Closed Bug 645406 Opened 13 years ago Closed 6 months ago

Enhance tstclnt renegotiation test

Categories

(NSS :: Tools, defect, P5)

Product:
NSS
Component:
Tools
Version:
3.12.10
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: KaiE, Unassigned)

Details

Attachments

(1 file, 2 obsolete files)

Patch v9
17.18 KB, patch
Details | Diff | Splinter Review 
NSS tool tstclnt offers parameter -r, which requests that tstclnt performs re-handshake(s) after the initial handshake.

However, the currently implementation will perform the re-handshake(s) immediately after having completed the initial handshake, before any encapsulated data bytes are being transferred.

I wonder, might a server allow a rehandshake at this time, but forbid a re-handshake as soon as data has been transferred?

I have implemented a new option -R, that will:
- do the initial handshake
- send a single data byte to the server
- do the re-handshake
- continue
Attached patch Patch v1 (obsolete) — Splinter Review 

    
    

    
  
Comment on attachment 522149 [details] [diff] [review]
Patch v1

Not urgent.

If you have thoughts, let me know.

I made this, to make sure my test results for sites client-initiated-renego enabled are really correct.

        Attachment #522149 -
        Flags: feedback?(wtc)

    
    

    
  

      
      
      
      

        Attached patch
          
          
        Patch v2 (obsolete)
        — Splinter Review
      

    


  
This is a better patch, that makes it easier to test whether a server actually accepts a renegotiation request, completes another handshake, and sends data in the new session.

        Attachment #522149 -
        Attachment is obsolete: true

        Attachment #522149 -
        Flags: feedback?(wtc)

    
    

    
  
Kai, could you either:

1) attach a cvs diff patch for review (preferable).

or

2) attach a diff -u 15 or diff -c 15. 

This makes it easier to see the context. (If you attack a cvs diff, then the diff tool knows how to fetch the original source so I can expand it myself.

bob

    
    

    
  

      
      
      
      

        Attached patch
          
          
        Patch v9Splinter Review
      

    


  
Lots of additional changes.

I wanted verbose reporting of what's going on, but the huge amount of poll status messages were distracting. I invented a separate -P option for verbose poll reporting.

I invented a new option -H, only used in combination with new -R. If -H is given, then all server responses prior to the renegotiation is suppressed. This is helpful to see what data the server responds after the handshake.

The new test strategy of -R is:

- start handshake
- send 1 data byte
- request a second handshake
- wait until the second handshake has completed
- send the remaining bytes of the http request
- receive the response

        Attachment #540176 -
        Attachment is obsolete: true

    
    

    
  
Kai, is this patch ready for review? I think this would be helpful for testing bug 542832 and maybe bug 676729, at least.

    
  
Severity: normal → S3
Severity: S3 → S4
Status: NEW → RESOLVED
Closed: 6 months ago
Priority: -- → P5
Resolution: --- → WONTFIX

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: