Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

test,win: speedup tls-server-verify #1836

Closed
wants to merge 6 commits into from
Closed

test,win: speedup tls-server-verify #1836

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
830d454
test: running tls-server-verify clients in parallel
joaocgreis May 22, 2015
1bcb5f0
test: run tls-server-verify servers in parallel
joaocgreis May 22, 2015
f49019f
test: improve console output of tls-server-verify
joaocgreis May 22, 2015
0368003
test: kill child in tls-server-verify for speed up
May 27, 2015
2107be0
deps: add -no_rand_screen to openssl s_client
May 27, 2015
e809f01
test: add -no_rand_screen for tls-server-verify
May 27, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 10 additions & 4 deletions deps/openssl/openssl/apps/app_rand.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -124,10 +124,16 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
char buffer[200];

#ifdef OPENSSL_SYS_WINDOWS
BIO_printf(bio_e, "Loading 'screen' into random state -");
BIO_flush(bio_e);
RAND_screen();
BIO_printf(bio_e, " done\n");
/*
* allocate 2 to dont_warn not to use RAND_screen() via
* -no_rand_screen option in s_client
*/
if (dont_warn != 2) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe if (dont_warn < 2) {?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

dont_warn 2 is only for the use this fix and more than 2 are not defined. I think it would rather be better to let the only 2 allocate to skip RAND_screen().

BIO_printf(bio_e, "Loading 'screen' into random state -");
BIO_flush(bio_e);
RAND_screen();
BIO_printf(bio_e, " done\n");
}
#endif

if (file == NULL)
Expand Down
11 changes: 10 additions & 1 deletion deps/openssl/openssl/apps/s_client.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -236,6 +236,7 @@ static BIO *bio_c_msg = NULL;
static int c_quiet = 0;
static int c_ign_eof = 0;
static int c_brief = 0;
static int c_no_rand_screen = 0;

#ifndef OPENSSL_NO_PSK
/* Default PSK identity and key */
Expand Down Expand Up @@ -446,6 +447,10 @@ static void sc_usage(void)
" -keymatexport label - Export keying material using label\n");
BIO_printf(bio_err,
" -keymatexportlen len - Export len bytes of keying material (default 20)\n");
#ifdef OPENSSL_SYS_WINDOWS
BIO_printf(bio_err,
" -no_rand_screen - Do not use RAND_screen() to initialize random state\n");
#endif
}

#ifndef OPENSSL_NO_TLSEXT
Expand Down Expand Up @@ -1125,6 +1130,10 @@ int MAIN(int argc, char **argv)
keymatexportlen = atoi(*(++argv));
if (keymatexportlen == 0)
goto bad;
#ifdef OPENSSL_SYS_WINDOWS
} else if (strcmp(*argv, "-no_rand_screen") == 0) {
c_no_rand_screen = 1;
#endif
} else {
BIO_printf(bio_err, "unknown option %s\n", *argv);
badop = 1;
Expand Down Expand Up @@ -1230,7 +1239,7 @@ int MAIN(int argc, char **argv)
if (!load_excert(&exc, bio_err))
goto end;

if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
if (!app_RAND_load_file(NULL, bio_err, ++c_no_rand_screen) && inrand == NULL
&& !RAND_status()) {
BIO_printf(bio_err,
"warning, not much extra random data, consider using the -rand option\n");
Expand Down
74 changes: 51 additions & 23 deletions test/parallel/test-tls-server-verify.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -125,17 +125,20 @@ var serverKey = loadPEM('agent2-key');
var serverCert = loadPEM('agent2-cert');


function runClient(options, cb) {
function runClient(prefix, port, options, cb) {

// Client can connect in three ways:
// - Self-signed cert
// - Certificate, but not signed by CA.
// - Certificate signed by CA.

var args = ['s_client', '-connect', '127.0.0.1:' + common.PORT];
var args = ['s_client', '-connect', '127.0.0.1:' + port];

// for the performance issue in s_client on Windows
if (process.platform === 'win32')
args.push('-no_rand_screen');

console.log(' connecting with', options.name);
console.log(prefix + ' connecting with', options.name);

switch (options.name) {
case 'agent1':
Expand Down Expand Up @@ -176,7 +179,7 @@ function runClient(options, cb) {
break;

default:
throw new Error('Unknown agent name');
throw new Error(prefix + 'Unknown agent name');
}

// To test use: openssl s_client -connect localhost:8000
Expand All @@ -193,17 +196,17 @@ function runClient(options, cb) {
out += d;

if (!goodbye && /_unauthed/g.test(out)) {
console.error(' * unauthed');
console.error(prefix + ' * unauthed');
goodbye = true;
client.stdin.end('goodbye\n');
client.kill();
authed = false;
rejected = false;
}

if (!goodbye && /_authed/g.test(out)) {
console.error(' * authed');
console.error(prefix + ' * authed');
goodbye = true;
client.stdin.end('goodbye\n');
client.kill();
authed = true;
rejected = false;
}
Expand All @@ -212,15 +215,17 @@ function runClient(options, cb) {
//client.stdout.pipe(process.stdout);

client.on('exit', function(code) {
//assert.equal(0, code, options.name +
//assert.equal(0, code, prefix + options.name +
// ": s_client exited with error code " + code);
if (options.shouldReject) {
assert.equal(true, rejected, options.name +
assert.equal(true, rejected, prefix + options.name +
' NOT rejected, but should have been');
} else {
assert.equal(false, rejected, options.name +
assert.equal(false, rejected, prefix + options.name +
' rejected, but should NOT have been');
assert.equal(options.shouldAuth, authed);
assert.equal(options.shouldAuth, authed, prefix +
options.name + ' authed is ' + authed +
' but should have been ' + options.shouldAuth);
}

cb();
Expand All @@ -230,11 +235,12 @@ function runClient(options, cb) {

// Run the tests
var successfulTests = 0;
function runTest(testIndex) {
function runTest(port, testIndex) {
var prefix = testIndex + ' ';
var tcase = testCases[testIndex];
if (!tcase) return;

console.error("Running '%s'", tcase.title);
console.error(prefix + "Running '%s'", tcase.title);

var cas = tcase.CAs.map(loadPEM);

Expand Down Expand Up @@ -262,10 +268,16 @@ function runTest(testIndex) {

var renegotiated = false;
var server = tls.Server(serverOptions, function handleConnection(c) {
c.on('error', function(e) {
// child.kill() leads ECONNRESET errro in the TLS connection of
// openssl s_client via spawn(). A Test result is already
// checked by the data of client.stdout before child.kill() so
// these tls errors can be ignored.
});
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is it necessary to swallow errors? It looks suspect but if there is a good reason, can you add a comment explaining it?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added more comment to this. Does it make sense?

diff --git a/test/simple/test-tls-server-verify.js b/test/simple/test-tls-server-verify.js
index 5aad21e..ff2574b 100644
--- a/test/simple/test-tls-server-verify.js
+++ b/test/simple/test-tls-server-verify.js
@@ -285,7 +285,10 @@ function runTest(port, testIndex) {
   var renegotiated = false;
   var server = tls.Server(serverOptions, function handleConnection(c) {
     c.on('error', function(e) {
-      // ignore errors
+      // child.kill() leads ECONNRESET errro in the TLS connection of
+      // openssl s_client via spawn(). A Test result is already
+      // checked by the data of client.stdout before child.kill() so
+      // these tls errors can be ignored.
     });
     if (tcase.renegotiate && !renegotiated) {
       renegotiated = true;

if (tcase.renegotiate && !renegotiated) {
renegotiated = true;
setTimeout(function() {
console.error('- connected, renegotiating');
console.error(prefix + '- connected, renegotiating');
c.write('\n_renegotiating\n');
return c.renegotiate({
requestCert: true,
Expand All @@ -281,39 +293,55 @@ function runTest(testIndex) {

connections++;
if (c.authorized) {
console.error('- authed connection: ' +
console.error(prefix + '- authed connection: ' +
c.getPeerCertificate().subject.CN);
c.write('\n_authed\n');
} else {
console.error('- unauthed connection: %s', c.authorizationError);
console.error(prefix + '- unauthed connection: %s', c.authorizationError);
c.write('\n_unauthed\n');
}
});

function runNextClient(clientIndex) {
var options = tcase.clients[clientIndex];
if (options) {
runClient(options, function() {
runClient(prefix + clientIndex + ' ', port, options, function() {
runNextClient(clientIndex + 1);
});
} else {
server.close();
successfulTests++;
runTest(testIndex + 1);
runTest(port, nextTest++);
}
}

server.listen(common.PORT, function() {
server.listen(port, function() {
if (tcase.debug) {
console.error('TLS server running on port ' + common.PORT);
console.error(prefix + 'TLS server running on port ' + port);
} else {
runNextClient(0);
if (tcase.renegotiate) {
runNextClient(0);
} else {
var clientsCompleted = 0;
for (var i = 0; i < tcase.clients.length; i++) {
runClient(prefix + i + ' ', port, tcase.clients[i], function() {
clientsCompleted++;
if (clientsCompleted === tcase.clients.length) {
server.close();
successfulTests++;
runTest(port, nextTest++);
}
});
}
}
}
});
}


runTest(0);
var nextTest = 0;
runTest(common.PORT, nextTest++);
runTest(common.PORT + 1, nextTest++);


process.on('exit', function() {
Expand Down