def test_s2n_new_server_old_ticket(managed_process, tmp_path, cipher, curve,
certificate, protocol, provider,
other_provider):
ticket_file = str(tmp_path / TICKET_FILE)
assert not os.path.exists(ticket_file)
options = ProviderOptions(
port=next(available_ports),
cipher=cipher,
curve=curve,
protocol=protocol,
insecure=True,
use_session_ticket=True,
)
client_options = copy.copy(options)
client_options.mode = Provider.ClientMode
client_options.extra_flags = ['-sess_out', ticket_file]
server_options = copy.copy(options)
server_options.mode = Provider.ServerMode
server_options.use_mainline_version = True
server_options.key = certificate.key
server_options.cert = certificate.cert
server_options.data_to_send = CLOSE_MARKER_BYTES
s2n_server = managed_process(S2N,
server_options,
send_marker=S2N.get_send_marker())
client = managed_process(provider,
client_options,
close_marker=str(CLOSE_MARKER_BYTES))
for results in client.get_results():
results.assert_success()
for results in s2n_server.get_results():
results.assert_success()
assert os.path.exists(ticket_file)
client_options.extra_flags = ['-sess_in', ticket_file]
server_options.use_mainline_version = False
s2n_server = managed_process(S2N,
server_options,
send_marker=S2N.get_send_marker())
client = managed_process(provider,
client_options,
close_marker=str(CLOSE_MARKER_BYTES))
for results in client.get_results():
results.assert_success()
for results in s2n_server.get_results():
results.assert_success()
assert S2N_RESUMPTION_MARKER in results.stdout
def test_tls13_session_resumption_s2n_server(managed_process, tmp_path, cipher,
curve, protocol, provider,
certificate):
port = str(next(available_ports))
# Use temp directory to store session tickets
p = tmp_path / 'ticket.pem'
path_to_ticket = str(p)
close_marker_bytes = data_bytes(10)
client_options = ProviderOptions(mode=Provider.ClientMode,
port=port,
cipher=cipher,
curve=curve,
insecure=True,
reconnect=False,
extra_flags=['-sess_out', path_to_ticket],
protocol=protocol)
server_options = copy.copy(client_options)
server_options.mode = Provider.ServerMode
server_options.key = certificate.key
server_options.cert = certificate.cert
server_options.use_session_ticket = True
server_options.extra_flags = None
server_options.data_to_send = close_marker_bytes
server = managed_process(S2N,
server_options,
timeout=5,
send_marker=S2N.get_send_marker())
client = managed_process(provider,
client_options,
timeout=5,
close_marker=str(close_marker_bytes))
# The client should have received a session ticket
for results in client.get_results():
results.assert_success()
assert b'Post-Handshake New Session Ticket arrived:' in results.stdout
for results in server.get_results():
results.assert_success()
# The first connection is a full handshake
assert b'Resumed session' not in results.stdout
# Client inputs received session ticket to resume a session
assert os.path.exists(path_to_ticket)
client_options.extra_flags = ['-sess_in', path_to_ticket]
port = str(next(available_ports))
client_options.port = port
server_options.port = port
server = managed_process(S2N,
server_options,
timeout=5,
send_marker=S2N.get_send_marker())
client = managed_process(provider,
client_options,
timeout=5,
close_marker=str(close_marker_bytes))
s2n_version = get_expected_s2n_version(protocol, provider)
# Client has not read server certificate message as this is a resumed session
for results in client.get_results():
results.assert_success()
assert to_bytes("SSL_connect:SSLv3/TLS read server certificate"
) not in results.stderr
# The server should indicate a session has been resumed
for results in server.get_results():
results.assert_success()
assert b'Resumed session' in results.stdout
assert to_bytes("Actual protocol version: {}".format(
s2n_version)) in results.stdout