-
Notifications
You must be signed in to change notification settings - Fork 50
Development helpers
Peter Wu edited this page Dec 5, 2017
·
2 revisions
During development, automated testing should be as least effort as possible. This page describes some of the configurations I have been using for testing.
A bash configuration allows me to run interop or interop tstclnt and immediately run the server interoperability tests with boringssl and NSS, respectively. For client tests, there is interop_client.
Example development workflow:
- Run
interop. It will run tests in a container and write a packet capture and session keys to~/test/tris-d22.pcapand~/test/tris-d22.keys. - Open Wireshark (*), e.g.
wireshark -ossl.keylog_file:$HOME/test/tris-d22.keys -r ~/test/tris-d22.pcap -Y ssl - Repeat the process, but reloading the pcap in Wireshark should be sufficient.
(*) I use Wireshark from git master. v2.4.3 also supports draft 22, but it lacks autodetection of TLS on custom ports (you need to use Decode As functionality to force the SSL dissector).
Build this container with: cd docker-tcpdump && docker build -t tcpdump .
FROM alpine
LABEL maintainer="[email protected]"
RUN apk add --update tcpdump && rm -rf /var/cache/apk
WORKDIR /out
ENTRYPOINT ["/usr/sbin/tcpdump", "-Un"]# interop [<client> [0rtt]]
# client can be boring (default), tstclnt, picotls, etc.
# if 0rtt is given, it will perform the 0rtt test.
# a pcap and keys will be written to ~/test/tris-d22.{pcap,keys}
interop() {
local CLIENT=${1:-boring};
local action=RUN rc
if [[ "${2:-}" == 0rtt ]]; then
action=0-RTT
fi
#_dev/tris-localserver/start.sh -d && docker ps -a && _dev/interop.sh INSTALL $CLIENT && _dev/interop.sh RUN $CLIENT;
_dev/tris-localserver/start.sh -v ~/test:/out -e SSLKEYLOGFILE=/out/tris-d22.keys -d &&
docker run --rm -v ~/test:/out --network=container:tris-localserver -d tcpdump -i eth0 -U -w /out/tris-d22.pcap &&
docker ps -a && _dev/interop.sh INSTALL $CLIENT && _dev/interop.sh $action $CLIENT; rc=$?
docker ps -a;
sleep 1;
docker logs tris-localserver;
docker kill tris-localserver;
docker rm tris-localserver;
echo "rc=$?"
}
interop_client() {
local CLIENT=${1:-boring};
#_dev/interop.sh INSTALL $CLIENT && _dev/interop.sh INSTALL-CLIENT && _dev/interop.sh RUN-CLIENT $CLIENT
_dev/interop.sh INSTALL $CLIENT && _dev/interop.sh INSTALL-CLIENT || return
# hack: insert keylog dump after "server.sh" and run tcpdump command after
awk '
# Enable keylogging
/--entrypoint \/server\.sh/ {
in_server_cmd = 1;
print "-v ~/test:/out -e SSLKEYLOGFILE=/out/tris-d22.keys \\"
}
# Workaround $0 containing "bash" due use of "-s" option.
{
gsub(/\$0/, "_dev/interop.sh");
print
}
# Create pcap
in_server_cmd && ! /\\$/ {
in_server_cmd = 0;
print "docker run --rm -v ~/test:/out --network=container:\"$servername\" -d tcpdump -i eth0 -U -w /out/tris-d22.pcap"
print "sleep 1";
}
' _dev/interop.sh | bash -s -- RUN-CLIENT $CLIENT
echo rc=$?
}
interop_client_local() {
( cd _dev/tris-testclient && ../go.sh build -v -i . );
_dev/tris-testclient/tris-testclient -ecdsa=false localhost:1443;
_dev/tris-testclient/tris-testclient -rsa=false localhost:2443
}
bogo() {
local shimpath=~/repos/crypto-tls-bogo-shim
(cd "$shimpath/vendor/github.com/google/boringssl/ssl/test/runner" && \
SSLKEYLOGFILE=${SSLKEYLOGFILE-~/test/bogo.keys} \
go test \
-loose-errors \
-allow-unimplemented \
-shim-path "$shimpath/bin/crypto-tls-bogo-shim" \
-shim-config "$shimpath/config.json" \
"$@")
}