Agree, I am aware of a few issues: 1. Kevin described one of them in the other thread (subject: "apparent deadlock in GetCASecureEndpointInto()...").
"Writing a test for this case is non-trivial. IoTivity has the problem that two instances of it can't exist in the same process space, because of the use of global variables, for one thing. And we need to have two instances running and talking to each other to test these scenarios. We started looking into building some kind of test harness to have separate process spaces, but it's not a non-trivial undertaking. And that makes adding a regression test for this case also a non-trivial undertaking." Supporting client/server in the same process is tracked by: https://jira.iotivity.org/browse/IOT-1379. 2. The other issue is with client/server TLS handshake, which is not possible when both are in the same process. Details: the CAdecryptSsl( ) function has a loop waiting for peer->ssl.state to be set to MBEDTLS_SSL_HANDSHAKE_OVER. In each iteration it clocks the mbed tls by calling mbedtls_ssl_handshake_server_step( ) which does the packet exchanges. At least on Windows, the CAdecryptSsl( ) is executed by CAReceiveHandler( ) thread hence blocking the tls peer in the same process from responding. 3. Once 1 & 2 are resolved, simpler/programmatic way of provisioning the client/server is needed (using prebuilt security data file won't work when multiple instances of the tests running in Jenkins boxes, assuming they can see each other). Until then, running client/server tests with SECURED=0 is helpful to catch some regressions. -----Original Message----- From: Dave Thaler Sent: Friday, April 21, 2017 5:19 PM To: Soemin Tjong <stjong at exchange.microsoft.com>; Mats Wichmann <mats at wichmann.us>; iotivity-dev at lists.iotivity.org Subject: RE: [dev] Building and running tests in services with SECURED=1 I think the "which is not straight forward to set up in Jenkins environment" is something that we absolutely need to fix. -----Original Message----- From: Soemin Tjong Sent: Friday, April 21, 2017 5:10 PM To: Dave Thaler <dthaler at microsoft.com>; Mats Wichmann <mats at wichmann.us>; iotivity-dev at lists.iotivity.org Subject: RE: [dev] Building and running tests in services with SECURED=1 TEST=1 does not require SECURE=0. Except when the tests use the full IoTivity stack, e.g. a client/server tests. Building with SECURE=0 removes the need for security provisioning (of the server and client), which is not straight forward to set up in Jenkins environment. -----Original Message----- From: iotivity-dev-bounces at lists.iotivity.org [mailto:[email protected]] On Behalf Of Dave Thaler via iotivity-dev Sent: Friday, April 21, 2017 2:42 PM To: Mats Wichmann <mats at wichmann.us>; iotivity-dev at lists.iotivity.org Subject: Re: [dev] Building and running tests in services with SECURED=1 TEST=1 should not require SECURE=0. If it does, we should fix that bug. -----Original Message----- From: iotivity-dev-bounces at lists.iotivity.org [mailto:[email protected]] On Behalf Of Mats Wichmann Sent: Friday, April 21, 2017 2:11 PM To: iotivity-dev at lists.iotivity.org Subject: Re: [dev] Building and running tests in services with SECURED=1 On 04/21/2017 02:26 AM, Way Vadhanasin via iotivity-dev wrote: > Jenkins appears to be building and running tests in services with SECURED=0. > When I tried to build these tests with SECURED=1, a big portion of them > failed. Is it time to remove SECURED=0 configuration out of Jenkins gate or > am I missing something? At the very least, we need to mandate that the > location of code that gets tested with SECURED=0 should also be tested with > SECURED=1 (I filed > IOT-2096<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fjira.iotivity.org%2Fbrowse%2FIOT-2096&data=02%7C01%7Cdthaler%40microsoft.com%7C445e8e3742f3459e405108d488fb08e4%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636284059173288441&sdata=0R7%2BvIZ22zgIfEt1S60Co7KyKC3RAzfrIg6AM0hMnFY%3D&reserved=0>). > > Thoughts? > > Thanks, > Way I asked this question in some form a while back, and came away with the impression that TEST=1, needed for the unittests, required SECURED=0. I may have misunderstood that reply. We do need to make sure that testing happens in a context that is as close as possible to what will go into production, so I agree this needs to be examined and at least one qualifying test run needs to be with SECURED=1. _______________________________________________ iotivity-dev mailing list iotivity-dev at lists.iotivity.org https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.iotivity.org%2Fmailman%2Flistinfo%2Fiotivity-dev&data=02%7C01%7Cdthaler%40microsoft.com%7C445e8e3742f3459e405108d488fb08e4%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636284059173298440&sdata=7YSyZ8PTjilyU9GfT0qU6QaJ8XMQV7x29GjqQlDKaJU%3D&reserved=0 _______________________________________________ iotivity-dev mailing list iotivity-dev at lists.iotivity.org https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.iotivity.org%2Fmailman%2Flistinfo%2Fiotivity-dev&data=02%7C01%7Cstjong%40exchange.microsoft.com%7C84d810cd6f964bd9117608d488ff38c8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636284077127904007&sdata=3zydvBVq0YQF6OtFHKUI747sdto8nB7RBDSO4Q2jShQ%3D&reserved=0
