1. Patchew
  2. QEMU
  3. [Qemu-devel] [PATCH for 3.0 0/4] Multiple fixes and improvements to TLS tests
  4. View patch

[Qemu-devel] [PATCH for 3.0 4/4] tests: fix TLS handshake failure with TLS 1.3

Daniel P. Berrangé posted 4 patches 7 years, 6 months ago
[Qemu-devel] [PATCH for 3.0 4/4] tests: fix TLS handshake failure with TLS 1.3
Posted by Daniel P. Berrangé 7 years, 6 months ago 
When gnutls negotiates TLS 1.3 instead of 1.2, the order of messages
sent by the handshake changes. This exposed a logic bug in the test
suite which caused us to wait for the server to see handshake
completion, but not wait for the client to see completion. The result
was the client didn't receive the certificate for verification and the
test failed.

This is exposed in Fedora 29 rawhide which has just enabled TLS 1.3 in
its GNUTLS builds.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 tests/test-crypto-tlssession.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/test-crypto-tlssession.c b/tests/test-crypto-tlssession.c
index fd9acf9067..6fa9950afb 100644
--- a/tests/test-crypto-tlssession.c
+++ b/tests/test-crypto-tlssession.c
@@ -151,7 +151,7 @@ static void test_crypto_tls_session_psk(void)
                 clientShake = true;
             }
         }
-    } while (!clientShake && !serverShake);
+    } while (!clientShake || !serverShake);
 
 
     /* Finally make sure the server & client validation is successful. */
@@ -341,7 +341,7 @@ static void test_crypto_tls_session_x509(const void *opaque)
                 clientShake = true;
             }
         }
-    } while (!clientShake && !serverShake);
+    } while (!clientShake || !serverShake);
 
 
     /* Finally make sure the server validation does what
-- 
2.17.1
Re: [Qemu-devel] [PATCH for 3.0 4/4] tests: fix TLS handshake failure with TLS 1.3
Posted by Eric Blake 7 years, 6 months ago 
On 07/18/2018 04:38 AM, Daniel P. Berrangé wrote:
> When gnutls negotiates TLS 1.3 instead of 1.2, the order of messages
> sent by the handshake changes. This exposed a logic bug in the test
> suite which caused us to wait for the server to see handshake
> completion, but not wait for the client to see completion. The result
> was the client didn't receive the certificate for verification and the
> test failed.
> 
> This is exposed in Fedora 29 rawhide which has just enabled TLS 1.3 in
> its GNUTLS builds.
> 
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
>   tests/test-crypto-tlssession.c | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)

Reviewed-by: Eric Blake <eblake@redhat.com>

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.