.ssl_port} -v h2 -t multi1 -r {Test.RunDirectory}' tr.Processes.Default.ReturnCode = 0 tr.Processes.Default.Streams.All = Testers.ContainsExpression('early data accepted multi_1', '') tr.Processes.Default.Streams.All += Testers.ContainsExpression('early data accepted multi_2', '') @@ -209,7 +209,7 @@ tr.StillRunningAfter = server tr.StillRunningAfter += ts1 tr = Test.AddTestRun('TLSv1.3 0-RTT Support (HTTP/2 Multiplex with POST)') -tr.Processes.Default.Command = f'{sys.executable} test-0rtt-s_client.py -p {ts1.Variables.ssl_port} -v h2 -t multi2 -r {Test.RunDirectory}' +tr.Processes.Default.Command = f'{sys.executable} {Test.RunDirectory}/test-0rtt-s_client.py -p {ts1.Variables.ssl_port} -v h2 -t multi2 -r {Test.RunDirectory}' tr.Processes.Default.ReturnCode = 0 tr.Processes.Default.Streams.All = Testers.ContainsExpression('early data accepted multi_1', '') tr.Processes.Default.Streams.All += Testers.ContainsExpression(':status 425', 'Only safe methods are allowed') @@ -219,7 +219,7 @@ tr.StillRunningAfter = server tr.StillRunningAfter += ts1 tr = Test.AddTestRun('TLSv1.3 0-RTT Support (HTTP/1.1 GET) SNI Provided') -tr.Processes.Default.Command = f'{sys.executable} test-0rtt-s_client.py -p {ts1.Variables.ssl_port} -v h1 -t get -r {Test.RunDirectory} -s example.com' +tr.Processes.Default.Command = f'{sys.executable} {Test.RunDirectory}/test-0rtt-s_client.py -p {ts1.Variables.ssl_port} -v h1 -t get -r {Test.RunDirectory} -s example.com' tr.Processes.Default.ReturnCode = 0 tr.Processes.Default.Streams.All = Testers.ContainsExpression('early data accepted', '') tr.Processes.Default.Streams.All += Testers.ExcludesExpression('curl test', '') @@ -227,14 +227,14 @@ tr.StillRunningAfter = server tr.StillRunningAfter += ts1 tr = Test.AddTestRun('TLSv1.3 0-RTT Support (HTTP/1.1 GET) Disabled By SNI Config') -tr.Processes.Default.Command = f'{sys.executable} test-0rtt-s_client.py -p {ts1.Variables.ssl_port} -v h1 -t get -r {Test.RunDirectory} -s example-no.com' +tr.Processes.Default.Command = f'{sys.executable} {Test.RunDirectory}/test-0rtt-s_client.py -p {ts1.Variables.ssl_port} -v h1 -t get -r {Test.RunDirectory} -s example-no.com' tr.Processes.Default.ReturnCode = 0 tr.Processes.Default.Streams.All = Testers.ExcludesExpression('early data accepted', '') tr.Processes.Default.Streams.All += Testers.ExcludesExpression('curl test', '') tr.StillRunningAfter = server tr = Test.AddTestRun('TLSv1.3 0-RTT Support (HTTP/1.1 GET) Disabled In General') -tr.Processes.Default.Command = f'{sys.executable} test-0rtt-s_client.py -p {ts2.Variables.ssl_port} -v h1 -t get -r {Test.RunDirectory}' +tr.Processes.Default.Command = f'{sys.executable} {Test.RunDirectory}/test-0rtt-s_client.py -p {ts2.Variables.ssl_port} -v h1 -t get -r {Test.RunDirectory}' tr.Processes.Default.ReturnCode = 0 tr.Processes.Default.StartBefore(ts2) tr.Processes.Default.Streams.All = Testers.ExcludesExpression('early data accepted', '') @@ -243,7 +243,7 @@ tr.StillRunningAfter = server tr.StillRunningAfter += ts2 tr = Test.AddTestRun('TLSv1.3 0-RTT Support (HTTP/1.1 GET) Disabled In General SNI Provided') -tr.Processes.Default.Command = f'{sys.executable} test-0rtt-s_client.py -p {ts2.Variables.ssl_port} -v h1 -t get -r {Test.RunDirectory} -s example.com' +tr.Processes.Default.Command = f'{sys.executable} {Test.RunDirectory}/test-0rtt-s_client.py -p {ts2.Variables.ssl_port} -v h1 -t get -r {Test.RunDirectory} -s example.com' tr.Processes.Default.ReturnCode = 0 tr.Processes.Default.Streams.All = Testers.ExcludesExpression('early data accepted', '') tr.Processes.Default.Streams.All += Testers.ExcludesExpression('curl test', '') @@ -251,7 +251,7 @@ tr.StillRunningAfter = server tr.StillRunningAfter += ts2 tr = Test.AddTestRun('TLSv1.3 0-RTT Support (HTTP/1.1 GET) Enabled By SNI Config') -tr.Processes.Default.Command = f'{sys.executable} test-0rtt-s_client.py -p {ts2.Variables.ssl_port} -v h1 -t get -r {Test.RunDirectory} -s example-yes.com' +tr.Processes.Default.Command = f'{sys.executable} {Test.RunDirectory}/test-0rtt-s_client.py -p {ts2.Variables.ssl_port} -v h1 -t get -r {Test.RunDirectory} -s example-yes.com' tr.Processes.Default.ReturnCode = 0 tr.Processes.Default.Streams.All = Testers.ContainsExpression('early data accepted', '') tr.Processes.Default.Streams.All += Testers.ExcludesExpression('curl test', '')
