Exhaustive DTLS handshake test
Sean Buckheister
s_buckhe at cs.uni-kl.de
Tue Feb 14 21:24:57 CET 2012
> So would filter_run_next contain filter_current_idx++ twice?
Elements, "filter_current_idx--". Without this, the filters get stuck.
Sorry.
> I noticed that too. However if I repeat the same tests in single mode
> they succeed. I believe that is because the cases that fail require
> quite some retransmissions and in 100 or 1000 process cases they might
> take more time than the allowed timeout.
That's my guess as well. It seems a little awkward though, since the
machine does almost nothing while tests themselves are run. Using 100 or
maybe 200 children seems like a good choice as far as speed goes,
without producing false negatives.
> I have not thoroughly tested the non-blocking mode.
I'm doing this right now. And a lot of it fails; when the run is
completed, I'll attempt to distill useful information out of the logs.
Until now, I've looked at the blocking case mainly for convenience, i
would guess that DTLS is used in nonblocking mode often enough to check
thoroughly.
> If it is not possible, you could release it under GPLv3 (e.g. with a
> mail in gnutls-devel or so) and that would be fine with me since it is
> an independent module.
That would be an option. I guess I'll do that once all the options I
still feel missing are implemented.
> We use more than that in development. Use ./configure
> --enable-gcc-warnings to enable them.
Thank you, I'll go for that and use those flags for development as well.
>> I've also made a number of modifications to avoid code duplication for
>> filter_packet_* and filter_permute_*, more sensible error handling, more
>> sensible child process handling (^C now kills the whole process tree,
>> not just the master process). I would also add tests for certificate
>> authentication of both client and server, four extra packets, which
>> would make the test suite a bit more comprehensive. It would end up
>> being more than 0.3 million test runs.
>
> Feel free to send me any update.
When I'm done, sure. My last mail contained a version with the mentioned
changes, further versions I'd mail to you directly then. I really hope
to get the whole thing stable and done soon, a nearly unbreakable
handshake would clearly benefit all users of the DTLS portion.
More information about the Gnutls-devel
mailing list