From abc1f5da5b1d58040f610b629ec6487285c9ebb9 Mon Sep 17 00:00:00 2001 From: bluhm Date: Fri, 25 Mar 2022 14:15:10 +0000 Subject: [PATCH] Now that syslogd(8) supports SSL shutdown when the TLS connection terminates, do SSL shutdown in the test client. This will detect SSL handshake errors also with TLS 1.3 if the CA of the client certificate is invalid. test races reported by anton@; debugged with Carsten Arzig --- regress/usr.sbin/syslogd/Proc.pm | 9 ++++++++- regress/usr.sbin/syslogd/args-client-tls-close.pl | 1 + regress/usr.sbin/syslogd/args-client-tls-error.pl | 4 +++- regress/usr.sbin/syslogd/args-client-tls-fake.pl | 5 +++-- regress/usr.sbin/syslogd/args-hostname.pl | 2 +- regress/usr.sbin/syslogd/funcs.pl | 3 ++- 6 files changed, 18 insertions(+), 6 deletions(-) diff --git a/regress/usr.sbin/syslogd/Proc.pm b/regress/usr.sbin/syslogd/Proc.pm index 0769c8a91a3..930bb5fd62e 100644 --- a/regress/usr.sbin/syslogd/Proc.pm +++ b/regress/usr.sbin/syslogd/Proc.pm @@ -1,4 +1,4 @@ -# $OpenBSD: Proc.pm,v 1.9 2020/07/24 22:12:00 bluhm Exp $ +# $OpenBSD: Proc.pm,v 1.10 2022/03/25 14:15:10 bluhm Exp $ # Copyright (c) 2010-2020 Alexander Bluhm # Copyright (c) 2014 Florian Riehm @@ -25,6 +25,7 @@ use Errno; use IO::File; use POSIX; use Time::HiRes qw(time alarm sleep); +use IO::Socket::SSL; my %CHILDREN; @@ -131,7 +132,13 @@ sub run { do { $self->child(); print STDERR $self->{up}, "\n"; + $self->{ts} = $self->{cs} + if $self->{connectproto} && $self->{connectproto} eq "tls"; $self->{func}->($self); + $self->{ts}->close(SSL_fast_shutdown => 0) + or die ref($self), " SSL shutdown: $!,$SSL_ERROR" + if $self->{ts}; + delete $self->{ts}; } while ($self->{redo}); print STDERR "Shutdown", "\n"; diff --git a/regress/usr.sbin/syslogd/args-client-tls-close.pl b/regress/usr.sbin/syslogd/args-client-tls-close.pl index 45ab65a9893..ac3f605d92e 100644 --- a/regress/usr.sbin/syslogd/args-client-tls-close.pl +++ b/regress/usr.sbin/syslogd/args-client-tls-close.pl @@ -14,6 +14,7 @@ our %args = ( port => 6514 }, func => sub { my $self = shift; + delete $self->{ts}; shutdown(\*STDOUT, 1) or die ref($self), " shutdown write failed: $!"; ${$self->{syslogd}}->loggrep("tls logger .* connection close", 5) diff --git a/regress/usr.sbin/syslogd/args-client-tls-error.pl b/regress/usr.sbin/syslogd/args-client-tls-error.pl index 7925ae6ee5d..516c401d42d 100644 --- a/regress/usr.sbin/syslogd/args-client-tls-error.pl +++ b/regress/usr.sbin/syslogd/args-client-tls-error.pl @@ -18,6 +18,7 @@ our %args = ( port => 6514 }, func => sub { my $self = shift; + delete $self->{ts}; setsockopt(STDOUT, SOL_SOCKET, SO_LINGER, pack('ii', 1, 0)) or die ref($self), " set socket linger failed: $!"; }, @@ -35,7 +36,8 @@ our %args = ( server => { func => sub { my $self = shift; - ${$self->{syslogd}}->loggrep("tls logger .* connection error", 5) + ${$self->{syslogd}}->loggrep( + qr/tls logger .* connection (?:close|error)/, 5) or die ref($self), " no connection error in syslogd.log"; }, loggrep => {}, diff --git a/regress/usr.sbin/syslogd/args-client-tls-fake.pl b/regress/usr.sbin/syslogd/args-client-tls-fake.pl index b3ba24f1f71..1d02a4a0742 100644 --- a/regress/usr.sbin/syslogd/args-client-tls-fake.pl +++ b/regress/usr.sbin/syslogd/args-client-tls-fake.pl @@ -18,6 +18,7 @@ my $connecterror = qr/Client IO::Socket::SSL socket connect failed: /. qr/.*,SSL connect attempt failed error:.*$errors/; my $shutdownerror = qr/Client error after shutdown: /. qr/.*:tlsv1 alert decrypt error/; +my $sslshutdown = qr/Client SSL shutdown: /; our %args = ( client => { @@ -26,10 +27,10 @@ our %args = ( sslcert => "client.crt", sslkey => "client.key", up => qr/IO::Socket::SSL socket connect failed/, - down => qr/SSL connect attempt failed|error after shutdown/, + down => qr/SSL connect attempt failed|$shutdownerror|$sslshutdown/, exit => 255, loggrep => { - qr/$connecterror|$shutdownerror/ => 1, + qr/$connecterror|$shutdownerror|$sslshutdown/ => 1, }, }, syslogd => { diff --git a/regress/usr.sbin/syslogd/args-hostname.pl b/regress/usr.sbin/syslogd/args-hostname.pl index 25a66381518..5c08308ee9d 100644 --- a/regress/usr.sbin/syslogd/args-hostname.pl +++ b/regress/usr.sbin/syslogd/args-hostname.pl @@ -50,7 +50,7 @@ our %args = ( port => 514, }}, ], - func => sub { redo_connect( shift, sub { + func => sub { redo_connect(shift, sub { my $self = shift; write_message($self, "client connect proto: ". $self->{connectproto}) if $self->{connectproto}; diff --git a/regress/usr.sbin/syslogd/funcs.pl b/regress/usr.sbin/syslogd/funcs.pl index 25b060b64c3..171dc5531c8 100644 --- a/regress/usr.sbin/syslogd/funcs.pl +++ b/regress/usr.sbin/syslogd/funcs.pl @@ -1,4 +1,4 @@ -# $OpenBSD: funcs.pl,v 1.39 2021/12/22 15:14:13 bluhm Exp $ +# $OpenBSD: funcs.pl,v 1.40 2022/03/25 14:15:10 bluhm Exp $ # Copyright (c) 2010-2021 Alexander Bluhm # @@ -212,6 +212,7 @@ sub redo_connect { sleep .1; close(delete $self->{cs}) or die ref($self), " close failed: $!"; + delete $self->{ts}; } if (my $redo = shift @{$self->{redo}}) { if (my $connect = $redo->{connect}) { -- 2.20.1